h6547 Storage Provisioning v Max Auto Provisioning Groups Wp
The following is intended to outline our general product ... · Access Management Directory...
Transcript of The following is intended to outline our general product ... · Access Management Directory...
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
<Insert Picture Here>
Breaking Cloud Security Barriers with
Identity Management
Presenter’s Name
Presenter’s Title
<Insert Picture Here>
Agenda
• Introduction
• Cloud Security Barriers
• Identity Management
• For Private Clouds
• For Public Clouds
• For Service Providers
• Why Oracle?
• Q&A
The Allure of Cloud Computing
• Pay As You Go
• Availability
• Flexibility
• Time To Value
• Simplicity
A New Paradigm
The Reality of Cloud ComputingRecent News Highlights
<Insert Picture Here>
Agenda
• Introduction
• Cloud Security Barriers
• Identity Management
• For Private Clouds
• For Public Clouds
• For Service Providers
• Why Oracle?
• Q&A
Key Barriers to Cloud ComputingSecurity, Compliance and Control
49%
77%
80%
Source: IDC Enterprise Panel, Sep 008
.
Percentage of IT that rates cloud services
hard to integrate with in house IT
Percentage of IT that rates regulatory
requirements as prohibitive in the cloud
Percentage of IT that believes bringing
cloud services back on premise is hard
87% Percentage of IT who rate security as a
challenge with Cloud Computing
Source: IDC Enterprise Panel, 3Q09
Private Cloud Public Cloud
• Sophisticated Security Attacks
• Privileged User Access
• Proliferation of Application Silos
• Jurisdictional Issues
• Vendor Lock-in
• Insider Threats
• Role-based Access Control
• Secure B2B Collaboration
• Compliance/Governance
• IT Agility
Cloud Security Challenges
Compliance Considerations in Cloud
• Regulations on the rise worldwide
• Severe penalties for non-compliance
• Jurisdictional challenges
• Loss of Governance
• Costly and unsustainable manual
processes
• Costs of audit, breach investigation,
remediation and notification can
quickly add up
40% Percent of IT budgets spent on addressing compliance mandates
! Report and audit
Cloud and Loss of Control Vendor Lock-In, Integration & Interoperability Challenges
Cloud Computing accelerates adoption of Apps but forces loss of controlCloud Computing accelerates adoption of apps but forces loss of control
Control
+
-
Provided
by Cloud
Built by
Cloud
Customer
Application(SaaS)
e.g. Oracle On Demand
Infrastructure(IaaS)
e.g. Amazon EC2
Provided
by Cloud
Built by
Cloud
Customer
Provided
by Cloud
Built by
Cloud
Customer
Platform(PaaS)
e.g. Google App Engine
Enterprise(ITaaS)
Built by
Cloud
Customer
Provided
by Cloud
<Insert Picture Here>
Agenda
Introduction
Cloud Security Barriers
Identity Management
For Private Clouds
For Public Clouds
For Service Providers
Why Oracle?
Q&A
Private CloudsIdentity Management Considerations
• Integration of IAM into private cloud
IT infrastructure and applications
• Modular set of services for
managing access, identities,
provisioning, and entitlements.
• Compliance/Attestation, Analytics
• Self Service and Delegated
Administration
When it comes to private clouds, traditional silo’ed security solutions will not cut it.
