enterprise security architecture: from access to audit
Post on 04-Nov-2014
12 Views
Preview:
DESCRIPTION
TRANSCRIPT
<Insert Picture Here>
Enterprise Security Architecture:
From access to audit
Paul Andres
Director, Enterprise Architecture
Why Security?
Changing Business ClimateChallenges Our Customers Face…
"In a time of accelerating turbulence, the valuation of a company will be strongly affected by how it executes change."
Today’s IT Challenges
More Agile Business• More accessibility for employees,
customers and partners
• Higher level of B2B integrations
• Faster reaction to changing requirements
More Secured Business• Organized crime
• Identity theft
• Intellectual property theft
• Constant global threats
More Compliant Business• Increasing regulatory demands
• Increasing privacy concerns
• Business viability concerns
IT Governance
Supply ChainSupply ChainTraceabilityTraceability
Service LevelService LevelComplianceCompliance
FinancialReportingCompliance
Compliance &Compliance &Ethics ProgramsEthics Programs
Audit Audit ManagementManagement
Data Privacy
RecordsRetention
LegalLegalDiscoveryDiscovery
AntiAnti--MoneyMoneyLaunderingLaundering
Apps Server
Data Warehouse
Database Mainframes Mobile DevicesEnterpriseApplications
Systems
Globalization
Users
LegalFinance HRSalesSuppliers CustomersR&D Mfg
Mandates SOXSOX JSOXJSOX FDAFDA Basel IIBasel IIEU Directives
EU Directives HIPAAHIPAA GLBAGLBA PCI…PCI…Patriot
ActPatriotAct SB1386SB1386
Today’s “New Normal”Users, Systems, Globalization and Compliance Forced Complexity
Oracle Applications
HCM FinanceCRM
End-to-End Industry Processes
Unified UserExperience
ActionableAnalytics
The Business Platform
Existing
Tools &
Infrastructure
Non-Oracle
3rd Party Custom
The Right Information to the Right People in the Right Format at the Right Time!
Oracle Platform
Agile Process Orchestration
Consistent + Scalable Data
ComprehensiveSecurity
CentralizedDevelopment
Pervasive Business Intelligence
ContentManagement
Oracle is ‘Information Driven’
• Manage It…
• Use It…
• Share It…
• Protect It…
Copyright © 2008, Oracle and/or its affiliates. All rights reserved. 9
Database andInfrastructure
FusionMiddleware
Applications
Monitorin
g and Configuration
Monitorin
g and Configuration
Enterprise Visibility
Enterprise Visibility
Automated ControlsAutomated Controls
Access to Business ServicesAccess to Business Services
Lower Cost of User LifecycleLower Cost of User Lifecycle
Data Protection and PrivacyData Protection and Privacy
Unbreakable LinuxUnbreakable Linux
Security for Apps, Middleware, Data and InfrastructureComprehensive ‘Defense in Depth’ Approach
Industry Frameworks
Business Architecture
Applications Architecture
Information Architecture
Technology Architecture
Methodology GovernanceMotivation Function Organization
Drivers Goals Objectives
Models Strategy
Products Services Processes
Mission Roles People
Finance
Reference Architectures Functional Services
General Industry
General Industry
Components Cost
Products
Strategy Principles
Reference Architectures Entities Structures
Strategy Principles Standards
ComponentsModels Structures
Reference Architectures Platform Services Products
Strategy Principles Standards
Components Cost
Oracle Enterprise Architecture Framework
Reference Architectures
Strategy Principles Standards
Capabilities
StandardsRequirements Design Development Test Production
EA Governance
Performance
Risk Security Policy Integrity Business Continuity
Compliance
Portfolio Management
Data Quality
SLA’s
General Industry
SOA/ EDA
General Services
Data Management
Security
Infrastructure
Development
Management
Version 2 (Draft)
Security Domains
Data Integrity Confidentiality Security Assurance
Cost Effective Solutions
Safeguards Counter Measures
Legal LiabilitiesSecurity
