Security and Identity

(1)

(2)

<Insert Picture Here>

Management

J. Alberto Yépez

Vice President

(3)

Agenda

•

Corporate Background

•

Business Drivers

•

Oracle’s Strategy

•

Case Studies

•

Oracle’s Differentiation

(4)

Corporate

Background

(5)

Strategic Acquisitions

•

PeopleSoft / JD Edwards

(1/05)

•

Retek (4/05)

•

ProfitLogic (7/05)

•

i-flex (8/05)

•

G-Log (9/05)

•

TempoSoft (12/05)

•

Siebel (1/06)

•

360Commerce (1/06)

•

Portal Software (4/06)

•

Demantra (6/06)

•

Telephony@Work (6/06)

•

Metasolv (10/06)

•

SPL WorldGroup (11/06)

•

Agile Software (5/07)

•

TimesTen (06/05)

•

TripleHop

Technologies (06/05)

•

Context Media (07/05)

•

Innobase (10/05)

•

Sleepycat (2/06)

•

IronFlare (5/01)

•

TopLink (6/02)

•

Collaxa (1/04)

•

Phaos Technologies (5/04)

•

Oblix (3/05)

•

Thor Technologies (11/05)

•

OctetString (11/05)

•

HotSip (2/06)

•

Net4Call (4/06)

•

Sigma Dynamics (8/06)

•

Sunopsis (10/06)

•

Stellent (11/06)

•

Hyperion (3/07)

•

AppForge, LODESTAR

c.f. http://www.oracle.com/corporate/acquisition.html

Applications 2005

Applications 2006

Database 2005

Database 2006

Middleware <2005

Middleware 2005

Middleware 2006+

(6)

Business

Drivers

(7)

Today’s e-Government IT Challenges

More Responsive

•

More accessibility for employees, citizens and

business

•

Reduce cost, self-service environment

•

Faster reaction to changing requirements

More Secured

•

Identity theft

•

Intellectual property theft

•

Organized crime

•

Constant global threats

More Compliant

•

Increasing regulatory demands

•

Increasing privacy concerns

(8)

State Of Security In Public Sector

•

Incomplete

•

Multiple point solutions from many vendors

•

Disparate technologies that don’t work together

•

Complex

•

Repeated point-to-point integrations

•

Mostly manual operations

•

‘Non-compliant’

•

Difficult to enforce consistent set of policies

(9)

Security Critical To Business Continuity

1996

•

Amateur hackers

•

Web site defacement

•

Viruses

•

Infrequent attacks

2007

•

Organized crime

•

IP theft

•

Identity theft

•

Privacy

(10)

Managing Operational Risks

•

Majority of security breaches from within organization

•

Fragmented security policies

•

Orphaned accounts

•

Expired access rights

•

Lack of aggregated audit and accountability

•

Leaked passwords, social engineering

•

Manual provisioning of user accounts requests prone

to errors

•

IT administrators unaware of organizational and role

changes

(11)

Identity Management

Auditing and

Reporting Workflow and Orchestration

Employees IT Staff SOA Applications Business External Delegated Admin SOA Applications Citizens Internal

Identity Management Services

Access Management

•Authentication & SSO

•Authorization & RBAC

•Identity Federation

Identity Administration •Delegated Administration

•Self-Registration & Self-Service

•User Group & Roles Management

Directory Services

•LDAP Directory

•Meta-Directory

•Virtual Directory

Identity Provisioning •Who, What, When, Where, Why

•Rules and Access Policies

•Integration Framework Monitoring and Management NOS/Directories OS (Unix) Infrastructure Applications ERP CRM _HR _Mainframe Physical Assets

(12)

<Insert Picture Here>

Oracle’s

Strategy

(13)

Oracle’s IdM Strategy

Databases

Business

Intelligence

Business

Applications

SOA Applications

Fusion Middleware Enterprise Manager

Identity

&

Security

SOA Applications

(14)

(15)

Oracle’s Identity & Security Strategy

•

Complete, unified solution

•

Coherent and comprehensive security

•

“Cross-silo” integrated identity & security

•

Application-centric

•

Protecting business processes and web services (SOA)

•

Identity & security as infrastructure, not bolt-on layer

•

Hot-pluggable

•

Standards-based

•

Heterogeneous

(16)

Access

Control

Identity & Access Management

Identity

Administration

Authentication &

Authorization

Single Sign

-

On

Federation

Web Services Security

Identity Lifecycle

Administration

Role & Membership

Administration

Provisioning &

Reconciliation

Compliance Automation

Virtualization

Synchronization

Storage

Service Levels Configuration Performance

Automation

Management

Audit Data Attestation Segregation of Duties

Controls

Audit & Compliance

(17)

Access

Control

Oracle I&AM Products

Single Sign

-

On

Oracle Identity Federation

Oracle Web Services

Manager

Oracle Identity Manager

Oracle Virtual Directory

Oracle Internet Directory

(with Directory Integration

Platform)

