partner webcast – oracle identity cloud service: introducing secure, on-demand identity management

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |

Thanos Terentes Printzios Technology Adoption Manager, EMEA A&C Luca Martelli Director of Identity Management & Security EMEA

Security Cloud Services

Oracle Identity Cloud Service January 26th 2017

EMEA Upcoming Security Webcasts & Events Partner Webcasts (@OracleIMC) • Identity Cloud Service – 26 Jan • CASB CS Palerra – 23 Feb • API Platform CS – 09 March * 27-28 April, Budapest, annual Oracle Partner Security Forum

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

Agenda

• Security & Cloud? EU GDPR? Oracle Cloud Security Strategy

• Overview & Demo of Oracle Identity Cloud Service

• Customer Scenarios

– Cloud SSO for Oracle and non-Oracle Cloud services

– Manage External Identities on IDCS

• Licensing Model, Pricing

• Roadmap

• Training and Enablement opportunities for Partners

• Q&A


Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

Oracle Confidential – Internal/Restricted/Highly Restricted 4

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

Employees Partners Consumers

Digital Disruption – Changing Changed World

Oracle Public 5

ON PREMISES PUBLIC CLOUD



Your Sensitive Data is Already in the Cloud

6

2016 Cloud Security Research Report, Crowd Research Partner

79% Of enterprises are actively deploying cloud solutions in public, private, or hybrid cloud environments

% of Enterprises Deploying

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 7

Workloads are Everywhere Cloud is not just SaaS. Workloads are moving

rapidly to PaaS and IaaS

71% of large enterprise will shift some workloads to cloud by 2018

Enterprises plan to use an average of 6 clouds to run their workloads

2016 McKinsey, 2016 Right Scale


Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 8

The Perimeter Has Moved

Traditional perimeter security solutions

are ineffective

91% of organizations have security concerns

adopting public cloud

Only 14% believe network security tools work well protecting public cloud

2016 Cloud Security Research Report, Crowd Research Partners



A New Model is Required

Oracle Public 9

Secure

Monitor Respond

Discover

Automated response to augment already stretched security teams

Visibility into what and how cloud services are being used and by whom

Continuous

Visibility and

Verification

Proactive application and data security to ensure sensitive data is protected

Ability to detect threats if anomalous activity is occurring


Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 10

Security Cloud Services: Enabling Faster and More Secure Cloud Adoption

Identity Cloud Service

Compliance Cloud Service

Security Monitoring & Analytics Cloud Service


API Platform Cloud Service

Hybrid Data Security Protection: Database Security

CASB Cloud Service (Palerra)

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 11

Threat intelligence

Oracle Cloud Security Vision Identity SOC

CASB UEBA

Identity Management

SIEM

Automated remediation


• Key aspects of GDPR

– New statutory requirements will require companies to re-think how they handle and protect their personal data

– Includes a new liability and sanction regime

– Entry into force on 24 May 2018

• Potential serious consequences

– Fines of up to 4% of global annual revenue or €20M

– 72 hours for data breach notification

• Aspects of GDPR that Oracle Offerings may Help Address

– “Data Protection by design and default”

– “Security of Processing“

– “Data Breach Notifications to Individuals” not required if security controls prevent breach from occurring

– If a data breach occurs “administratives fines shall” take into account “technical and organisational measures implemented”

12

• Relevant Oracle Offerings

– Database Security options (Advanced Security Option, Database vault, Audit Vault Database Firewall, Key Vault, Data Masking/Subsetting). DB Cloud can make use of DB security features/options

– Identity Management (Identity Governance, Identity Cloud Service, Access Management, Centralised Directory), API-Platform Cloud Service, CASB Cloud Service

– High availability and resilience: Data Guard, RAC, Backup solutions, ZDLRA

– Applicable to “existing/legacy systems and new digital systems”

Summary: GDPR & Oracle Offerings

http://www.oracle.com/technetwork/database/security/wp-security-dbsec-gdpr-3073228.pdf


SaaS PaaS IaaS

Cloud Era Requires Identity-Centric Security

Mobile

Social Internet of Things

Cloud

Big Data

IDENTITY

13 Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |




Modern App Security Centralized authentication, authorization, user management and self-service based on latest standards Hybrid Identity Manage user identities for both cloud and on-premises applications with enterprise-grade hybrid deployments Secure Defense In-depth Gain layers of defense with identity hosted as an Oracle Public Cloud (OPC) service and integrated with cloud security fabric


Apps

Apps

CLOUD PLATFORM

Employees

Partners

Consumers

Cloud applications

On Premise

Cloud Directory ID Store

ID Admin User Mgmt.

Access Mgmt. SSO, Federation

MFA Strong Auth.

Governance Certs, Access Requests,

SoD

Intelligence Risk & Context, Threat

Provisioning Account, LC mgmt.