AwarenessSystem
ReliabilityPolicy &
Procedures
Protection Requirements
Quantitative & Qualitative Risk
Assessment
Data Classification
Risk Analysis
Functionality Evaluation
Define Risks & Threats
Penetration TestingVulnerability Assessment
Enterprise Architecture Security Model
Assess Business Objectives
Access Control Systems & Methodology
Telecommunications & Network Security
Security Management Practices
App and Systems Development Security
Cryptography
Security Architecture & Models
Operations Security
Business Continuity & Disaster Recovery
Laws, Investigations, & Ethics
Physical Security
* CISSP, Shone Harris
GRC, Security Policy
Data Protection &
Privacy
Access ControlSecurity
Management
TOGAF to Oracle
Security Mapping
TOGAF 9
TOGAF 9
TOGAF 9 Capability Framework
Burton Group Security Framework
Oracle Security Solutions
Enterprise Security Reference Architecture
Oracle Security Components
Access
Manager
Identity Manager
Directory Services
Advanced Security Option
Audit VaultDatabase Vault
ApplicationsE-Business Suite, PeopleSoft, Siebel, Hyperion, JDE
SAP, Custom, LegacyEnterprise
Manager
Identity and
Access Management
Data Security
Identity
Federation
Web Service
Manager
Label Security
Information Rights Management
GRC Manager
Policy
Map Risks-Policy-Controls
Test & Gather Evidence
Track Issues + Remediate
Track• By Standard• By Cycle• By Application• By Process
EmbeddedApp Controls
• Embedded and Enterprise-Wide Controls
• Oracle and Non-Oracle
Set Control Rules
Handle Exceptions
Low-Level Detail
Controls
AccessManagement
InformationRights Mgmt
IdentityManagement
DatabaseControls
ConfigurationManagement
Oracle’s “Top to Bottom” GRC StrategyDefine Your Policy…Connect to IT Controls…Analyze Your Results!
Connect Policies to Controls
• Real-time visibility
• Pre-Made reports and dashboards
Leveraged Output and Compliance Visibility
Analytics
Analyze Policy and Controls
Oracle Role ManagerOracle Role Manager
Oracle Access Manager - IdentityOracle Access Manager - Identity
Oracle Identity ManagerOracle Identity Manager
Oracle Internet (Meta) DirectoryOracle Internet (Meta) Directory
Oracle Role ManagerOracle Role Manager
Oracle Virtual DirectoryOracle Virtual Directory
Oracle Identity ManagerOracle Identity Manager
Basic Authentication / Course-Grained
Authorization / Audit / User Administration
Orace Identity Management Components
Enterprise Applications
BusinessApps
PortalsEmailCustomApps
Helpdesk
Data and User Stores
Directories Operating
SystemsDatabases
EmployeesCustomersSuppliers
A Typical Environment…
Presentation Tier
DataTier
Logic (Business)
Tier
Identity and Access ChallengesProblems
• No Ability to Establish User Roles
• Manual User Administration (Int + Ext)
• No knowledge of “Who has access to what?”
• Multiple Sign-Ons + Forgotten Passwords
Problems
• No Self Service or Password Management
• Unstructured Content is not controlled
• Access to sensitive DB data is not controlled
• Difficult to Manage Environment
Solution: Centralize and Simplify Access
SSO Enabled Applications
Solution: Simplify Access to Multiple Datastores…
Solution: Simplify Employee to Business Partner Login
SSO + Federation-Enabled Apps
Oracle IAM Suite with Identity Services Framework
Identity ProviderProvisioningAuthentication
Virtualization & User Store
WS-*, SPML, SAML, XACML, CARML
Audit
Legacy Integration InterfaceConnectors, Agents
Federation & Trust
Policy & Orchestration
OracleFusion
Applications& Middleware
3rd PartyISF AwareApplications
Legacy Applications
UserManagement
AuthenticationAuthorizationFederation
Business Functions
BusinessFunctions
BusinessFunctions
CustomDevelopedISF AwareApplications
BusinessFunctions
FMW Security as a Service
AdministrationAuthorization Role Provider
Identity Services