Instead, delivering security solutions through a service model will help security
controls to adapt and protect information where needed” – Gartner 2010
IAM
Apps
Dept 2Dept 1
© 2010 Oracle Corporation
• Revolutionary architectural framework that leverages SOA and App Frameworks
• Delivers security functionality in a consistent, reusable service-oriented model
• Allows enterprise to leverage 3rd Party and Cloud-based Providers of Identity
Services in addition to rolling out their own
• Promotes loose coupling to ensure long term viability and heterogeneity of business
solutions
Oracle Identity Management Delivers
Service-Oriented Security
SaaS Apps
Partner Apps
Cloud IdMService Provider
Oracle IDM or In-house IDM provider
Oracle Fusion Apps
3rd Party Apps
Custom Apps
User Provisioning Service
Role Management Service
Identity DataServices
AuthenticationService
Authorization
ServiceFederation & Trust
Services
© 2010 Oracle Corporation
Oracle Platform Security Services (OPSS)Foundation for Service-Oriented Security
• Declarative Security Framework optimizes application lifecycle support
• Standards-based and Hot-Pluggable with Identity Management Systems
• Security Platform for Oracle Fusion Middleware and Fusion Apps
Oracle Platform Security Services
Roles & Entitlements
Authorization AuditingAuthentication User Provisioning
Policy Store Session Data Management
DirectoryServices
Identity Store, Credential Store, and Policy Store Providers
Access Management Directory ServicesIdentity Administration
Standards-based Interfaces
Oracle Identity Management
© 2010 Oracle Corporation – Proprietary and Confidential 15
Qualcomm Leverages Oracle’s Pioneering Work on Identity as a Service
© 2010 Oracle Corporation
• Access Applications from Anywhere
• Faster Deployment and Version Control on the Deployment Packages
• Automate Updates and Rollbacks
• Reduce Overall Deployment Costs
ESSO AnywhereRemote Client
Download
Access
Enterprise
Applications
Authenticate
Enterprise
ApplicationsCredential
Store
Validate
Oracle Enterprise SSO Suite PlusOn-Demand Client Install
© 2010 Oracle
Externalizing Authorization from AppsDistributed Fine-Grained Security Enforcement for Applications
Deploy Application
• Build application
App Owner
Fine-Grained Authorization Policy Enforcement
Portal Users
User Provisioning
Service
Role Mgmt Service
Directory
Service
Authentication
ServiceAuthorization
Service
Federation
Service
Oracle Identity Management
policies
Oracle WebLogic Suite-based Application Grid
Ora
cle
SO
A S
uit
e
Ora
cle
BP
M S
uit
e
Ora
cle
We
bC
en
ter
Shared Services Apps
• Modify Policies in response to evolving security mandates without any code changes
• Centralize Enforcement of Policies across all Apps with OES Admin UI
IT
Externalize Authorization Controls from App into XACML policies using OPSS API
App Owner
Public CloudsIdentity Considerations
IaaS
PaaS
SaaS
IaaS
PaaS
SaaS
Intranet Internet
• User lifecycle management for both on-premise and cloud apps
• Federated Authentication into the Cloud Apps Eco-system
• Sustainable Compliance
The Amazing Security Race
• Automated Provisioning and De-provisioning to Cloud Applications
• Self Service Registration to Cloud and On-Premise Applications
• Audit Reporting across On-Premise and Off-Premise Applications
Identity Administration
Self Registration
Provisioning
Integration Framework withAdapter Factory
Password Reset
Oracle Identity Manager
Oracle Identity Manager
Self-Service Provisioning
New
Employee
HRMS Reconciliation
Engine
Identity
Store Access
PolicyWorkflow Connector
User
Group
New
Contractor
ApprovalSelf
Registration
SPML
CloudApplications
On-PremiseApplications
IdentityStore
Reconciliation
Engine
TerminatedEmployee
HRMS
Oracle Identity Manager
ConnectorProvisioning
Workflow
Manual Task
Revoked On-Premise Applications
Revoked SaaSApplications
Automated De-Provisioning
© 2010 Oracle Corporation – Proprietary and Confidential 23
Embry Riddle Aeronautical UniversityRelies on Oracle IDM to Manage Student Accounts in the Cloud
Business Affiliates/Subsidiaries
Employees/Partners/Customers SAML 1.x
SAML 2.0
Windows CardSpace
WS-Fed
OpenID
Oracle Identity Federation
• Seamless SSO between On-premise and Cloud Applications
