oracle security: bridging the gap between enterprise and cloud
Post on 19-Oct-2014
1.132 views
DESCRIPTION
How Oracle is helping Enterprise move to the Cloud securily with Security SolutionsTRANSCRIPT
1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8
Bridging the Security Gap Between the Enterprise and Cloud
Sponsored by
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.
Agenda • Barriers to Cloud Adoption
• Security Gaps Between Enterprise and Cloud
• Oracle Identity Management
• Case Studies
• Summary
4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud Services
Oracle Applications On Demand
Database On Demand Exadata On Demand
Middleware On Demand Exalogic On Demand
Private Cloud Products Private & Public Cloud Services Oracle Public Cloud
Fusion HCM Cloud
Service
Oracle Database Cloud Service
Oracle Java Cloud Service
Fusion CRM Cloud
Service
Infrastructure as a Service
Oracle Database, MySQL, Exadata Database Machine
Cloud Application Foundation: WebLogic Server, Coherence, JRockit, Exalogic Elastic Cloud
Platform as a Service
SOA Suite & BPM Suite
Data Integration & GoldenGate
Identity & Access Mgmt
WebCenter User Engagement
Oracle Applications
Applications
Oracle VM for x86
Oracle Linux Oracle Solaris Oracle VM for SPARC (LDom)
Solaris Zones
Servers, SuperCluster
Network Fabric Storage
Clo
ud M
anag
emen
t
Clo
ud C
ontro
l O
ps C
ente
r O
racl
e E
nter
pris
e M
anag
er
Oracle Social
Network
Oracle Cloud Offerings – Identity Management
Video – “Auction”
Security is the #1 Barrier to Cloud Adoption
87% Security main barrier to cloud adoption Source: IDC Enterprise Panel, 3Q09
52% Concerned with trusting an outside 3rd party Source: IDC Cloud Security Survey 2011`
41% Fear a security breach from use of security SaaS Source: IDC Cloud Security Survey, 2011
40% Compliance concerns prevent use of SaaS Source: IDC Cloud Security Survey, 2011
Cloud Computing saves costs but reduces control, visibility and trust
The Cloud Security Continuum
1990 1995 2000 2005 2008
LOW
MED-LOW
HIGH
MED-HIGH
CONTROL HIGH LOW
RIS
K
Enterprise
Private In House Cloud
Private Hosted Cloud
Public Cloud
Cloud computing increases risk and decreases control
Benefits
Use Cases Challenges
Security Gap Between the Enterprise and Cloud Private In-House Cloud
• Insider Threats • Privileged User Access
Control • Role based Access • Access Governance
• Leverage reusable identity functions for new apps
• Meter departmental app usage
c
• Cloud for internal use • Scales to large
departments • Security enforced by IT
8
Private Hosted Cloud
Public Cloud
Private In House Cloud
Benefits
Use Cases Challenges
Security Gap Between the Enterprise and Cloud Private Hosted Cloud
9
Private Hosted Cloud
Public Cloud
Private In House Cloud
• Integration can be complex • Adding capacity can be
costly
• Deploy a massively scalable directory service
• Deploy layered security for sensitive applications
• Hosted cloud for enterprise use • Scales to several large
organizations • Identity management
outsourced
Benefits
Use Cases Challenges
Security Gap Between the Enterprise and Cloud Public Cloud
10
Private Hosted Cloud
Public Cloud
Private In House Cloud
• Shared environment increases risk
• Security silos • Jurisdictional issues
• Rapid installation • Access applications from
mobile devices • Upgrades with zero
downtime
• Access anytime anywhere • Scales to millions of users • Pay as you grow
Risk and Fragmentation Increase Latency
FRAGMENTATION
LATE
NC
Y
RISK
• Security silos result in policy fragmentation
• Multiple points of failure
• Security gaps increase vulnerability to breaches
• Poor response to threats
• Latency increases with fragmentation
• Inability to develop and deploy applications and users
Identity Management Bridges the Gap
Identity
Administration Audit
Risk Management
AuthN and AuthZ
Adaptive Access • Context / Risk Aware • Anomaly Detection • Fraud Detection
Access • Single-sign on • Password policy • Authorization policy • Entitlements
Scalable Repository • Identity Synch • Identity Virtualization • Reporting
Tools Point Solutions Platform Intelligence
Private In-House Cloud
Enterprise
Private Hosted Cloud
Public Cloud Administration
• Role Mgmt • Provisioning • Identity Analytics • Certification
Dimensions of Cloud Identity Management
Identity as a Bridge to Cloud
c c Are you using cloud apps?
Are you building cloud apps?
Do you need IdM but don’t want to maintain it?