Oracle Identity Cloud Service

B2C Social, Insights


Introducing Identity Cloud Service Complete Hybrid Identity Management

16


So wareasaService

InfrastructureasaService

Pla ormasaService

3rd Party Cloud Services

• Cloud-Native Multi-tenant platform on the Oracle Cloud

• Manage Users

– Sync identities, SSO, Federation

• Manage Applications

– Integrate using open standards

• Manage Policies

– Protect Applications using strong access control policies

On-Premises Applications

On-premises IAM


Growing Market Opportunity for IDCS to provide value to SaaS

“Through 2018, federated single sign-on (SSO) will be the predominant SSO technology required by 85% of organizations.”

“The adoption of SaaS applications is the most common driver for new SSO projects, followed by consumer-facing and B2B use-case drivers.”

- Gartner Take a Pragmatic Approach to Single Sign-On for Quicker Value, 29 July 2016

17

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |

Demetris Skourides Cloud Transformation and Platform Solutions Leader, EMEA A&C Luca Martelli Director of Identity Management & Security EMEA Patrick McLaughlin Oracle Fellow

Oracle Identity Cloud Service January 26th 2017


ACME Chip Design: Manage External Identities in the Cloud

• ACME admin onboards partner users and applications

• New Partner self-registers and onboards new users

• Partner end user downloads sensitive data and is automatically locked out

• Partner admin remediates access on-demand



Hybrid Identity

• Application security for cloud and on-premises workloads

• Access Certification, Audit and Compliance for Cloud Apps using OIG

• Move app policies to the cloud as apps and workloads begin moving to the cloud



Open and Standards-based

OAuth SCIM SAML OpenID

SAML

• API first design

• 100% standards-based: SAML, SCIM, OpenID Connect and OAuth

• Sustaining board member of OpenID Foundation

• Leading FastFed Working Group to simplify and accelerate integrations



Secure

• Zero-trust design between microservices

• Data security at rest using Transparent Data Encryption and Schema Isolation

• Risk-aware, adaptive access control

• Layered defense spanning Silicon, Infrastructure, DB, Middleware and Applications


Oracle Public Cloud

Apps

Use Case: Secure Access for Cloud and on Prem

Apps

Customer On-Premise

Oracle IAM or AD

Apps

Synchronized

IDCS

ID Bridge

Cloud applications

Apps

Employee Apps

Employee access

Apps Apps

Customer On-Premise

On-Prem IdM directory

24

Use Case: ID Management of External Identities

Customer identities in cloud directory

Oracle Public Cloud

IDCS

Consumer access

Apps

Customer Portal

Apps Apps

Other Clouds

User and partner access

Admin access

Oracle Public Cloud

Cloud directory with stored identities

25

Use Case: Moving Apps to the Cloud

Any Cloud Service

Apps Apps Apps

Web, Desktop, or Mobile Apps

IDCS


Manage Users

26

Oracle Identity Cloud Service

Identity Bridge

• Synchronize user identities from on-premises AD or OIM

– Identity Bridge for Active Directory

– OIM Connector for IDCS

– User Account Upload using CSV

• Federate access policy to external Identity Provider (i.e. Oracle Access Manager)

– SAML 2.0 compliant IDCS Connector

OIM IDP


• Add Custom and 3rd Party Applications using Templates or off-the-shelf App Catalog

• Single-Sign-On using SAML 2.0, OpenID Connect or OAuth 2

• Unified User Experience across multiple device platforms

27

Manage Applications


Oracle Mobile Authenticator

Integrated biometrics Soft Token Generator Push Notifications


Why IDCS is Important for Oracle SAAS & PAAS

• Provide true SSO:

– Across SAAS

– Across id domain (SIM)

– No multiple agreement and configurations with on-prem

• Provide SSO and user authentication for mash up apps with multiple SAAS and PAAS

• Group based access control across SAAS

• SOD across SAAS

• Multi Factor Authentication – Risk based authN, UEBA

• Off course provisioning soon

29


Licensing & Pricing

30

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Feature List Basic is for Oracle Use Cases, Standard for 3rd Party Clouds Feature Foundation IDCS for OPC* IDCS Basic IDCS Standard

Single Sign On Yes Yes Yes

User and Role Management Yes Yes Yes

Self-service User Profile Management Yes Yes Yes

Identity Objects No limit No limit No limit

Security/Usage Reports Yes Yes Yes

Company Branding and customization Yes Yes Yes

External IDP Federation Yes Yes Yes

Self-service password reset Yes Yes

Group-based access controls Yes Yes

ID Sync Yes Yes

Enterprise SLA (99.9%) Yes Yes

3rd Party Cloud Services (non-Oracle) Yes

31

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Identity Cloud Service (IDCS) Pricing more info: https://cloud.oracle.com/en_US/identity

32

Features: SSO and User Management for OPC services only

$1 /user /month

(Enterprise users only)

$4 /user/month for Enterprise

Users

$0.02 /user/month Non-

Enterprise Users

IDCS Basic (Non-metered)

IDCS Standard (Non-metered)

https://cloud.oracle.com/en_US/identity


Roadmap

33

Oracle Identity Management – Planned Releases

IDM 11gR2 PS3 Bundle Patches

IDM 12c Release and Patches

IDCS Release and Continuous Updates

IDCS Customer & Partner Beta

Partner Ecosystem Innovation

Oracle Confidential – Internal 35

Oracle Confidential – Internal 36


Awarness and Enablement Plan for Partners Demo Workshops Partner Community Forum (April)


Access a cloud instance of IDCS: demo.oracle.com (GSE) • Partners have

access to demo.oracle.com (GSE) directly provided they sign the DSS Addendum

• Demo Services Addendum can be signed on line via http://www.oracle.com/partnerstore (Demo Services -> Apply for Addendum)

http://www.oracle.com/partners/en/partner-with-oracle/market-and-sell/demonstration-environments/secure/index.html

http://www.oracle.com/partnerstore

http://www.oracle.com/partnerstore


IDCS Workshop for Partners

The workshop is designed to provide an introduction into Identity Cloud Service architecture, capabilities and functionality through live demos and hands-on exercises.

