<Insert Picture Here>

Enterprise Security Architecture:From access to auditKamal TbeilehDatabase Security Architecture

Agenda

• Business Challenges• IT Challenges• Defense in-depth architecture• Q&A

Changing Business ClimateChallenges Our Customers Face…

"In a time of accelerating turbulence, the valuation of a company will be strongly

affected by how it executes change."

Today’s IT Challenges

More Agile Business• More access to employees, customers & partners• Higher level of B2B integrations• Faster reaction to changing requirements

More Secured Business• Identity theft• Intellectual property theft• Insider threats

More Compliant Business• Increasing regulatory demands• Increasing privacy concerns• Business viability concerns

IT Governance

Supply ChainSupply ChainTraceabilityTraceability

Service LevelService LevelComplianceCompliance

FinancialReporting

Compliance

Compliance &Compliance &Ethics ProgramsEthics Programs

Audit Audit ManagementManagement

Data Privacy

RecordsRetention

LegalLegalDiscoveryDiscovery

AntiAnti--MoneyMoneyLaunderingLaundering

Apps Server

Data Warehouse Database Mainframes Mobile DevicesEnterprise

Applications

Systems

Globalization

Users

LegalFinance HRSalesSuppliers CustomersR&D Mfg

Mandates SOXSOX JSOXJSOX FDAFDA Basel IIBasel IIEU Directives

EU Directives HIPAAHIPAA GLBAGLBA PCI…PCI…Patriot

ActPatriot

Act SB1386SB1386

Today’s “New Normal”Users, Systems, Globalization and Compliance Forced Complexity

Security for Apps, Middleware, Data and InfrastructureComprehensive ‘Defense in Depth’ Approach

Database andInfrastructure

Middleware

Applications

Mon

itoring an

d Con

figuration

Mon

itoring an

d Con

figuration

Enterprise V

isibilityEn

terprise Visibility

Automated ControlsAutomated Controls

Access to Business ServicesAccess to Business Services

Lower Cost of User LifecycleLower Cost of User Lifecycle

Data Protection and PrivacyData Protection and Privacy

Unbreakable LinuxUnbreakable Linux

7Copyright © 2008, Oracle and/or its affiliates. All rights reserved.

Enterprise Security Reference Architecture

Oracle Security Components

Access Manager

Identity Manager

Directory Services

Advanced Security Option

Audit VaultDatabase Vault

ApplicationsE-Business Suite, PeopleSoft, Siebel, Hyperion, JDE

SAP, Custom, LegacyEnterprise M

anager

Identity and

Access Management

Data Security

IdentityFederation

Web ServiceManager

Label Security

Information Rights Management

A Typical Environment…

Presentation Tier

DataTier

Logic (Business)

Tier

Solution: Centralize and Simplify Access

SSO Enabled Applications

Solution: Simplify Access to Multiple Datastores…

Solution: Simplify Employee to Business Partner Login

SSO + Federation-Enabled Apps

Oracle Database Security Components

Protect Data in Motion

5

Protect Data from View and Alteration

as well as Insider Threat using

Database Vault

with Network

Encryption using Advanced Security

Option

Securely Backup Data To Tape with Secure Backup

Protect User and Sensitive Data at Rest by Encrypting Database

Columns using Advanced Security Option

Select SALARY from USERS;

Alter table ….Operational

DBA

SMITH 345-67-8912SCOTT 987-65-4321KING 123-45-6789

$ 53,700$229,500$125,000

LNAME SSN SALARY

Select SALARY from users;

Alter system.Alter table..

X

Operational DBA

Database Vault

X

Business Application

* Example roles and privsConsolidate Audit Data &

Show Reports using Audit Vault

Enterprise Applications

BusinessApps

PortalsEmailCustomApps

Helpdesk

SMITH 9876-5432-1987SCOTT 2345-6789-4321KING 1234-5678-9123

01-201109-201204-2010

LNAME CREDIT_CARD EXP_DATE

FMW Security as a Service

Oracle IAM Suite with Identity Services Framework

Identity ProviderProvisioningAuthentication

Virtualization & User Store

WS-*, SPML, SAML, XACML, CARML

Audit

Legacy Integration InterfaceConnectors, Agents

Federation & Trust

Policy & Orchestration

OracleFusion

Applications& Middleware

3rd PartyISF Aware

Applications

Legacy Applications

UserManagement

AuthenticationAuthorization

Federation

Business Functions

BusinessFunctions

BusinessFunctions

CustomDevelopedISF Aware

Applications

BusinessFunctions

AdministrationAuthorization Role Provider

Identity Services

Enterprise Identity Management Infrastructure

Service Interfaces

Oracle Enterprise Security Summary

Identity And Access Management

Data Security

User Management

Access Management

Directory Management

Platform Security Identity Audit

Multi-level Access Control EncryptionMonitoring & AlertDBA Security

Operating System Security

Authentication Service User Management

Governance Risk Compliance

Policy & Process Management

Enterprise Control

Compliance Analysis & Reporting

Audit Automation

Information Rights

Application Security

For More Information

search.oracle.com

Security

ororacle.com