<Insert Picture Here>

Oracle Identity And Access Management

Kwesi Edwards Principal Industry Architect, Team Lead Oracle Higher

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracles products remain at the sole discretion of Oracle.

Agenda
Introduction Current state on Campus How can IDM help Oracles IDM Solution Product strategy and roadmap Commitment to our customers

5 Questions:
to ask your Chief Security Officer
How do you control access to your sensitive apps?
Usernames and passwords, HW Tokens.

What determines your employees access?

Give Alice whatever Wally has

Who is the most privileged user?

3 time summer intern?

How secure is your identity data?

It is in 18 different secured stores.

How much are manual compliance controls costing?

Dont ask!

Next Generation Security Challenges

Auditors & Regulators

Identity Thieves

Rogue Employees

Privileged Users

Next Generation Security Solutions

Auditors & Regulators

Identity Thieves

Rogue Employees

Privileged Users

State Of Security on Campus

Incomplete
Multiple point solutions from many vendors Disparate technologies that dont work together

Complex
Repeated point-to-point integrations Mostly manual operations

Non-compliant
Difficult to enforce consistent set of policies Difficult to measure compliance with those policies

User un-friendly
Solutions not user-centric but technology-centric Processes not end-user friendly

Its A Risky Business

Date
1/14/2008 1/23/2008 1/29/2008 2/12/2008 3/28/2008 4/4/2008 4/17/2008 5/4/2008 5/14/08 6/6/2008 6/10/2008 8/18/2008 11/12/2008 2/13/2009 2/19/2009 3/11/2009 Baylor University Georgetown Univ Long Island Univ Antioch Univ Univ of CA Irvine Univ of Miami Staten Island Univ Hospital Oklahoma State University Stanford Univ University of Utah Hospitals and Clinics The Princeton Review Univ of Florida University of Alabama Univ of Florida Binghamton Univ

Institution
Univ of Wisc Madison

State
WI TX DC NY OH CA FL NY OK CA UT NY FL AL FL NY

Incident
Accident Hacking Stolen Accident Hacking Stolen Stolen Stolen Hacking Stolen Stolen Accident Hacking Hacking Hacking Accident

Number
39,535 39,535 38,000 30,000 70,000 7,000 2,100,000 88,000 70,000 72,000 2,200,000 108,000 330,000 37,000 97,200 100,000

5/7/2009

University of California - Berkeley

CA

Hacking

160,000

Security Incidents by type

Higher Ed # Incidents by Type 2005 2009
Accident Hacking Lost
Higher Ed SSN Qty Breach by Type 2005 - 2009

81 13 107

78

Stolen
Accident
943,277 5,985,297

Hacking
5,230,278

Lost Stolen
440,178

Identity Threats
Identity Theft
Consumers hesitate to embrace on-line self service Stolen identity and credit cards used to pay for on-line purchases

Fragmented Application Security

Too Many privileged users Silod and fragmented disjointed Security

Data Center Security

Administer 100s of Data stores

How Can Identity Management Help?

Enforce Strong And Granular Security Policies
Enforce strong password policies via synchronization or single sign-on (SSO)

Implement strong authentication and risk based authorization for critical apps and web services Enforce minimal access rights based on roles, attributes, and requests Leverage federation technologies for cross-domain SSO

How Can Identity Management Help?

Establish Enterprise Identity & Roles
Consolidate or virtualize multiple, complex identity environments to a single enterprise identity source Automate linkage of employee records with user accounts Establish enterprise roles for automation, compliance and business continuity Eliminate rogue and orphaned accounts

? X

How Can Identity Management Help?

Scalable Security And Administration For Higher Ed.
Deploy self-registration and self-service to reduce help desk cost and improve service level Manage the rich role information for a highly dynamic user base with multiple affiliations Implement on-boarding and off-boarding automation to deal with activity level driven by academic calendar Deploy secured identity repository to ensure user privacy and HIPAA compliance

How Can Identity Management Help?

Guarantee Patient Privacy For Healthcare
Deploy secured storage and control processes to guard patients data privacy Deploy audit and control mechanisms to ensure cost effective compliance to HIPAA Implement access control to ensure the security of shared workstations for single sign-on and sign-off Enable self-service and automated application provisioning for mobile healthcare workers

Oracle Enterprise Software

Complete Open Integrated

Comprehensive Industry Portfolio

Standards-Based Architecture

Designed to Work Together

More Value Less Complexity

More Choice Less Risk

More Flexibility Less Cost

Key Oracle Differentiators

Complete suite of best-of-breed products Proven for large scale deployments

Best long-term investment

Comprehensive IdM Solutions

Identity Admin.
Role management Role mining Relationship management

Access Management
Identity Management 2.0
Strong authentication Risk based authorization Fine grained entitlements Web Services security

Directory Services
Identity virtualization

Core Platform
Identity lifecycle Organization lifecycle Provisioning & Reconciliation Password management Authentication Authorization Single sign-on Federation LDAP storage LDAP synchronization OS authentication

Audit & Compliance

Audit Reporting Analytics Fraud Attestation Segregation of duties

Manageability
Service level Configuration Performance Automation

Oracles Identity Management Suite

Identity Admin. Access Management
Identity Management 2.0 Role Manager Adaptive Access Manager Entitlements Server Web Services Manager Core Platform Virtual Directory

Directory Services

Identity Manager

Access Manager
Identity Federation Enterprise Single Sign-On

Internet Directory
Authentication Service for OS

Audit & Compliance

Identity Management Suite

Manageability
Enterprise Manager IdM Pack

Access Control & Single Sign-On

Single sign-on w/ Federation Directory synchronization HRMS Oracle Internet LDAP Directory Personalization For internal and external users Oracle eSSO Suite Oracle Access Manager

