The following is intended to outline our general product ... · Access Management Directory...

The following is intended to outline our general

product direction. It is intended for information

purposes only, and may not be incorporated into any

contract. It is not a commitment to deliver any

material, code, or functionality, and should not be

relied upon in making purchasing decisions.

The development, release, and timing of any

features or functionality described for Oracle’s

products remains at the sole discretion of Oracle.

<Insert Picture Here>

Breaking Cloud Security Barriers with

Identity Management

Presenter’s Name

Presenter’s Title


Agenda

• Introduction

• Cloud Security Barriers

• Identity Management

• For Private Clouds

• For Public Clouds

• For Service Providers

• Why Oracle?

• Q&A

The Allure of Cloud Computing

• Pay As You Go

• Availability

• Flexibility

• Time To Value

• Simplicity

A New Paradigm

The Reality of Cloud ComputingRecent News Highlights


Agenda

• Introduction






• Why Oracle?

• Q&A

Key Barriers to Cloud ComputingSecurity, Compliance and Control

49%

77%

80%

Source: IDC Enterprise Panel, Sep 008

.

Percentage of IT that rates cloud services

hard to integrate with in house IT

Percentage of IT that rates regulatory

requirements as prohibitive in the cloud

Percentage of IT that believes bringing

cloud services back on premise is hard

87% Percentage of IT who rate security as a

challenge with Cloud Computing

Source: IDC Enterprise Panel, 3Q09

Private Cloud Public Cloud

• Sophisticated Security Attacks

• Privileged User Access

• Proliferation of Application Silos

• Jurisdictional Issues

• Vendor Lock-in

• Insider Threats

• Role-based Access Control

• Secure B2B Collaboration

• Compliance/Governance

• IT Agility

Cloud Security Challenges

Compliance Considerations in Cloud

• Regulations on the rise worldwide

• Severe penalties for non-compliance

• Jurisdictional challenges

• Loss of Governance

• Costly and unsustainable manual

processes

• Costs of audit, breach investigation,

remediation and notification can

quickly add up

40% Percent of IT budgets spent on addressing compliance mandates

! Report and audit

Cloud and Loss of Control Vendor Lock-In, Integration & Interoperability Challenges

Cloud Computing accelerates adoption of Apps but forces loss of controlCloud Computing accelerates adoption of apps but forces loss of control

Control

+

-

Provided

by Cloud

Built by

Cloud

Customer

Application(SaaS)

e.g. Oracle On Demand

Infrastructure(IaaS)

e.g. Amazon EC2

Provided

by Cloud

Built by

Cloud

Customer

Provided

by Cloud

Built by

Cloud

Customer

Platform(PaaS)

e.g. Google App Engine

Enterprise(ITaaS)

Built by

Cloud

Customer

Provided

by Cloud


Agenda

Introduction

Cloud Security Barriers

Identity Management

For Private Clouds

For Public Clouds

For Service Providers

Why Oracle?

Q&A

Private CloudsIdentity Management Considerations

• Integration of IAM into private cloud

IT infrastructure and applications

• Modular set of services for

managing access, identities,

provisioning, and entitlements.

• Compliance/Attestation, Analytics

• Self Service and Delegated

Administration

When it comes to private clouds, traditional silo’ed security solutions will not cut it.

Instead, delivering security solutions through a service model will help security

controls to adapt and protect information where needed” – Gartner 2010

IAM

Apps

Dept 2Dept 1

© 2010 Oracle Corporation

• Revolutionary architectural framework that leverages SOA and App Frameworks

• Delivers security functionality in a consistent, reusable service-oriented model