Enterprise Identity Management Infrastructure
Service Interfaces
Fusion Security Architecture
Enterprise Identity Store
(LDAP)
Operational Interaction using JDBC
Account + Role Provisioning & Reconciliation
Authentication
Authentication
OAM
Federation Services (OIF)Federation Services (OIF)
Single SignSingle Sign--OnOn
RDBMS
OC4J
Extensible Security (XS)
Fusion ApplicationsFusion Applications
ADF
JAAS+
ATG
Security
FIDM
Identity ProvisioningIdentity Provisioning
Identity AdministrationIdentity Administration
Account ProvisioningAccount Provisioning
Account AdministrationAccount Administration
Enterprise Role MgmtEnterprise Role Mgmt
Identity Provisioning & Reconciliation
LUS (Extensible Security)
FIDM Operational Store
FRONT OFFICE
Legacy
CRM
INTEGRATION SERVICES BACK OFFICE
J2EE logic
.NET logic CICS wrap
TIBX logic App logic
portal
B2Bi logic
Architects Security Operations
Customers
TradingPartners
B2B Exchanges
WSM PEP
WSM PEP
WSM PEP
WSM PEP
WSM PEP WSM PEP
WSM PEP
Oracle WSM Policy
ManagerOracle WSM Monitor
OracleIdentity Services
Policy-Driven Security & Identity ManagementPolicy-Driven Security & Identity Management
AD / ExchangeIIS/ASPApps
Portals
`
CustomersPartners , Vendors
Employees
Portals using
Web Services
Web ServicesManager
Apps w / Web Service
Partner PortalOutsourcedProvider
Access ManagerWeb SSO &Web IdMgt
Mainframe (RACF/ACF2/TS Environment)
VirtualDirectory
| Peoplesoft
HR
Business Users
Packaged Applicationsusing Sun
or Apache
UnixLinux
Auditor IT AdminSecurity
Expose, Secure and Manage Web Services…
Oracle Database Security Components
Securely Backup Data To Tape with Secure Backup
Protect Data in Motion with
Network Encryption using Advanced Security
Option
����5
Protect User and Sensitive Data at Rest by Encrypting Database
Columns using Advanced Security Option
Select SALARY from USERS;
Protect Data from View and Alteration as well as Insider Threat using
Database Vault
Alter table ….Operational
DBA
SMITH 345-67-8912SCOTT 987-65-4321KING 123-45-6789
$ 53,700$229,500$125,000
LNAME SSN SALARY
����� ���
����������������
������
�����
��!��"
Select SALARY from users;
Alter system.
Alter table..
X
Operational
DBA
Database
Vault
X
Data DBA /
Manager
* Example roles and privsConsolidate Audit Data &
Show Reports using Audit Vault
SMITH 9876-5432-1987SCOTT 2345-6789-4321KING 1234-5678-9123
01-201109-201204-2010
LNAME CREDIT_CARD EXP_DATE
Enterprise Applications
BusinessApps
PortalsEmailCustomApps
Helpdesk
Protect Data at RestTransparently Encrypt Database Columns with Advance Security Option
Encrypt Backup of Database and Flat Files
to Tape with
Operational DBA
Consolidate & Report on Audit Data
with Audit VaultAudit Data Warehouse
Securing
the Database…
SMITH 17170SCOTT 14220KING 18031
��������#$�#$�#$�#$� ��� ��� ��� ���
SMITH 17170SCOTT 14220KING 18031
��������#$�#$�#$�#$� ��� ��� ��� ���
Select ssn from cust;
Separation of Duties with
Database VaultProtects Against Insider Threats
Alter table ….
X
Operational
DBA
Select SSN from
cust;
Alter system..
Alter table ….
Database
Vault
X
Data DBA /
Manager
* Example roles and privs
KING, 18031, $1,800
KING, 18031, $1,800
Protect Data in Motion with Network EncryptionAdvance Security Option
����5�0����
����5�0����
IT AdminIT Security DBA Manager
Manage Database Identities / Roles with
Other Supporting Slides
Oracle Enterprise Security
Identity And Access Management
Data Security
User Management
Application Security
Access Management
Directory Management
Platform Security Identity Audit
Multi-level Access Control Encryption
Monitoring & AlertDBA Security
Operating System Security
Authentication Service User Management
Governance Risk Compliance
Policy &
Process
Management
Enterprise
Control
Compliance
Analysis &
Reporting
Audit
Automation
Information Rights
top related