AD
Contractor Oracle Identity Federation

Student Staff User

Access Management Run-Time

Authentication, Authorization, SSO, Federation

User Web SSO eSSO

Web Applications Policy Management

Authentication Session Management

Authorization Legacy Applications Fraud Monitoring Risk Profiling Federation & Trust Access Audit Partner Applications & Web Services

Web Service

Oracle Access Manager

Policy Enforcement Points (PEP)

Authentication & Authorization Request

WebGates Applications

End User
Delegated Admin AccessGates Authentication & Authorization Decisions User Data Policy Data Identity & Group Lifecycle Management Configuration Data Policy Manager Policy Decision Engine

OAM Identity Server

LDAP Store

OAM Access Server

Self-Service
Self-service and self-registration

Delegated administration
Password reset HRMS LDAP For internal and external users Oracle Identity Manager

AD
Contractor

Student Approver Staff

Provisioning
ERP E-Mail Device Mainframe DB Oracle Identity Manager

Partner Admin

Role Based Policy

User Provisioning
Workflow Rogue Account Detection Customer Approver Internal User

Compliant Role Based Provisioning

Align access to University roles ERP E-Mail Automated & auditable attestation Enforce SoD policies

Mainframe
DB Attester

Oracle Provisioning Identity Platform Manager

Oracle SoD Policy Application Engine Access Controls Governor Role Management Oracle Role Manager SIS/HRM S

Identity Admin. Lifecycle Management

Provisioning, Role Management, Self-Service
Delegated Administration Identity Audit

Password Sync. Applications

HRMS Identity Reconciliation Identity & Role Lifecycle Management

Account Provisioning Infrastructure

CRM

Account Reconciliation Self-Service Self-Registration DB

LDAP

IDM Provisioning for PSFT

Identity Theft Protection

Mutual authentication Knowledge based authentication Key-logger-proof devices

New Purchase Oracle Adaptive Access Manager

Secure Mutual Authentication

Device & Geo-location Forensics

Account Management

Fraud analytics
Transaction monitoring Device & location tracking Behavior profiling

Scalable, Secured & Agile Infrastructure

DBAs

AD

Enterprise User Security Centralized Management of DBAs

LDAP

Integration with Active Directory

LDAP SoD for Privileged DBA Access

Oracle Virtual Directory

DB Vault Finance DBA HR

App A

Finance CRM App B CRM DBA

Directory Services Infrastructure

Identity Virtualization And Consolidation

HRMS

Virtual Schema 1 Applications Virtual Schema N

CRM Schema Aggregation Schema Transformation Schema Mapping Data Synchronization Internal LDAP Aggregated Schema Meta Directory External LDAP Applications

IdM And Data Security

Enterprise User Security (EUS)
OVD enables EUS to run on Active Directory, SunOne, and OID OIM further enables centralized DB user admin via EUS ORM IT role management extends EUS role managment

Database Vault
OIM provisions standard DB user + DB Vault privileges DB Vault is used to protect DBA access to sensitive IdM data

Transparent Data Encryption (TDE)

TDE encrypts data transparently for OID, OIM and ORM

Complete Enterprise Control

GRC Process Management Policy Repository Evidence Management Control Testing GRC Application Controls Risk & Compliance Reporting Identity Management

Controls Monitoring & Enforcement

Best Practice Controls & Policies Privilege Level SOD Contextual SOD Authorization

User On-Boarding Lifecycle Mgmt.

Account Provisioning & Remediation Access & Role Attestation Authentication, Authorization, SSO

Business Applications

Apps, Systems & Data Repositories

Leader in

Magic Quadrants

Oracle assumes the No. 1 position

- Earl Perkins, Perry Carpenter, Aug. 15 2008 (Research G00159740)

User Provisioning, H2 2008

Web Access Management, H2 2008

Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Standards Support
Contribute and lead
SSTC (SAML Working Group) - Co-Chair Liberty Alliance - President, Board Member WSS, WS-SX (Web Services Security), JCP - Author SPML - Author XACML Voting member

Implement
Accelerate product development Simplify product integration & minimize TCO

Innovate
Enable Identity Governance Framework: CARML, AAPML Standards for end-to-end security

Looking Ahead
Oracle will broaden security product portfolio
Security is not just another line of business for Oracle Security is strategic to Oracles entire product portfolio Emerging areas: entitlement management, fraud, privacy, governance, risk management etc.

From security silos to built-in security

Built into enterprise applications, middleware, DB, OS Identity Services Framework

Project Fusion
Single security model across Enterprise Applications Suite Enforced uniformly at all parts of technology infrastructure Across entire life-cycle from development to maintenance

Oracle IdMs Customer Focus

Customer Advisory Board
Collaboration with strategic customers on product roadmap and technology directions

Security Executive Forum

C-level executive helps to validate Oracles strategy and drive future investments Past attendees: Bank of America, British Telecom, Franklin Templeton, JP Morgan Chase, Network Appliance, Royal Bank of Scotland, The Hartford, T-Mobile, Toyota, Wachovia, .

Best post-sale support in the industry

Product management sponsorship to ensure every deployment and every upgrade is a success Strong track record of customer upgrade success

Customer Advisory Board

Share, Communicate, Partner

Oracles Identity Management Strategy

Identity Services Framework Develop Deploy FMW Technologies Operate

Complete solution
Integrated suite of best-of-breed components Each component individually deployable

Application centric
Integrated with business applications Integrated to application life cycle

Hot-pluggable
Standards-based Works across leading platforms

For More Information

search.oracle.com
Identity management

or oracle.com