iam suite introduction
DESCRIPTION
TRANSCRIPT
<Insert Picture Here>
Introduction To Oracle Identity And Access Management (IAM)Shujaat AliSr. Security Specialist, Public Sector Sales Consulting
Agenda
• State of enterprise security and the need for IAM• Oracle solutions• Industry validations and customer success stories• The future of Oracle IAM• Summary and best practice• Q&A
5 Questions to ask your CISO
Q: What’s posted on this monitor?
a – password to financial applicationb – phone messagesc – to-do’s
Q: What determines your employee’s access?
a – give Alice whatever Wally hasb – roles, attributes, and requestsc – whatever her manager says
Q: Who is the most privileged user in your enterprise?
a – security administratorb – CFOc – the 3-peat summer intern who is now
working for your competitor
Q: How secure is youridentity data?
a – It is in 18 different secured storesb – We protect the admin passwordsc – Privacy? We don’t hold credit card
numbers
Q: How much are manual compliance controls costing your organization?
a – nothing, no new headcountb – don’t askc – don’t know
Today’s IT Challenges
More Agile Business• More accessibility for employees, customers and partners• Higher level of B2B integrations• Faster reaction to changing requirements
More Secured Business• Organized crime• Identity theft• Intellectual property theft• Constant global threats
More Compliant Business• Increasing regulatory demands• Increasing privacy concerns• Business viability concerns
State Of Security In Enterprise
• Incomplete• Multiple point solutions from many vendors• Disparate technologies that don’t work together
• Complex• Repeated point-to-point integrations• Mostly manual operations
• ‘Non-compliant’• Difficult to enforce consistent set of policies• Difficult to measure compliance with those policies
Identity Management Values
• Trusted and reliable security
• Efficient regulatory compliance
• Lower administrative and development costs
• Enable online business networks
• Better end-user experience
AccessAccessControlControl
Identity & Access Management
DirectoryDirectoryServicesServices
IdentityIdentityAdministrationAdministration
Authentication & Authentication & AuthorizationAuthorization
Single Sign-OnSingle Sign-On
FederationFederation
Web Services SecurityWeb Services Security
Identity LifecycleIdentity LifecycleAdministrationAdministration
Role & MembershipRole & MembershipAdministrationAdministration
Provisioning &Provisioning &ReconciliationReconciliation
Compliance AutomationCompliance Automation
VirtualizationVirtualization
SynchronizationSynchronization
StorageStorage
Service Levels Configuration Performance AutomationService Levels Configuration Performance Automation
ManagementManagement
Audit Data Attestation Segregation of Duties ControlsAudit Data Attestation Segregation of Duties Controls
Audit & ComplianceAudit & Compliance
AccessAccessControlControl
Oracle IAM Products
DirectoryDirectoryServicesServices
IdentityIdentityAdministrationAdministration
Oracle Access ManagerOracle Access Manager
Oracle EnterpriseOracle EnterpriseSingle Sign-OnSingle Sign-On
Oracle Identity FederationOracle Identity Federation
Oracle Web ServicesOracle Web ServicesManagerManager
Oracle Identity ManagerOracle Identity Manager
Oracle Virtual DirectoryOracle Virtual Directory
Oracle Internet DirectoryOracle Internet Directory(with Directory Integration(with Directory Integration
Platform)Platform)
Oracle Enterprise Manager for Identity ManagementOracle Enterprise Manager for Identity Management
ManagementManagement
Oracle Identity & Access Management SuiteOracle Identity & Access Management Suite
Audit & ComplianceAudit & Compliance
Leader in Magic Quadrants
User Provisioning, 1H 2006 Web Access Management, 2H 2006
Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Heterogeneous Support
Applications
Directories
Application/Web Servers
Operating Systems
Groupware
ACF-2 & TSS
Portals
RACF
“Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments.“- Ray Wagner, Gartner, October 2006
Standards Support
• Contribute and lead• SSTC (SAML Working Group) - Co-Chair• Liberty Alliance - President, Board Member• WSS, WS-SX (Web Services Security) - Author• SPML - Author• XACML – Voting member
• Implement • Accelerate product development• Simplify product integration & minimize TCO
• Innovate• Enable Identity Services Framework: CARML, AAPML• Standards for end-to-end security
Access Control
Oracle AccessOracle AccessManager Manager (Web)(Web)
AuthenticationAuthentication&&
AuthorizationAuthorization
Oracle eSSO SuiteOracle eSSO Suite(Desktop/Legacy)(Desktop/Legacy)
Single Sign-OnSingle Sign-On FederationFederation
OracleOracleIdentityIdentity
FederationFederation
Web ServicesWeb ServicesSecuritySecurity
OracleOracleWebWeb
ServicesServicesManagerManager
Oracle Access Manager
• Benefits• Centralized and consistent security
across heterogeneous environments• Reduced administration cost• Improved end user experience
• Features• Web single-sign-on• Common policy management• Multi-level, multi-factor authentication management• Self-service and delegated administration• Workflow engine• Web Services interfaces
Oracle AccessOracle AccessManager Manager (Web)(Web)
Oracle Enterprise SSO
• Benefits• Eliminates forgotten passwords for Windows
desktop and applications• Improves security & user experience• Meet regulatory compliance
• Features• Sign-on to any Windows, web, host, mainframe or Java
application• Use any combination of tokens, smart cards, biometrics and
passwords• Auto inactive session termination and application shutdown for
shared workstation • Reset Windows password directly from locked workstation
Oracle eSSO SuiteOracle eSSO Suite(Desktop/Legacy)(Desktop/Legacy)
Oracle Identity Federation
• Benefits• Secured integration with partners• Reduced administration cost• Improved end user experience
• Features• Seamless SSO and identity sharing
• Multi-protocol gateway – SAML, Liberty, WS-Federation• Service Provider or Identity Provider
• Flexible deployment configurations• Standalone for use with pre-existing web-access
management solution• Protocol SDK for custom applications
Oracle IdentityOracle IdentityFederationFederation
Oracle Web Services Mgr.