• Allows enterprise to leverage 3rd Party and Cloud-based Providers of Identity

Services in addition to rolling out their own

• Promotes loose coupling to ensure long term viability and heterogeneity of business

solutions

Oracle Identity Management Delivers

Service-Oriented Security

SaaS Apps

Partner Apps

Cloud IdMService Provider

Oracle IDM or In-house IDM provider

Oracle Fusion Apps

3rd Party Apps

Custom Apps

User Provisioning Service

Role Management Service

Identity DataServices

AuthenticationService

Authorization

ServiceFederation & Trust

Services


Oracle Platform Security Services (OPSS)Foundation for Service-Oriented Security

• Declarative Security Framework optimizes application lifecycle support

• Standards-based and Hot-Pluggable with Identity Management Systems

• Security Platform for Oracle Fusion Middleware and Fusion Apps

Oracle Platform Security Services

Roles & Entitlements

Authorization AuditingAuthentication User Provisioning

Policy Store Session Data Management

DirectoryServices

Identity Store, Credential Store, and Policy Store Providers

Access Management Directory ServicesIdentity Administration

Standards-based Interfaces

Oracle Identity Management

© 2010 Oracle Corporation – Proprietary and Confidential 15

Qualcomm Leverages Oracle’s Pioneering Work on Identity as a Service


• Access Applications from Anywhere

• Faster Deployment and Version Control on the Deployment Packages

• Automate Updates and Rollbacks

• Reduce Overall Deployment Costs

ESSO AnywhereRemote Client

Download

Access

Enterprise

Applications

Authenticate

Enterprise

ApplicationsCredential

Store

Validate

Oracle Enterprise SSO Suite PlusOn-Demand Client Install

© 2010 Oracle

Externalizing Authorization from AppsDistributed Fine-Grained Security Enforcement for Applications

Deploy Application

• Build application

App Owner

Fine-Grained Authorization Policy Enforcement

Portal Users

User Provisioning

Service

Role Mgmt Service

Directory

Service

Authentication

ServiceAuthorization

Service

Federation

Service


policies

Oracle WebLogic Suite-based Application Grid

Ora

cle

SO

A S

uit

e

Ora

cle

BP

M S

uit

e

Ora

cle

We

bC

en

ter

Shared Services Apps

• Modify Policies in response to evolving security mandates without any code changes

• Centralize Enforcement of Policies across all Apps with OES Admin UI

IT

Externalize Authorization Controls from App into XACML policies using OPSS API

App Owner

Public CloudsIdentity Considerations

IaaS

PaaS

SaaS

IaaS

PaaS

SaaS

Intranet Internet

• User lifecycle management for both on-premise and cloud apps

• Federated Authentication into the Cloud Apps Eco-system

• Sustainable Compliance

The Amazing Security Race

• Automated Provisioning and De-provisioning to Cloud Applications

• Self Service Registration to Cloud and On-Premise Applications

• Audit Reporting across On-Premise and Off-Premise Applications

Identity Administration

Self Registration

Provisioning

Integration Framework withAdapter Factory

Password Reset

Oracle Identity Manager


Self-Service Provisioning

New

Employee

HRMS Reconciliation

Engine

Identity

Store Access

PolicyWorkflow Connector

User

Group

New

Contractor

ApprovalSelf

Registration

SPML

CloudApplications

On-PremiseApplications

IdentityStore

Reconciliation

Engine

TerminatedEmployee

HRMS


ConnectorProvisioning

Workflow

Manual Task

Revoked On-Premise Applications

Revoked SaaSApplications

Automated De-Provisioning


Embry Riddle Aeronautical UniversityRelies on Oracle IDM to Manage Student Accounts in the Cloud

Business Affiliates/Subsidiaries

Employees/Partners/Customers SAML 1.x

SAML 2.0

Windows CardSpace

WS-Fed

OpenID

Oracle Identity Federation

• Seamless SSO between On-premise and Cloud Applications

• Standards-based Federation Enables Interoperability

• Accelerates on-boarding of partners and service providers

CloudApplications

On-PremiseApplications

Oracle Identity FederationFederated Single Sign-On


Oracle OpenSSO FedletSAML Enablement of Cloud Applications

Lightweight SP-only implementation of SAML 2.0 SSO protocols

Delivers a Flexible integration framework

Can be used by a Cloud App Provider to Federation-enable their appStandard-based cross-domain authentication and SSO