Oracle Enterprise Manager for Identity Management

Management

Oracle Identity & Access Management Suite

Audit & Compliance

(18)

Complete, Unified Security

•

Application security

•

Fine grained access control across applications

•

Integrated with packaged enterprise applications

•

Middleware security

•

Comprehensive Identity Services Framework

•

Integrated security with application server and SOA framework

•

Data security

•

Data security at rest, in transit and in archive

•

Consolidation of management and security of auditable data

•

Physical security

(19)

Data Privacy

Advanced

Security

Label

Security

Secure

Search

Database

Vault

Multi

-

factor

DBA Controls

Encrypted

Data

Authorized

Search

Data

Classification

Audit

Vault

Monitor, Alert,

Consolidate

Content/

Record DB

Unstructured

Data Mgmt

Ensure Data Privacy at All Levels

Protect from Insider Threat

Safeguard Personally Identifiable Information (PII)

(20)

Application Centric Security

•

Comprehensive security for applications

•

Single sign-on and federated access

•

Fine grain authorization

•

Roles and entitlements management

•

HR and identity management process integration

•

Identity Services Framework

•

Identity services as infrastructure

•

Rapid-integration enabled security platform

•

Abstracted identity storage

(21)

Oracle Application

Integrations

Oracle IdM-App Integration Offerings

SAP & Other Application

Integrations

Oracle e

-

Business Suite

PeopleSoft

Siebel

JD Edwards

Oracle Retail (H1 2007)

PeopleSoft Campus (2007)

Telecom/Portal (2007)

Oracle Clinical Solutions (2007)

SAP R/3, Basis, CUA

SAP HRMS

SAP Certification (2007)

Lawson (2007)

other tier

-

2 applications

SCT

Sungard

Banner (2007)

Cerner (2007)

McKesson (2007)

Agent

-

less integration framework

Application

-

centric and technology

-

centric OOTB connectors

Abstraction of functional layers

Componentized architecture

N

-

tier J2EE architecture

Deploys on wide range of J2EE application + DB servers

Highly customizable and extensible

Features

(22)

Hot Pluggable & Open Strategy

•

Deploy on heterogeneous platforms

•

Application, web, DB, directory servers

•

Operating systems

•

Work with competition’s products

•

Business apps, Identity Management, system management

•

Leverage open standards

•

Use, drive and innovate

(23)

Heterogeneous Support

Sample Integrations

Applications

Directories

Application/Web Servers

Operating Systems

Groupware

ACF-2 & TSS

Portals

RACF

(24)

Standards Support

•

Contribute and lead

•

SSTC (SAML Working Group) - Co-Chair

•

Liberty Alliance - President, Board Member

•

WSS, WS-SX (Web Services Security) - Author

•

SPML - Author

•

XACML – Voting member

•

Implement

•

Accelerate product development

•

Simplify product integration & minimize TCO

•

Innovate

•

Enable Identity Governance Framework: CARML, AAPML

•

Standards for end-to-end security

(25)

Case

Studies

(26)

BAMF

• Reduced Administration costs and great user experience around password management • Efficient Account creation and cancellation

• Password sync between OID, AD (leading directory) and Oracle database • Web Single Sign-On with Application Express Apps and J2EE Apps

BUSINESS CHALLENGE

• Have a complex IT environment consisting of multiple data stores

• Need of Delegated administration and group management for their applications

• Need of Password Sync from Active Directory to several OID data stores

RESULTS

ORACLE SOLUTION

• Oracle Access Manager and Identity Manager chosen for 10.000 external & 2000 internal users • Identity Manager solves problems with:

• Delegated management of identities • Password sync (e.g. with MS AD) • Governance compliance

(27)

Deutsche Post World Net

• No data synchronization necessary

• No change/modification of existing applications • Consolidated view on several user stores • Consolidated view as a central service

BUSINESS CHALLENGE

• With 500,000 employees in more than 220 countries Deutsche Post World Net operates an extensive IT infrastructure to link all parts of the organization.

• Need to expand metadirectory services with an identity access layer

• Simplify the user management and have to meet new security requirements.

RESULTS

ORACLE SOLUTION

• Oracle Virtual Directory gives a single LDAP view on user information stored in different systems such as databases, directories, email servers. • Oracle Virtual Directory is fast to introduce and

satisfies new authentication requirements

• Oracle Virtual Directory redirects authentication requests to the DPWN Active Directory or Critical Path directory

(28)

Dublin City Council

• Expect to lower operational costs by centralizing user administration

• Enable operational efficiency and increase security across application environment • Establish a platform for automating resource & IT account provisioning processes

• No single source of user / accounts

• No business processes in place for account creation

• 17 different and very autonomous Departments, each with their own IT systems

• No tracking of resource moves between depts • IT needs to be able to bill other dept’s accurately

for use of resources

RESULTS

ORACLE SOLUTION

• Oracle Identity Manager chosen over Sun, Novell, CA, IBM

• 3500 users. Automated provisioning to MS Active Directory

• Full integrated suite created competitive differentiation

(29)