• Standards-based Federation Enables Interoperability
• Accelerates on-boarding of partners and service providers
CloudApplications
On-PremiseApplications
Oracle Identity FederationFederated Single Sign-On
© 2010 Oracle Corporation
Oracle OpenSSO FedletSAML Enablement of Cloud Applications
Lightweight SP-only implementation of SAML 2.0 SSO protocols
Delivers a Flexible integration framework
Can be used by a Cloud App Provider to Federation-enable their appStandard-based cross-domain authentication and SSO
Standard-based attribute exchange with identity attribute mapping and filtering
Multi-Tenant
Fedlet
Cloud App
Fedlet
Partner App
Identity Provider
Oracle Identity Federation
3rd Party
Use Case: Attribute-based Federation
Identity Repository
Identity Provider(IDP)
Service Provider(SP)
Identity Repository
SP Application(s)Purchasing Manager(s)
SAML 2.0 Response (Purchasing Mgr)
A B
FEDERATION
NAME:
SCOTT TIGER
TITLE:
PURCHASING MGR
NAME:
SAM GREEN
TITLE:
PURCHASING MGR
IDP A TITLE:
PURCHASING MGR
SP ROLE:
CUSTOMER
© 2010 Oracle Corporation
Cloud Service ProvidersIdentity Management Considerations
• MSPs looking to offer IdM as a Service
• Requires: Multi-Tenancy, Federation
• Maintenance simplicity – Self Service, Delegated Admin
• May require higher identity assurance
• Enterprise Customers looking to outsource IdM
• Want to augment in-house IdM or replace parts of it
• IT Staff expertise is a challenge
•
Cloud IdM
Client Enterprise 1
Client Enterprise 2
MSP
British TelecomLeverages Oracle IDM to deliver Identity Services to Consumers
<Insert Picture Here>
Agenda
• Introduction
• Cloud Security Barriers
• Identity Management
• For Private Clouds
• For Public Clouds
• For Service Providers
• Why Oracle?
• Q&A
Identity Management with the Oracle Cloud
Platform
Application
Quality Mgmt
Configuration
Management
Application
Performance Mgmt
Lifecycle
Management
Physical & Virtual
Systems Mgmt
Ops Center
Infrastructure as a Service
Database Grid: Oracle Database, RAC, ASM, Partitioning,
IMDB Cache, Active Data Guard, Database Security
Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit
Platform as a Service
Integration:
SOA Suite
Security:
Identity Mgmt
Process Mgmt:
BPM Suite
User Interaction:
WebCenter
Oracle Apps3rd Party Apps ISV Apps
Applications
Oracle VM for x86
Operating Systems: Oracle Enterprise LinuxOracle LinuxOracle Solaris
Oracle VM for SPARC (LDom)Solaris Containers
Servers
Storage
Oracle Enterprise
Manager
Cloud Management
Hot Pluggable
Comprehensive, best-in-class solutions
Service-Oriented Security
Oracle Identity Management Differentiators
© 2010 Oracle Corporation – Proprietary and Confidential 32
Oracle Identity Management OverviewComprehensive and Best-of-Breed
Identity
Administration
Access
Management
Directory
Services
• Roles based User Provisioning
• Self-Service Request & Approval
• Password Management
• Authentication & Fraud Prevention
• Single Sign-On & Federation
• Authorization & Entitlements
• Web Services Security
• Information Rights Management
• LDAP Storage
• Virtualized Identity Access
Identity Governance Platform Security
Analytics, Fraud Prevention, Privacy Controls Identity Services for Developers
33
Comprehensive Standards and Systems
Support
Leading Standards:
Innovate, Contribute, Implement
Support All Leading Applications
and Systems
ACF-2 & TSS
Summary
Oracle Identity Management
• Is comprehensive and open
• Is proven for real world
deployments
• Ensures reliable security for
private and public clouds
• Delivers Service-Oriented Security
• Is available for download today
For More Information
• www.oracle.com/identity
• bit.ly/idmcloud
Best-in-Class
© 2010 Oracle Corporation – Proprietary and Confidential 35
For More Information
oracle.com/Identity
search.oracle.com
or
Identity management
© 2010 Oracle Corporation – Proprietary and Confidential 36
Cloud Security with Oracle Identity ManagementReal World Examples
• Offers Managed Identity Services including Managed Fraud Prevention and Identity Verification Services
• Federated Provisioning deployment spans hosted PeopleSoft hosted and on-premise apps
• Federated User Provisioning to Microsoft Live
• Offers Strong Authentication as a hosted service to customers
Alternate Customer Slide for
Cities without A/V Option