• Benefits• Quick and simple deployment• Provide standard (J2EE) policy
enforcement points• Enable SLA definition and monitoring, quality of service
reporting.
• Features• Declarative policy (no coding)• Rich library of pre-built policies• Centralized policy management with local enforcement• Supports WS-Security• Integrated security for SOA Suite/Services infrastructure
Oracle WebOracle WebServices ManagerServices Manager
Identity Administration
LifecycleLifecycleAdministrationAdministration
Role &Role &MembershipMembership
AdministrationAdministration
ProvisioningProvisioning&&
ReconciliationReconciliation
ComplianceComplianceAutomationAutomation
Oracle Identity ManagerOracle Identity Manager
Oracle Identity Manager
• Benefits• Reduced administration cost• Cost effective regulatory compliance• Improved security• Improved service level
• Features• Identity life-cycle management for the heterogeneous enterprise• Approval and provisioning workflows• Role based access control• Complete integration solutions: OOTB connectors & Adapter Factory• Deep integration to ERP and HRMS• Audit and compliance reporting and process automation
OracleOracleIdentity ManagerIdentity Manager
Directory Services
VirtualizationVirtualization SynchronizationSynchronization StorageStorage
OracleOracleVirtualVirtual
DirectoryDirectory
OracleOracleDirectoryDirectory
IntegrationIntegrationPlatformPlatform
OracleOracleInternetInternet
DirectoryDirectory
Oracle Virtual Directory
• Benefits• Rapid application deployment• Tighter controls on identity data• Real-time identity information access
• Features• Modern Java & Web Services
technology• Virtualization, proxy, join &
routing capabilities• Superior extensibility• Scalable multi-site administration• Direct data access
OracleOracleVirtual DirectoryVirtual Directory
Oracle Internet DirectoryWith Directory Integration Platform
• Benefits• Reduced operational cost with
Oracle Grid support• Seamless integration with Oracle applications
and products
• Features• Full feature LDAP server with a
RDBMS data-store• Industry leading scalability and
HA capabilities• Strong Oracle platform integration• VSLDAP certified and EAL4 compliant• Entity level directory synchronization support for
all major directory products (DIP)
OracleOracleInternet DirectoryInternet Directory
Identity Audit & Compliance
Audit DataAudit Data& Reporting& Reporting AttestationAttestation SegregationSegregation
Of DutiesOf Duties ControlsControls
Oracle Identity & Access Management SuiteOracle Identity & Access Management Suite
Identity Audit & Compliance
• Benefits• Cost effective compliance• Enhance data integrity and auditability• Real time and consistent enforcements• Enable compliance to SOX, GLB, HIPAA, J-SOX, …
• Features• Comprehensive historical and temporal audit data• Comprehensive operational and historical reports• Attestation of entitlements• Segregation of duties via denial policies• Comprehensive system and exception logging• Integration with Audit Vault, ICM, and 3rd party compliance
products
Oracle IdentityOracle IdentityAudit &Audit &
ComplianceCompliance
Management
Service LevelsService Levels PerformancePerformance ConfigurationConfiguration AutomationAutomation
Oracle Enterprise ManagerOracle Enterprise ManagerFor Identity ManagementFor Identity Management
Oracle Enterprise ManagerFor Identity Management
• Benefits• Actively manage IdM service levels• Rigorous management of IdM technology stack• Simplified deployment, patching, and upgrade
• Features• Automated modeling of IAM components and infrastructure• Define SLA, monitor and report• Response time, throughput, usage metrics, …• Server, application, and user level metrics• Automated discovery of IAM components and infrastructure• Discover & track configuration attributes / values• Installing, Patching, Upgrading, Cloning• Development Test Production
Oracle EnterpriseOracle EnterpriseManagerManager
Oracle Confidential
Identity Management CustomersSome Sample References
Manufacturing & Transportation
Financial Services
Government & Public Sector
Retail & Services
Healthcare
Technology & Communications
• ‘Day one’ access lead time reduced to < 5 mins• Knowing Who Has Access to What = Priceless• Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems• Reduced compliance effort across 50 SOX-critical applications by 12 man weeks• Award winning deployment
BUSINESS CHALLENGE
