idm mobile security overview
TRANSCRIPT
Innovating for a Secure
Mobile Extended Enterprise
Andy Smith
Sr Director Product
Management Feb 2014
2 Oracle Confidential – Do Not Distribute Oracle Confidential – Do Not Distribute
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended
for information purposes only, and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or functionality, and should
not be relied upon in making purchasing decisions. The development, release,
and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
3 Oracle Confidential – Do Not Distribute
PEOPLE Employees, Contractors Costumers & Partners
THE NETWORK IS NO LONGER THE POINT OF CONTROL
DEVICES Phones, Servers, Laptops, Tablets
DATA Unstructured & Structured
THE NEW PERIMETER
4 Oracle Confidential – Do Not Distribute
80% 67% 89%
By 2015, mobile app development projects will
outnumber native PC projects by 4-to-1
Use tablets to work remotely
65% use to check email
Mobile devices already connect
to corporate networks
Source: Forbes: Mobile Business Statistics For 2012
Mobile Usage in the Enterprise Driven by IT Consumerization
5 Oracle Confidential – Do Not Distribute
Mobility Is A Significant Challenge for I.T.
Top Mobility Challenges for CIOs
CIO Insight: Top Challenges of Enterprise Mobility, 2012
41%
31%
28%
Securing corporate
information
Integrating with other systems
Supporting multiple devices
Mobility is Expensive
McKinsey, 2012: Mobility Disruption: A CIO Perspective
41% CIOs cited Mobility is expensive & a critical
challenge
Up to$250 per device/ annually
Includes cost of connectivity, infrastructure and support
Bring Your Own Device (BYOD) Practices in 2011
Forbes: Mobile Business Statistics For 2012
74%
74% Allow some sort of BYOD usage.
Less than 10% “FULLY AWARE”
of the devices accessing their
network
10%
6 Oracle Confidential – Do Not Distribute
Security leads enterprise buying demand
7 Oracle Confidential – Do Not Distribute
58% 35% 76%
Building mobile
application stores
Reported lost
or stolen devices
Store credentials
on the device
10% Store Passwords in Plain Text
Source: Partnerpedia
Survey Aug 2011
Source: Information week
Aug 2011 Source: Norton
Cybercrime 2012
8 Oracle Confidential – Do Not Distribute
Mobile Device Management
Mobile Application
Management
Mobile Security
Mobile Enterprise Application
Platform
Secure Application
Access
DEFINING Mobile Security
9 Oracle Confidential – Do Not Distribute
Mobile Application
Management:
Create a secure
container that separates
corporate data and apps from
personal
How To Secure Corporate Data In A BYOD World?
10 Oracle Confidential – Do Not Distribute
Oracle’s
STRATEGY
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 10
APPLICATIONS MOBILE SECURITY
MOBILE PLATFORM
MOBILE SUITE
CRM ERP
11 Oracle Confidential – Do Not Distribute
For the API Economy
Extend existing IDM infrastructure
• NEW: 2 Factor Auth, Mobile SSO, Oauth
Develop secure consumer facing
bespoke applications
• Web, Native and Hybrid applications
iOS and Android SDKs
Transformation API Management API Monitoring
SSO, OAuth, Federation
Device Security, Strong Auth
Secure REST API’s
Access M
an
ag
em
en
t
Today’s Identity Management – 11gR2 PS2 Secure Mobile APIs, SSO and Web Services
12 Oracle Confidential – Do Not Distribute
Oracle’s
STRATEGY
Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 12
CONTAINER EXPERIENCE CONTROL
Isolate corporate data, support remote wipe, restrict
data transfer
Secure applications & communication, corporate
application store
Role based access, self service request, sign-on, fraud
detection
MOBILE SECURITY SUITE
13 Oracle Confidential – Do Not Distribute
THE NEW IDENTITY MANAGEMENT
DIRECTORY SERVICES
IDENTITY GOVERNANCE
ACCESS MANAGEMENT