Standard-based attribute exchange with identity attribute mapping and filtering

Multi-Tenant

Fedlet

Cloud App

Fedlet

Partner App

Identity Provider

Oracle Identity Federation

3rd Party

Use Case: Attribute-based Federation

Identity Repository

Identity Provider(IDP)

Service Provider(SP)

Identity Repository

SP Application(s)Purchasing Manager(s)

SAML 2.0 Response (Purchasing Mgr)

A B

FEDERATION

NAME:

SCOTT TIGER

TITLE:

PURCHASING MGR

NAME:

SAM GREEN

TITLE:

PURCHASING MGR

IDP A TITLE:

PURCHASING MGR

SP ROLE:

CUSTOMER


Cloud Service ProvidersIdentity Management Considerations

• MSPs looking to offer IdM as a Service

• Requires: Multi-Tenancy, Federation

• Maintenance simplicity – Self Service, Delegated Admin

• May require higher identity assurance

• Enterprise Customers looking to outsource IdM

• Want to augment in-house IdM or replace parts of it

• IT Staff expertise is a challenge

•

Cloud IdM

Client Enterprise 1

Client Enterprise 2

MSP

British TelecomLeverages Oracle IDM to deliver Identity Services to Consumers


Agenda

• Introduction






• Why Oracle?

• Q&A

Identity Management with the Oracle Cloud

Platform

Application

Quality Mgmt

Configuration

Management

Application

Performance Mgmt

Lifecycle

Management

Physical & Virtual

Systems Mgmt

Ops Center

Infrastructure as a Service

Database Grid: Oracle Database, RAC, ASM, Partitioning,

IMDB Cache, Active Data Guard, Database Security

Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit

Platform as a Service

Integration:

SOA Suite

Security:

Identity Mgmt

Process Mgmt:

BPM Suite

User Interaction:

WebCenter

Oracle Apps3rd Party Apps ISV Apps

Applications

Oracle VM for x86

Operating Systems: Oracle Enterprise LinuxOracle LinuxOracle Solaris

Oracle VM for SPARC (LDom)Solaris Containers

Servers

Storage

Oracle Enterprise

Manager

Cloud Management

Hot Pluggable

Comprehensive, best-in-class solutions

Service-Oriented Security

Oracle Identity Management Differentiators


Oracle Identity Management OverviewComprehensive and Best-of-Breed

Identity

Administration

Access

Management

Directory

Services

• Roles based User Provisioning

• Self-Service Request & Approval

• Password Management

• Authentication & Fraud Prevention

• Single Sign-On & Federation

• Authorization & Entitlements

• Web Services Security

• Information Rights Management

• LDAP Storage

• Virtualized Identity Access

Identity Governance Platform Security

Analytics, Fraud Prevention, Privacy Controls Identity Services for Developers

33

Comprehensive Standards and Systems

Support

Leading Standards:

Innovate, Contribute, Implement

Support All Leading Applications

and Systems

ACF-2 & TSS

Summary


• Is comprehensive and open

• Is proven for real world

deployments

• Ensures reliable security for

private and public clouds

• Delivers Service-Oriented Security

• Is available for download today

For More Information

• www.oracle.com/identity

• bit.ly/idmcloud

Best-in-Class

http://www.oracle.com/identity

bit.ly/idmcloud

bit.ly/idmcloud


For More Information

oracle.com/Identity

search.oracle.com

or

Identity management

Cloud Security with Oracle Identity ManagementReal World Examples

• Offers Managed Identity Services including Managed Fraud Prevention and Identity Verification Services

• Federated Provisioning deployment spans hosted PeopleSoft hosted and on-premise apps

• Federated User Provisioning to Microsoft Live

• Offers Strong Authentication as a hosted service to customers

Alternate Customer Slide for

Cities without A/V Option

The following is intended to outline our general product ... · Access Management Directory...

Documents

Transcript of The following is intended to outline our general product ... · Access Management Directory...