con 8874 :securing oracle applications and the extended enterprise with oracle idm

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

Matthew BerzinskiPrinciple Product ManagerIdentity ManagementOctober 1, 2014

CON 8874:Securing Oracle Applications and the Extended Enterprise with Oracle IDMExtending and Enhancing the Integrated Identity Management Solution

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 3

Safe Harbor StatementThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.


Agenda

1

4

4

Sony PlayStation Customer Success Story

2

3

Digital Disruption and the Need for Change

AppAdvantage™: Enterprise Identity Management

Oracle Identity Management

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

BusinessTransformation

CAMPAIGNSCITIZEN SERVICES

HOSPITALITY & RESTURANTS

xaaS MOBILE AND SOCIAL

ONLINE HEALTHCARE

5

CUSTOMER DATA

CLOUD SERVICES

BYOD MOBILE BANKING

CUSTOMER SATISFACTION

LIFE INDUSTRIES

MINING & EXPLORATION

ORDERS

SHIPPING

CUSTOMER SATISFACTION

HELP DESK

MOBILE WORKFORCES

BUSINESS PROCESS

SALES

SOCIAL RETAIL

MANUFACTURING

PHARMACEUTICAL RESEARCH

FOOD SERVICES

SERVICES


• Banking & Finance

• State & Federal Govt

• Healthcare & Insurance

• Transportation & Automotive

• Education & Research

“All Industries in all geographies are undergoing radical digital disruption.

Meanwhile, the core of enterprise IT — infrastructure, applications such as ERP, information and sourcing — was built for the IT past and needs to be renovated for the digital future.”

Gartner: February 2014Taming the Digital Dragon: The 2014 CIO Agenda

Security Necessary to Transform

http://www.gartner.com/technology/reprints.do?id=1-1SHLATZ&ct=140331&st=sb

http://www.gartner.com/technology/reprints.do?id=1-1SHLATZ&ct=140331&st=sb


• Monolithic & Fragmented• Proprietary & Inconsistent• Un-auditable & Un-reportable• Costly & Complex

State of Application Security Today


THE GREAT RE-ARCHITECTURE TRANSFORM OR BE DISPLACED


Identity FragmentationDisconnected Identity Solutions Create Risks and Costs

User Mgt

User Mgt

SSO

User Mgt

SSO

SSO

Access CertFederation

AppEmbedded Identities

Basic SSO & Provisioning

AccessCertification

Federated Cloud Apps

MobileApps

LDAPLDAP LDAP

Custom Integrations

• BREACH OF CUSTOMER DATA

• INCONSISTENT ACCESS POLICIES

• COSTLY COMPLIANCE ENFORCEMENT


Next State of Application Security

PROCESS & DATASTANDARDIZATION

SERVICE & SKILLSREUSABILITY

SOCIAL ENABLEMENT

SHARED SERVICES

STRATEGIC SECURITY

FLEXIBLE MAINTENENCE

SCALABLE DEMAND

INCREASEDEFFICIENCIES

COSTREDUCTION

How New Requirements are Driving Technology

NEW APPLICATION

REQUIREMENTS


Authorization & Governance Secure Mobile & Cloud

Simplified ArchitectureSocial Sign-on

Single Sign-on

Five Transformational Principals


Agenda

1

4

12


2

3


AppAdvantage™: Enterprise Identity Management



IDENTITYMANAGEMENT

ACCESS: Seamless and Secure Access to Any App from Any Device

GOVERNANCE: Identify and Automate Who Has Access to What

DIRECTORY: Secure and Scalable Identity Repository

Enterprise Cloud Mobile


Oracle Identity ManagementUnifying Enterprise Identity Management

• Modular and Unified• Best of Breed• Internet/Mobile Scale• Open Standards• Context Aware Risk Management



Mobile Security

Access Management

Governance• Access Request• Access Governance• Automated Provisioning• Privileged Account Management

Directory• Enterprise Directory• Cloud/Mobile App Directory• Virtual Directory

• Authentication• Authorization• Audit• Federation

• Mobile App Management• Mobile Access Management• API Security• Mobile Authenticator


Agenda

1

4

16


2

3


AppAdvantage™: Enterprise Identity Management:



SaaS

Deliver business agility and enable secure end-to-end

business transactions across applications in the

cloud and on-premise

Oracle’s Layered Framework: AppAdvantage

SaaS

Standardize and Consolidate Enterprise Applications while creating a common Integration and Security Layer

Enable a secured, unified digital experience with anyone, from

anywhere, at anytime, from any device

Improve performance and uptime while reducing operational complexity and costs.