To Handle 100s of Millions of Users
Supporting Mobile, Social and
Cloud
With BYOD Support
OPEN, INTEGRATED, BEST OF BREED
14 Oracle Confidential – Do Not Distribute
Oracle Mobile Security
• Mobile Security Suite that can extend the Oracle
IDM platform
• Separate personal and corporate apps and
data
• Application centric solution – avoid device
lockdown
• Extend Identity Management platform to manage
the lifecycle of applications and containers
• Extend Access Management platform to mobile
devices and applications
• Oracle/ADF Mobile Apps secure-by-default by
consuming these security services
Addressing Customer Requirements for Mobile Security
15 Oracle Confidential – Do Not Distribute
Oracle Mobile Solution Secure Mobile Workspace - Separate personal and corporate data
Authentication / SSO
Data at Rest Encryption
Data in Transit Encryption
DLP
Policy
Browser
PIM (email, calendar, contacts,
tasks, notes)
Doc Editor
App Catalog
File Manager
Secure Intranet
Secure Mail
Secure Files
App Distribution
Secure Apps Enterprise
Apps
16 Oracle Confidential – Do Not Distribute
Native App Protection
• App Containerization adds security layer for bespoke
and COTs apps after development
• Decouple security deployment & app development
• Injection-based approach. No SDK.
• SSO, secure access and DLP enforcement
Delegated security model with app containerization
17 Oracle Confidential – Do Not Distribute
Secure access with App Tunnel
• Identity and remote access coupled
• Prevent rogue apps
• Access to internal network only for white-listed apps
• Unlike IPSEC, no CPU and network overhead
No VPN Required
18 Oracle Confidential – Do Not Distribute
Oracle Identity Management Extending the Platform with a Discreet Mobile Security Solution
Identity Governance
Access Request
Approval Workflows
Automated Provisioning
HR Reconciliation
Access Certification and SOD
Role Lifecycle Management
Privileged Account Management
User Management & Self Service
Entitlement Catalogue/App Store
Access Management
Web Single Sign-on
Federation
Social Identity Access
Externalized Authorizations
SOA and API Security
Integrated ESSO
Token Services
Mobile App Access Management
Secure Mobile Gateway
Access Management
LDAP Storage/ Virtual/
Meta Directory
Device Store
Directory Services
System Management and
Monitoring
Management
Device and Container Management
Secure Container
Mobile
Security
19 Oracle Confidential – Do Not Distribute
Oracle Mobile Security Suite Steady State Architecture
Corporate DMZ Corporate Network
Oracle Access Manager
With Mobile & Social OAM Protected
Resources
HT
TP
/RE
ST
/SO
AP
/OA
UT
H
SOAP/REST and Legacy
Web Services
Oracle Mobile Access
Server
Oracle Identity
Governance with
Mobile Application
Mgmt
Apple/Google
Push Notification
Device & Policy
Registry (OID/OUD)
Oracle API Gateway
App Tunnel
REST/Mobile Security
20 Oracle Confidential – Do Not Distribute
IDENTITY FOR THE EXTENDED ENTERPRISE A PLATFORM FOR ENTERPRISE, CLOUD & MOBILE
Oracle Confidential
One Identity Platform
21 Oracle Confidential – Do Not Distribute
• Separating and managing corporate apps/data on Mobile devices
• Seamless SSO for mobile bespoke applications
New: Oracle Identity Management
Mobile Application
Security
• Secure API management
• OAuth 2.0 Server support
• Unstructured Data Protection with OES
Enabling Cloud API
Economy
• Cloud Access Portal
• Core Identity Services Rapidly Available as a Managed Service
• Web services-based Cloud connectors
Cloud Identity
Services
• Modernized access request and certification
• Session recording for shared accounts
• Consistent governance for cloud, mobile and enterprise applications
Enterprise Identity
Services
22 Oracle Confidential – Do Not Distribute
Questions
23 Oracle Confidential – Do Not Distribute