Two workshop versions:

- Short (4 hours) recommended for online delivery through Webex

- Full (1 day) recommended for in-class with hands-on labs

39

A Virtual Workshop will be offered to the partners attending this webcast Get in touch with your local partner manager or the contacts details at the end of this presentation to request a dedicated Virtual or in Room workshop for you and your team


Short version (4 hours) - Virtual

• Introduction

• Architecture

• UI Tour

• User & Group Management

• IDCS Customization

• Password Management

• Federation – IDCS SP and OAM IDP

– IDCS IDP and SalesForce SP

• Identity Bridge

• BYOA (Bring Your Own Application)

Full version (1 day) – In Room

• Introduction

• Architecture

• UI Tour (live demo)

• User & Group Management (lab)

• IDCS Customization (lab)

• Password Management (lab)

• Federation – IDCS SP and OAM IDP (lab)

– IDCS IDP and SalesForce SP (live demo)

• Identity Bridge (live demo)

• BYOA (Bring Your Own Application) (lab)

IDCS Workshop Agenda


• 2 days annual meeting with focused EMEA Identity&Security partners

• Benefits:

– Sharing about customer business priorities

– Getting the latest roadmaps and insights from HQ head of security development (HQ PMs Team + EMEA Team)

– Networking

• Expectations:

– Bidirectional conversations

Security Partner Community Forum Budapest – 27, 28 April 2017

41


Oracle Identity Cloud Service: Hybrid, Secure, And Open

Introducing Oracle Identity Cloud Service, part of a strategic hybrid identity solution—giving you a single point of management, and one view of all your employees, partners, and customers across on-premises and cloud resources.

Extending Identities To The Cloud with Oracle IDCS

Take advantage of modern, cloud-based access capabilities, while laying a foundation for tomorrow with Oracle Identity Cloud Service

Managing Your Customers With Oracle Identity Cloud Service

Take control of digital business now with Oracle Identity Cloud Service, a secure on-demand identity service that helps achieve people-centric security that is both seamless and transparent to your users.

Secure Cloud Single Sign-On with Oracle Identity Cloud Service

Oracle Identity Cloud Service makes accessing cloud applications simple, and reduces the risks involved—helping to keep your apps, data, and users safe, secure, and productive.

Resources to Share: 4 Videos to Help You Explain the Benefits of IDCS

YouTube

YouTube YouTube

YouTube

https://www.youtube.com/watch?v=t2s9ijLy_YM

https://www.youtube.com/watch?v=zNl8R2bsLRo

https://www.youtube.com/watch?v=yAO1_jMgIHc

https://www.youtube.com/watch?v=YCTazZN50M4


• A&C Team

– Thanos Terentes Printzios

– Your Oracle Partner Manager

• EMEA Security – Franck Hourdin

– Luca Martelli

– Patrick McLaughlin

– Prashant Barot

Regional Security Goto Persons:

– Alessandro Vallega, France, Italy

– Mauricio Gumiel, Iberia

– Karen Weebers, Benelux

– Dragan Petkovic, MEA

– Dimitris Theodoropoulos, EECIS

– Ernst Lorenz, North

– Paul Kennedy and Graeme Kerr, UKIE

– Natalia Diskin, Israel

Follow-up Contact Details in the Security Team ([email protected])

43

mailto:[email protected]


Security Cloud Services: Enabling Faster and More Secure Cloud Adoption


Compliance Cloud Service

Security Monitoring & Analytics Cloud Service


API Platform Cloud Service

Hybrid Data Security Protection: Database Security

CASB Cloud Service (Palerra)


&

EMEA Security Webcasts & Events

Partner Webcasts @OracleIMC

• Identity Cloud Service - 26 Jan

• CASB CS Palerra - 23 Feb

• API Platform CS - 09 March

27-28 April, Budapest Annual Oracle Partner Security Forum

http://blogs.oracle.com/imc

http://blogs.oracle.com/imc


Stay In Touch Oracle IMC blog: http://blogs.oracle.com/imc

Oracle ECEMEA Partner Hub Homepage: http://oracle.com/goto/hub-ecemea

Oracle IMC Mail: [email protected]

Twitter: http://twitter.com/oracleimc

Facebook: http://facebook.com/oracleimc

LinkedIn: http://linkedin.com/groups/OracleIMC-4535240

Google+: http://plus.google.com/+OracleIMC

partner webcast – oracle identity cloud service: introducing secure, on-demand identity management

Software