• Critical systems vulnerable to unmanaged & orphaned system accounts
• No detailed audit trails of each user’s access rights – current and historical
• Reduce the cost of user administration from $30.00 per access modification
• Comply with external regulations – Sarbanes Oxley & Gramm-Leach-Bliley Acts
RESULTS
ORACLE SOLUTION
• Lehman selected Oracle Identity Manager over IBM, Sun, and CA
• Very flexible (adaptable), open architecture simplified integration
• Integrated with 800+ business applications
• GUI-based business rule development
Case Study – Lehman Brothers GLB & SOX Compliance
• Oracle Access Manager solution saves Southwest $30/month per employee 40k users for a total of $1.2 million per month.
• Also reduced equipment idle time at $15,000 per hour.
BUSINESS CHALLENGE
• Wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer via the Web
• Increase efficiency• Reduce the business costs of transactions
with the aircraft manufacturers
RESULTS
ORACLE SOLUTION
• Oracle Access Manager and Oracle Identity Federation
• Six week implementation • 1st in airline industry to implement SAML
Case Study – Southwest AirlinesSeamless B2B Integration & Low TCO
• User self service expected to lower cost and improve user adoption
• Improved security and efficiency by migrating manual self service tasks to an automated system
BUSINESS CHALLENGE
• DTI wanted to provided 12000 state employees with self service HR capability.
• It also wanted to initiate eGovernment efforts to offer Delaware residents the ability to do common online tasks.
• Most of the self service tasks were manual and paper/fax based.
RESULTS
ORACLE SOLUTION
• Oracle Access Manager, Oracle Virtual Directory, and OID chosen over Sun and CA, May 2006
• 150K External Users, 12K Internal Users
• Oracle Solution works with IBM WebSphere mid-tier and PeopleSoft HR
• Oracle was able to demonstrate a web services based identity management solution
Case Study – State of DelawareConvergence of HR and Identity Data
Looking Ahead
• Oracle will broaden security product portfolio• Strategic priority for Oracle development• Strong authentication, role management, compliance …
• From security silos to built-in security• Built into databases, middleware, enterprise applications• Identity Services Framework
• Project Fusion• Single security model across Enterprise Applications Suite• Enforced uniformly at all parts of technology infrastructure• Across entire life-cycle from development to maintenance
Oracle IAM Suite with Identity Services Framework
Identity ProviderProvisioningAuthentication
Virtualization & User Store
WS-*, SPML, SAML, XACML, CARML
Audit
Legacy Integration InterfaceConnectors, Agents
Federation & Trust
Policy & Orchestration
OracleFusion
Applications& Middleware
3rd PartyISF Aware
Applications
Legacy Applications
UserManagement
AuthenticationAuthorizationFederation
Business Functions
BusinessFunctions
BusinessFunctions
CustomDevelopedISF Aware
Applications
BusinessFunctions
Identity Services Framework
AdministrationAuthorization Role Provider
Identity Services
Enterprise Identity Management Infrastructure
Service Interfaces
Key Oracle Differentiators
• Complete suite of best-of-breed products• Complete & best integrated identity management suite• Includes compliance, virtualization and system management• Market leadership validated by press and analysts
• Proven for large scale deployments• Large, complex, and award winning deployments• Broad customer base and use cases• Large referenceable customer base
• Best long-term investment• Strong support of open standards and hot-pluggable strategy• Pre-integrated with Oracle products – DB, middleware, apps• Pre-integrated with over 50 applications and infrastructure• Underpins Oracle’s next generation of Fusion Applications
Key To Successful IAM Projects
• Establish the strategic nature of I&AM• Focus on processes and people, technology is only an enabler• Obtain executive support and buy-in• Develop overall business requirements and a starting point –
directory, access management or provisioning• Select software based on requirements of today and the future• Follow a phased approach for integration of applications and
different types of users• Get developers on board early on for integration with
consolidated authentication, authorization and identity services• Put in place a comprehensive change management and
communication plan