Swedish Police

• Significant cost avoidance (est. over $1M) for identity synchronization, workflow & administration functionality • Establishment of automated role & rule-based assignment of access privileges to all managed systems • Improvement of information quality by centralizing user records and cleaning existing data

• Detailed and easily accessible audit functionality

BUSINESS CHALLENGE

• Establish secure and centralized mgt of identities across multiple enterprise directories &

applications - incorporation of process workflows • End users and managers have poor visibility into

in-process and completed provisioning workflows • Protect against locally administered changes to

user entitlements directly w/in the target systems • Poor mgt of user certificates within RSA Keon

RESULTS

ORACLE SOLUTION

• Oracle Identity Manager selected over Novell • Highly flexible and extensible product

• Superior support for onboarding and analysis mechanisms for orphan account detection • Support for rollback/undo and escalation • Mature product with solid architecture • Flexibility and customizability

(30)

Banedanmark

• First phase will focus on identity clean-up, consolidation, and provisioning using Oracle Identity Manager • Phase two later this year will start focusing on access management including single sign-on

BUSINESS CHALLENGE

• Banedanmark, owned by the Danish State, operates the physical network (the rails) and the train traffic in Denmark

• The implementation of a new major portal project initiated a need for an identity management project consolidating and managing employees, contractors, and business partners across the enterprise

RESULTS

ORACLE SOLUTION

• Oracle selected over Microsoft

• Oracle Identity and Access Management Suite • Identity Manager Connectors to SAP and AD

(31)

Scottish Government

• IAM will authenticate Citizens and Govt. employees when they access the system either via the Council Website where they live (one of the 32 Local Authorities), the UK Government Gateway or the Central Portal site where the Citizen Account will be running

• Plan to provide a source of truth that will potentially update Govt. records and provide a better service to the 5M Citizens of Scotland where they can change personal details only once across multiple agencies as well as enroll for entitlements

• Fragmented customer records and no single source of Citizen info across Scottish Govt. • Need to integrate to the UK Government

Gateway so that users can access the Citizen Account (single, electronic customer record)

RESULTS

ORACLE SOLUTION

• The Scottish Govt., National Infrastructure Project selected Oracle’s Identity and Access Management Suite beating out Software AG • Suite will integrate UK Govt. Gateway

• Working with Sopra, Newell and Budge as the prime contract provider

(32)

Oracle’s

(33)

Oracle – The

Information

Company

Databases

Business

Intelligence

Business

Applications

SOA Applications

Fusion Middleware Enterprise Manager

Identity

&

Security

SOA Applications

(34)

Oracle Audit Vault (Beta)

Oracle Database Vault

DB Security Evaluation #19

Transparent Data Encryption

EM Configuration Scanning

Fine Grained Auditing (9i)

Secure application roles

Client Identifier / Identity propagation

Oracle Label Security (2000)

Proxy authentication

Enterprise User Security

Global roles

Virtual Private Database (8i)

Database Encryption API

Strong authentication (PKI, Kerberos, RADIUS)

Native Network Encryption (Oracle7)

Database Auditing

Government customer

Oracle Database Security

30 Years of Innovation

(35)

Customer Advisory Board

•

Quarterly meetings

•

Monthly newsletters

•

Knowledge sharing

•

Roadmap

prioritization

•

Product design

validation

Customer Advisory Board (CAB)

Share, Communicate, Partnership

(36)

Industry Recognition

Leader in

Enterprise Identity Provisioning

“

(Oracle

’

s) IAM Roadmap looks the

best of all vendors

”

2006 Gartner UP MQ

“…move Oracle to the shortlist of

enterprise customers looking to

deploy a full suite of applications

with secure identity management

capabilities across their

ever-changing IT landscapes”(*)

“Oracle can now be viewed as a

Premier Provider of Identity and

Access Management

Technology” **

Leader in

Web Access Management

“

(Oracle) Access Manager ranks as

one of the more fully featured WAM

products"

(37)

Strongest Vendor According To Burton

“Oracle is currently the IdM vendor to beat”

(38)

Partners: ISV Ecosystem

Strong Authentication

Physical Access

Network Access

Role Management

Healthcare

(39)

(40)

Key Oracle Differentiators

•

Complete suite of best-of-breed products

•

Complete & best integrated identity management suite

•

Includes compliance, virtualization and system management

•

Market leadership validated by press and analysts

•

Proven for large scale deployments

•

Large, complex, and award winning deployments

•

Broad customer base and use cases

•

Large referenceable customer base

•

Best long-term investment

•

Strong support of open standards and hot-pluggable strategy

•

Pre-integrated with Oracle products – DB, middleware, apps

•

Pre-integrated with over 50 applications and infrastructure

•

Underpins Oracle’s next generation of Fusion Applications

(41)

(42)