SaaS

Enterprise Identity Management: AppAdvantage

SaaS

Enable a secured, unified digital experience with anyone, from

anywhere, at anytime, from any device


Secure Unified Digital Experience

SAML

Federated

OpenID

Identity Provided

OAuth

Social Sign-on


Reduced Operational Complexity

COST

CONSOLE

PATCHING

DEPLOY

PROVISION

CENTRALIZEDREPOSITORY

UNIFIED CONSOLE FOR ALL APPLICATIONS

CENTRALIZED EVENT REPOSITORY

48% COST SAVINGS

ONE SECURITY FRAMEWORK FOR PATCHING

PLUG IN NEW APPLICATIONS AND APPLY POLICY

UNIFIED PLATFORM FOR APPLYING THE SAME IDENTITY ACROSS ALL APPLICATIONS

Source: Aberdeen “Analyzing Point Solutions vs. Platform” 2011


WebCenter Suite

Service IntegrationId

entit

y an

d Ac

cess

M

anag

emen

t

Enterprise Mobility

CustomersPartners Employees

Data Integration

Legacy, ISV

Business Process Management

IDM for the Enterprise

• Enable multi channel access

• Provide a unified Portal for customers, partners and employees

• Integrate applications using the common Integration and Security platform

• Manage cross enterprise business processes

• Provide consistent role management, SSO and governance

• Interoperate with multiple applications

Enable a secured, unified and informed digital experience with anyone, from anywhere,

at anytime, from any device


Business Benefits

Automated customer, partner and employee interactions spanning multiple applications• Reduced costs through reduction/elimination in manual handling and IVR • Enhanced customer experience from open access to unified information and immediate responsiveness

MultiChannel Access from Anywhere at Anytime from Any Device• Leverage existing skills & infrastructure by adopting a single mobile platform across multiple enterprise

apps and extend to any device.• Unified user experience across multiple types of devices

Enterprise-wide Identity and Access Management• Streamlined user experience with SSO through Cross Enterprise Authentication and Authorization• Single view of the customer across all channels

Subsequent Marketing Value of Customer Experience• Directly influence future behavior through a 360° view of the customer.• Unified market view for trend analysis, buying patterns, etc.

IDM for the Enterprise


Agenda

1

4

23

Sony Playstation Customer Success Story

2

3


Oracle’s Layered Framework: AppAdvantage™

Multi Tiered Applications

Simeio SolutionsIDENTITY: SECURE, INTELLIGENT, MANAGED

Securing Oracle Applications and the Extended Enterprise with Identity Management [CON8874]

25

• Sony Computer Entertainment America:– Division of Sony Corporation established in 1994.

– Responsible for PlayStation brand in United States, Canada, and Latin America for PS2, PS3, PSVita, and PS4.

– 20% of US Population own PlayStation products

PS3 PS2 PSN PS VitaPS4

Company Overview

26

Sony Protecting Sony

At start of IdM adoption, focus for SCEA was to mature from a product-oriented organization to a consumer-oriented organization.

