enterprise security architecture: from access to audit
DESCRIPTION
As presented by Kamal Tbeileh at OTN Architect Day, Redwood Shores, CA, 7/22/09. Find an OTN Architect Day event near you: http://www.oracle.com/technology/architect/archday.html Interact with Architect Day presenters and participants on Oracle Mix: https://mix.oracle.com/groups/15511TRANSCRIPT
<Insert Picture Here>
Enterprise Security Architecture:From access to auditKamal TbeilehDatabase Security Architecture
Agenda
• Business Challenges• IT Challenges• Defense in-depth architecture• Q&A
Changing Business ClimateChallenges Our Customers Face…
"In a time of accelerating turbulence, the valuation of a company will be strongly
affected by how it executes change."
Today’s IT Challenges
More Agile Business• More access to employees, customers & partners• Higher level of B2B integrations• Faster reaction to changing requirements
More Secured Business• Identity theft• Intellectual property theft• Insider threats
More Compliant Business• Increasing regulatory demands• Increasing privacy concerns• Business viability concerns
IT Governance
Supply ChainSupply ChainTraceabilityTraceability
Service LevelService LevelComplianceCompliance
FinancialReporting
Compliance
Compliance &Compliance &Ethics ProgramsEthics Programs
Audit Audit ManagementManagement
Data Privacy
RecordsRetention
LegalLegalDiscoveryDiscovery
AntiAnti--MoneyMoneyLaunderingLaundering
Apps Server
Data Warehouse Database Mainframes Mobile DevicesEnterprise
Applications
Systems
Globalization
Users
LegalFinance HRSalesSuppliers CustomersR&D Mfg
Mandates SOXSOX JSOXJSOX FDAFDA Basel IIBasel IIEU Directives
EU Directives HIPAAHIPAA GLBAGLBA PCI…PCI…Patriot
ActPatriot
Act SB1386SB1386
Today’s “New Normal”Users, Systems, Globalization and Compliance Forced Complexity
Security for Apps, Middleware, Data and InfrastructureComprehensive ‘Defense in Depth’ Approach
Database andInfrastructure
Middleware
Applications
Mon
itoring an
d Con
figuration
Mon
itoring an
d Con
figuration
Enterprise V
isibilityEn
terprise Visibility
Automated ControlsAutomated Controls
Access to Business ServicesAccess to Business Services
Lower Cost of User LifecycleLower Cost of User Lifecycle
Data Protection and PrivacyData Protection and Privacy
Unbreakable LinuxUnbreakable Linux
7Copyright © 2008, Oracle and/or its affiliates. All rights reserved.
Enterprise Security Reference Architecture
Oracle Security Components
Access Manager
Identity Manager
Directory Services
Advanced Security Option
Audit VaultDatabase Vault
ApplicationsE-Business Suite, PeopleSoft, Siebel, Hyperion, JDE
SAP, Custom, LegacyEnterprise M
anager
Identity and
Access Management
Data Security
IdentityFederation
Web ServiceManager
Label Security
Information Rights Management
A Typical Environment…
Presentation Tier
DataTier
Logic (Business)
Tier
Solution: Centralize and Simplify Access
SSO Enabled Applications
Solution: Simplify Access to Multiple Datastores…
Solution: Simplify Employee to Business Partner Login
SSO + Federation-Enabled Apps
Oracle Database Security Components
Protect Data in Motion
5
Protect Data from View and Alteration
as well as Insider Threat using
Database Vault
with Network
Encryption using Advanced Security
Option
Securely Backup Data To Tape with Secure Backup
Protect User and Sensitive Data at Rest by Encrypting Database
Columns using Advanced Security Option
Select SALARY from USERS;
Alter table ….Operational
DBA
SMITH 345-67-8912SCOTT 987-65-4321KING 123-45-6789
$ 53,700$229,500$125,000
LNAME SSN SALARY
Select SALARY from users;
Alter system.Alter table..
X
Operational DBA
Database Vault
X
Business Application
* Example roles and privsConsolidate Audit Data &
Show Reports using Audit Vault
Enterprise Applications
BusinessApps
PortalsEmailCustomApps
Helpdesk
SMITH 9876-5432-1987SCOTT 2345-6789-4321KING 1234-5678-9123
01-201109-201204-2010
LNAME CREDIT_CARD EXP_DATE
FMW Security as a Service
Oracle IAM Suite with Identity Services Framework
Identity ProviderProvisioningAuthentication
Virtualization & User Store
WS-*, SPML, SAML, XACML, CARML
Audit
Legacy Integration InterfaceConnectors, Agents
Federation & Trust
Policy & Orchestration
OracleFusion
Applications& Middleware
3rd PartyISF Aware
Applications
Legacy Applications
UserManagement
AuthenticationAuthorization
Federation
Business Functions
BusinessFunctions
BusinessFunctions
CustomDevelopedISF Aware
Applications
BusinessFunctions
AdministrationAuthorization Role Provider
Identity Services
Enterprise Identity Management Infrastructure
Service Interfaces
Oracle Enterprise Security Summary
Identity And Access Management
Data Security
User Management
Access Management
Directory Management
Platform Security Identity Audit
Multi-level Access Control EncryptionMonitoring & AlertDBA Security
Operating System Security
Authentication Service User Management
Governance Risk Compliance
Policy & Process Management
Enterprise Control
Compliance Analysis & Reporting
Audit Automation
Information Rights
Application Security
For More Information
search.oracle.com
Security
ororacle.com