Identity as a Foundation for Cloud
Identity Hosted as a Cloud Service
Authentication and SSO
• Access anytime, anywhere from any device
• Mobile authentication, SSO and access control
• Connect Internet and Social identities to enterprise identity
• Seamless integration and control with enterprise
Federated Standards
• Multiple standard support for authentication to multiple clouds
• SAML
• OAuth
• OpenID
• WS-Fed
• Accelerated on boarding of partners and service providers
Employees/Contractors
Partners/ Subsidiaries
SaaS Applications
Social Networks
Authorization
Policy Enforcement for Apps, Middleware and
Databases
Evaluate Policies and Enforce Access
Centralized Policy Administration
• Centralized Policy Enforcement
• Distributed Real-time Policy Execution
• Standards-based policies: XACML, RBAC, ABAC, JAAS
Context-Aware Security and Fraud Prevention
User: Jdoe Paswd:1happycat$
User: Jdoe Paswd:1happycat$
User: Jdoe Paswd:1happycat$
Filtered Private Data
Entitlement Policy
• Location aware
• Device aware
• Entitlements based
• Enterprise control
• Full audit
Trust but Verify: Limit Access by Policy
User Provisioning and Role Management
Managers
Roles, Entitlements
Apps Users
• User lifecycle management for on-premise and SaaS applications
• Self-service provisioning and request mgmt
• Flexible – Roles, rules and policies
Audit and Compliance
Audit Reporting
• Access certification
• Risk scoring
• Privileged access control
• Workflow remediation
• Business views
Actionable Intelligence
Oracle Identity Management Platform Bridges the Gap
Identity
Administration Audit
Risk Management
AuthN and AuthZ
Adaptive Access • Context / Risk Aware • Anomaly detection • Access certification
Administration • Role Mgmt • Provisioning • Identity Analytics • Certification
Access • Single-sign on • Password policy • Authorization
Scalable Repository • Identity Synch • Identity Virtualization • Reporting
Directory Services Reduces latency and fragmentation by consolidating identity data
Access Management Overcomes security silos by centralizing and consolidating security policies.
Fraud Detection Reduces risk and latency by preventing fraud in real time
Identity Admin and Governance Consolidates user roles and entitlements and reduces risk
Tools Point Solutions Platform Intelligence
Oracle Identity Management Is Cloud-Ready
SaaS Apps
Desktop/Mobile On Premise Apps
Social Networks
Partners
COMPANY OVERVIEW
• A large commercial bank holding company headquartered in NA • Over 20K employees and operates nearly 1500 branches and 4000
ATMs all over North America
CHALLENGES/OPPORTUNITIES • Needed to secure PeopleSoft application with multi-factor
authentication for a financial services customer
• Wanted to avoid costly registration schemes and proprietary hardware • Wanted to protect customers ‘ identities and preserve brand value by
preventing phishing attacks
SOLUTION • Leveraged Oracle Adaptive Access Manager as a hosted solution from
Oracle On Demand
RESULTS
• 75% of users were deployed in less than 1
week
• Single solution now delivers anti-phishing,
anti-malware and fraud detection
• Deployment is cost effective and included
layered multifactor authentication
Case Study: Citizens Bank Identity consumed as a service example
COMPANY OVERVIEW
• A leading Canadian full service communications provider in the Province of Saskatchewan with nearly 5000 employees
• Offers a wide range of communications products and services including voice, data, Internet, entertainment, security monitoring, messaging, cellular, wireless data and directory services
CHALLENGES/OPPORTUNITIES • A number of legacy technologies had to be refreshed to cut down
operational expenses and increase scope of capabilities
• Nearly a half million customers accessing Sasktel’s services from a wide variety of devices demanded self service
SOLUTION • Leveraged Oracle Identity and Access Management Suite
RESULTS • Displaced legacy SiteMinder solution with
Oracle Identity and Access Management
• Monetized capital investments by offering Oracle Identity and Access Management Suite to general public as a cloud services
• Reduced internal opex and capex
Case Study: Sasktel Identity as a Service Example
Case Study: Oracle Public Cloud Security and Identity Management Service
Identity Management in the Cloud • Built on Oracle Identity Management • Single Sign-On and Federation • Multi-factor authentication • Fully Delegated Administration
25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
Case Study: Oracle On Demand Cloud Services
• Offers Hosted Strong Auth, Provisioning, SSO, and Directory Integration
• Enterprise-grade performance, security, and availability
• End-to-end cloud service portfolio
Identity as a Hosted Cloud Service Example
12+ years as premier cloud provider
5.5 million satisfied end-users
20+ patented and patent pending technologies
14,000 Oracle Service experts
2,000+ Critical Patch Updates proactively applied annually
2x Faster service request resolution time
64% Reduction in downtime for upgrades
Secure and Compliant: ISO 27001, ISO 27002, HIPAA, ISAE 3402 / SSAE 16, NIST, DIACAP, PCI, 21 CFR Part 11
Oracle Identity Management Platform Reduces Cost
46% Cost Savings
Source: Aberdeen “Analyzing point solutions vs. platform” 2011
Benefits Oracle IAM Suite Advantage
Increased End-User Productivity
• Emergency Access
• End-user Self Service
• 11% faster
• 30% faster
Reduced Risk • Suspend/revoke/de-provision end user access • 46% faster
Enhanced Agility • Integrate a new app faster with the IAM infrastructure
• Integrate a new end user role faster into the solution
• 64% faster
• 73% faster
Enhanced Security and Compliance
• Reduces unauthorized access
• Reduces audit deficiencies
• 14% fewer
• 35% fewer
Reduced Total Cost
• Reduces total cost of IAM initiatives • 48% lower
48% More Responsive
35% Fewer Audit Deficiencies
• Complete, Open and Integrated
• Innovative, Scalable and Modernized
• Identity Management for Enterprise. Cloud, Mobile and Social environments
• Simplified, Actionable Compliance
Oracle Identity Management Summary
IaaS PaaS
SaaS
• Normand Sauvé • [email protected]
• Call 1-800-672-2537
Contact
• www.oracle.com/identity
• twitter.com/OracleIDM
• facebook.com/OracleIDM
• Blogs.oracle.com/OracleIDM
Join the Oracle IDM Community
Learn More
Q&A