Mais conteúdo relacionado Semelhante a Keynote oracle entitlement-driven idm (20) Keynote oracle entitlement-driven idm1. 1 Copyright © 2011, Oracle. Proprietary and Confidential
2. <Insert Picture Here>
The Imperative for Entitlement-Driven Identity
Management
Normand Sauvé Security Sales Manager
Carl Potvin Principal Sales Consultant
3. The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
3 Copyright © 2011, Oracle. Proprietary and Confidential
4. The Situation
• Security breaches are
proliferating
• Compliance costs are
increasing
– 40% of IT budget spent on
compliance
• Tougher regulatory
environment
4 Copyright © 2011, Oracle. Proprietary and Confidential
5. The Trend is Set to Continue
The Root Cause Of All Breaches Is Poor Access Control
Total # of
records
compromised 361 M
by breaches
4M
• Social Engineering Attacks
Hacking for Fame
(11% of all breaches)
< 1M • Hacking
(up 10% from 2010)
• Privilege Abuse
Hacking for Fun
Source: Verizon Data Breach Report 2011
(17% of all breaches)
2004 2009 2011
1990 1995 2000 2005 2008
5 Copyright © 2011, Oracle. Proprietary and Confidential
6. Current Approach is Fragmented
Hurts Transparency & Business Agility
• Disconnected Security Policy
• Poor Correlation for Forensics
• Fragmented View of User
• Costly Integration
Fragmentation causes Latency
• Removing separated users
• Detecting user job role change
• Restricting data access quickly
Source: The Value of Corporate Secrets by Forrester Consulting (March 2010)
6 Copyright © 2011, Oracle. Proprietary and Confidential
7. Today We Are Reactive
Harden Perimeter Social Engineering Attacks
Secure End-Point Attacks on Servers
Invest in Monitoring Privileged Account Abuse
We react... But criminals get wiser
Most traditional security solutions
get breached eventually
7 Copyright © 2011, Oracle. Proprietary and Confidential
8. We Need to Change Our Thinking
Security should be proactive just like the body’s
immune system prevents diseases
8 Copyright © 2011, Oracle. Proprietary and Confidential
9. Identity Management Has to Evolve
• Less Fragmentation
Analytics
• Better Visibility
• Increased ROI Context
Control
Risk Management
Audit
Administration
Authentication
Identity
Tools Point Solutions Platform Intelligence
9 Copyright © 2011, Oracle. Proprietary and Confidential
10. Analytics – Actionable Intelligence
Report Certify Acquire Correlate
Remediate Convert
Preventive
Detective
• Automated certification review • Analysis of who did what
• Intelligent risk scoring • Correlation of activities
• Workflow based remediation • Anomaly detection
10 Copyright © 2011, Oracle. Proprietary and Confidential
11. Context – Trust but Verify
Step up Step up
Authorization Authorization
Alert Rules Patterns Behavior
Access: Authentication Transactional: Authorization
• Location and device aware • Based on historical behavior
• Pattern detection • Policy based
• Predictive analysis • Knowledge based step up Authorized
11 Copyright © 2011, Oracle. Proprietary and Confidential
12. Control – Continuous and Efficient
Onboard Mine &
Define
Declarative Security
Change Offboard Change Test &
Access Deploy
Externalized Policy
User Lifecycle Role Lifecycle
Scalable enforcement
Administration Entitlements
• Role based on boarding/change • Separation of duties
• Central view of user access • Central policy enforcement
• Immediate de-provisioning • Dynamic RBAC
12 Copyright © 2011, Oracle. Proprietary and Confidential
13. An Entitlement-Driven Approach to Identity
Administer Synchronize
Access Identities
Administration Access
Design Build
Controls Controls
Entitlement
Driven Monitor
Analytics Controls
Intelligence Authority
Automate Certify
Reporting Controls
13 Copyright © 2011, Oracle. Proprietary and Confidential
14. An Entitlement-Driven Platform Changes Everything
Before After
An Entitlement-Driven Platform facilitates identity management
based on intelligence and context
14 Copyright © 2011, Oracle. Proprietary and Confidential
15. The Platform Achieves Harmony
Security • Simplified support
Governor • Consistent and synchronized
• Single source of security policy
Access Enterprise
Manager
• Integrated with Fusion Middleware
SSO
• Integrated with Fusion Apps
Adaptive
Directory
Access
Services
Manager
Entitlements Enterprise
Server Gateway
Identity Identity
Manager Analytics
15 Copyright © 2011, Oracle. Proprietary and Confidential
16. The Platform Makes All the Difference
Benefits Oracle IAM Suite Advantage
Increased End-User
Productivity • Emergency Access • 11% faster
• End-user Self Service • 30% faster
Reduced Risk • Suspend/revoke/de-provision end
user access • 46% faster
• Bullet
Enhanced Agility • Integrate a new app faster with
the IAM infrastructure • 64% faster
• Integrate a new end user role • 73% faster
faster into the solution
Enhanced Security • Reduces unauthorized access • 14% fewer
and Compliance
• Reduces audit deficiencies • 35% fewer
Reduced Total Cost
• Reduces total cost of IAM
• 48% lower
initiatives
Source: Aberdeen Group, June 2011
16 Copyright © 2011, Oracle. Proprietary and Confidential
17. Case Study – Schneider National
BUSINESS CHALLENGE ORACLE SOLUTION
• 20,000 users scaling up to 65,000 on three • Replace Tivoli Identity Manager with OIM for
continents in a high availability configuration. password reset
• Systems include OTM (Oracle Transportation • OAM for centralized Authn, Authz and SSO for
Manager), many eBS modules, Siebel, AD, 100’s of apps
Exchange, and several OID’s managing different • ORM for corporate RBAC project
user stores • Real time integration of Siebel and eBS identities
• Decided to overhaul entire IT infrastructure, with OIM
move away from legacy home grown and
• Provided virtualized single user store from
packaged applications to support their business
disparate populations with OVD
• Provide customers self-service access to their
own accounts • Enforce least- privilege access through
automated provisioning for add, changes, and
• Ongoing M&A and divesture activities
disables (ORM / OIM)
RESULTS
• Reduce the number of calls to the helpdesk for password reset
• Reduce the number of days to on-board users from 5 days to less than 24 hours
• Standardize the family of companies on an Identity Management platform reducing costs across the
enterprise
• Reduce the complexity of the RBAC used to provide access to users
17 Copyright © 2011, Oracle. Proprietary and Confidential
17
18. One Company, One Solution, One Stack
Proven vendor
• Acquire and retain best of breed technology
and talent
• Battle-tested for large, mission-critical
applications
• Referenceable, award-winning customer
deployments
Most complete and integrated best-of-
breed portfolio
• Service-Oriented Security
• Interoperable components
Future proof investment
• Standards-based and hot pluggable for easy
integration
• Established deployment best practices
• Large implementation ecosystem
18 Copyright © 2011, Oracle. Proprietary and Confidential
19. Q&A
19 | © 2011 Oracle Corporation – Proprietary and Confidential
20. 20 | © 2011 Oracle Corporation – Proprietary and Confidential
21. 21 | © 2011 Oracle Corporation – Proprietary and Confidential