Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 1
Estrategias para la Reducción de
Riesgos y Ciber Ataques
Luis Zamora
This document is for informational purposes. It is not a commitment to
deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. The development, release, and timing of any
features or functionality described in this document remains at the sole
discretion of Oracle. This document in any form, software or printed matter,
contains proprietary information that is the exclusive property of
Oracle. This document and information contained herein may not be
disclosed, copied, reproduced or distributed to anyone outside Oracle
without prior written consent of Oracle. This document is not part of your
license agreement nor can it be incorporated into any contractual
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3
CRM
Social
Banca
Móvil
Servicios de
Manufactura
Transformación
del Negocio
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 3
Atención al
Ciudadano
Fuerza de
Trabajo móvil
Servicios de
Salud
Venta a
Detalle
Servicios en
la nube
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5
Passwords
ROBADOS
6M
Sony
Tarjetas Credito
ROBADAS
12M
FRAUDE
$
7B
Société
Générale
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 5
FRAUDE
$
7B
Société
Générale
Passwords
ROBADOS
6M
Sony
Tarjetas Credito
ROBADAS
12M
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 7
1.
Perdida de Imagen de Marca
2.
Multas
3.
Perdidas Financieras
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 7
Presupuesto de
Seguridad gastado en
40
%
SOX
ISO27001
SEC
FIPS
CJIS
NERC
FERC
KASB
CA 541
Directive 95/46/EC
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9
•
Seguridad Dispositivos
•
Administración de
Vulnerabilidades
•
Seguridad de Red
•
Seguridad de eMail
Costo Promedio de
Seguridad
$
400
–
$
500
acceso a
registros de
web\app
server
ataques a
servidores
acceso a
registros de
db servers
hacking
desde
información
robada
uso
inapropiado
de privilegios
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 9
90
%
De las
empresas
con “apps”
móviles en
2014
62%
dependerá
sociales para conectarse con
de las redes
los clientes actuales y
potenciales
Guarda
passwords
76
%
Guarda
passwords
como
10
%
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 11
Login with Facebook
o…
Name:
Confirm Password:
Job Title:
Department:
Address:
Email:
Username:
Password:
Submit
OAuth
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 13
1 2 3 privacidad
Access
Request
Certification
Review
Help Desk
Tickets
Access
Control
Off
Boarding
User
Provisioning
y
On-boarding
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 15
Société Générale
Sony
Las
VULNERABILIDADES
estaban
SEGURIDAD
INSIDE OUT
ADMINISTRAR LOS RIESGOS
VER NUEVAS OPORTUNIDADES
PREVENIR LAS AMENAZAS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 17
DETECION DE FRAUDE
SEGURIDAD DE DATOS
REPORTE DE
CUMPLIMIENTO
control
control
control
control
control
control
control
control
•
Asegurar Datos
•
Mover controles
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 13 17
SEGURIDAD
ENTRE SISTEMAS
SEGURIDAD
A CADA NIVEL
S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T Y S E C U R I T YSEGURIDAD
ENTRE NIVELES
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 19
5
MAYORES
PREOCUPACIONES
• Acceso a datos desde
•
&
• Cambios en
• Co-habitat de
ENABLING
THE
SECURING THE
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 21
COMPLETE GOVERNANCE
GOVERNANCE
OPERATING
SYSTEMS
DIRECTORY
SERVICES
APPS
APPLICATIONS
COMMON REPOSITORY
DATABASES
SINGLE
USER
VIEW
ACCESS
REQUEST
ENTITLEMENT
CATALOG
PRIVILEGED
ACCOUNT
MANAGEMENT
ACCESS
CERTIFICATION
MANAGEMENT
IDENTITY
FEDERATION
EXTERNAL
AUTHORIZATION
ENTERPRISE &
WEB SINGLE
SIGN-ON
MOBILE & SOCIAL
SIGN-ON
FRAUD
DETECTION
EMPLOYEES
CONTRACTORS
& PARTNERS
CUSTOMERS
& PROSPECTS
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 23
SERVICES
USER
AUTHENTICATION
LOCATION
DATA
EXTREME
SCALE
LOW
TCO
INTEGRATED
INTEROPERABLE
DEVICE
AUTHN
NAMING
SERVICES
HOST
ACCESS
CONTROL
APP
Disponible desde
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 25
Data Masking at Source
Privilege Analysis
Integrated Audit Framework
Data Redaction
Database Vault Mandatory Realms
Sensitive Data Discovery
Security
Situación
: Oracle cloud requiere seguridad
para datos de cliente y aplicaciones.
Retos
: Proveer single sign-on y autorización
de acceso a aplicaciones web con
administración centralizada.
Solucion
: Oracle Identity Manager,
Oracle Internet Directory &
Oracle Access Manager
Resultados
: Aprovisionamiento, autenticación
y autorización de acceso de usuarios.
Nuestra Cloud
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 27
Situación
: 2000 usuarios accesando
PeopleSoft desde dispositivos móviles.
Retos
: Proveer detección efectiva de fraudes
y fuertes normas de autenticación.
Solución
: Oracle adaptive access hosted by
Oracle Managed Cloud Services
Resultados
: 75% de los usuarios
implementados en una semana. Ahorro del
50% comparado con el uso de tokens físicos
de autenticación.
Fraud detection & secure mobile access
SECURITY
WITHOUT
COMPROMISE
HARDWARE
SOFTWARE
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 29
Identity Management
Seguridad de Infrastructure
Servicios de Consultoria
Seguridad de DB
Gobierno & Cumplimiento
SOLUCIONES
SOLUCIONES
INSIDE
OUT
SEGURIDAD
DEFENSA
A FONDO
ASEGURA
LO
ESTRATEGICO
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 31
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 33
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 35