• Historical State– Manual user on-boarding process via emails; – Inefficient user ID generation process; – Cumbersome manual process for user termination and user updates; – Manual user off-boarding had inconsistent communications from HR to the helpdesk; – No centralized SSO authentication; – Manual quarterly SoD check process to produce Audit Reports; – Lack of preventative controls; – Process of account generation was carried in silos by the application

26

27

Sony Protecting Sony

• Business Benefits realized with IdM Platform– Regular scans to detect SoD violations; Real-time SOD checks when

responsibilities are provisioned to EBS; – Enabled automated zero-day provisioning to onboarding and business

applications; one-stop management of applications, SOA components and databases with advanced dash-boarding;

– Quick turn around time from helpdesk support – from a few days to a few minutes; Reduction in number of help desk support calls from 300 to about 30 per month; Ease of administrating access across multiple applications

27

Outcomes

SCEA END-TO-END IDENTITY & ACCESS MANAGEMENT

Darren Calman

Web SSO

AuthenticationStore

Authorization

Identity Federation

Mobile Security

Social Identity

Access Management

Identity Administration

HR

Source

Role & Rule Based

New Hires, Transfers &Terminations

Order Mgmt

Price Mgmt

Financials

iProjects

Return Mgmt

CompensationAdvance Inventory Planning

ReplenishmentOptimization

Value ChainAllocation

Sourcing

Connected Target Systems

AccessGovernance

Real-Time SoD Checks

Preventative

Detective

SoD Detection

SoD Remediation

29

Next Steps

• Rollout of Identity Management Analytics • Mobile Solution identity management• Leverage the framework to authenticate/authorize other native

applications

30

How did we go about it?

• Executive Sponsorship • Change Management• Training• IT Governance • Chose Right Product & Implementation partner – Oracle/Simeio Solutions

• Leading Provider of IAM and IT Security Solutions» Identity & Access Management / Governance» IT Governance, Risk and Compliance» Global Reach

Over 10 Million Identities Managed

About Simeio Solutions

31

Experience is Key to Success

• A typical enterprise undertakes one IdM project every decade» ….and will see project team turnover several times from the initial engagement

• A leading services organization will have engaged on 100s of IdM projects» We’ve seen it all. We can help you get the business value out of your IdM investment

32

OR

Closing Thoughts

• More organizations are viewing IAM as a business enabler» Improve the end-user experience or they will seek alternatives.

• The “value” of IAM increases as more Apps are managed» A more holistic view of your security posture comes into play as you bring more applications under management.

• Hybrid: Cloud and On-Premise Applications» While applications continue to move to the cloud, there will always be apps that reside on-prem. An IAM solution

will need to integrate with both.

• Let business priorities drive your roadmap» A sound IAM foundation should be flexible enough to keep pace with customer and market demands.

• Technology is only one piece of the puzzle» People, processes, and experience are key elements of any successful IdM solution.

33

34

Our Global Service Team

For more information contact:

Naynesh Patel, Sr. Partner | [email protected] | +1-404-492-9731


Q&A Session

35


Identity Management Sessions Of InterestSession When

Securing the New Perimeter: Strategies for Mobile Application Security Tues, 9/30 @ 10:45am

Identity as a Service: Extend Enterprise Controls and Identity to the Cloud Tues, 9/30 @ 3:45pm

Customer Success Stories: How to Eliminate the Blind Spots in Enterprise Wed, 10/1 @ 10:45am

Beyond Brute Force: Strategies for Securely Leveraging Mobile Devices Wed, 10/1 @ 3:30pm

Architecting a Complete Access Solution for the Cloud Economy Thurs, 10/2 @ 1:15pm


2014

ORACLE FUSION MIDDLEWARE INNOVATION

ORACLE FUSION MIDDLEWARE:CELEBRATE THIS YEAR'S MOST INNOVATIVE CUSTOMER SOLUTIONS

Innovation Awards Ceremony set for: Tuesday, September 30, 2014 5:00-5:45pm in the LAM Research Theater (Session ID: CON7029)

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 38

Complimentary eBook Register Now

www.mhprofessional.com/mobsec

http://www.mhprofessional.com/mobsec

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 39

Join the Community

Twittertwitter.com/OracleIDM

Facebookfacebook.com/OracleIDM

Oracle BlogsBlogs.oracle.com/OracleIDM

Oracle IdM Websiteoracle.com/Identity

con 8874 :securing oracle applications and the extended enterprise with oracle idm

Documents

oracle andor

oracle idmextending

safe harbor statements

safe harbor slides

securing oracle applications

safe harbor statementthe

sole discretion of oracle

safe harbor statement