1 Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 8

Bridging the Security Gap Between the Enterprise and Cloud

Sponsored by

This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

Agenda •  Barriers to Cloud Adoption

•  Security Gaps Between Enterprise and Cloud

•  Oracle Identity Management

•  Case Studies

•  Summary

4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Services

Oracle Applications On Demand

Database On Demand Exadata On Demand

Middleware On Demand Exalogic On Demand

Private Cloud Products Private & Public Cloud Services Oracle Public Cloud

Fusion HCM Cloud

Service

Oracle Database Cloud Service

Oracle Java Cloud Service

Fusion CRM Cloud

Service

Infrastructure as a Service

Oracle Database, MySQL, Exadata Database Machine

Cloud Application Foundation: WebLogic Server, Coherence, JRockit, Exalogic Elastic Cloud

Platform as a Service

SOA Suite & BPM Suite

Data Integration & GoldenGate

Identity & Access Mgmt

WebCenter User Engagement

Oracle Applications

Applications

Oracle VM for x86

Oracle Linux Oracle Solaris Oracle VM for SPARC (LDom)

Solaris Zones

Servers, SuperCluster

Network Fabric Storage

Clo

ud M

anag

emen

t

Clo

ud C

ontro

l O

ps C

ente

r O

racl

e E

nter

pris

e M

anag

er

Oracle Social

Network

Oracle Cloud Offerings – Identity Management

Video – “Auction”

Security is the #1 Barrier to Cloud Adoption

87% Security main barrier to cloud adoption Source: IDC Enterprise Panel, 3Q09

52% Concerned with trusting an outside 3rd party Source: IDC Cloud Security Survey 2011`

41% Fear a security breach from use of security SaaS Source: IDC Cloud Security Survey, 2011

40% Compliance concerns prevent use of SaaS Source: IDC Cloud Security Survey, 2011

Cloud Computing saves costs but reduces control, visibility and trust

The Cloud Security Continuum

1990 1995 2000 2005 2008

LOW

MED-LOW

HIGH

MED-HIGH

CONTROL HIGH LOW

RIS

K

Enterprise

Private In House Cloud

Private Hosted Cloud

Public Cloud

Cloud computing increases risk and decreases control

Benefits

Use Cases Challenges

Security Gap Between the Enterprise and Cloud Private In-House Cloud

•  Insider Threats •  Privileged User Access

Control •  Role based Access •  Access Governance

•  Leverage reusable identity functions for new apps

•  Meter departmental app usage

c

•  Cloud for internal use •  Scales to large

departments •  Security enforced by IT

8

Private Hosted Cloud

Public Cloud

Private In House Cloud

Benefits

Use Cases Challenges

Security Gap Between the Enterprise and Cloud Private Hosted Cloud

9

Private Hosted Cloud

Public Cloud

Private In House Cloud

•  Integration can be complex •  Adding capacity can be

costly

•  Deploy a massively scalable directory service

•  Deploy layered security for sensitive applications

•  Hosted cloud for enterprise use •  Scales to several large

organizations •  Identity management

outsourced

Benefits

Use Cases Challenges

Security Gap Between the Enterprise and Cloud Public Cloud

10

Private Hosted Cloud

Public Cloud

Private In House Cloud

•  Shared environment increases risk

•  Security silos •  Jurisdictional issues

•  Rapid installation •  Access applications from

mobile devices •  Upgrades with zero

downtime

•  Access anytime anywhere •  Scales to millions of users •  Pay as you grow

Risk and Fragmentation Increase Latency

FRAGMENTATION

LATE

NC

Y

RISK

•  Security silos result in policy fragmentation

•  Multiple points of failure

•  Security gaps increase vulnerability to breaches

•  Poor response to threats

•  Latency increases with fragmentation

•  Inability to develop and deploy applications and users

Identity Management Bridges the Gap

Identity

Administration Audit

Risk Management

AuthN and AuthZ

Adaptive Access •  Context / Risk Aware •  Anomaly Detection •  Fraud Detection

Access •  Single-sign on •  Password policy •  Authorization policy •  Entitlements

Scalable Repository •  Identity Synch •  Identity Virtualization •  Reporting

Tools Point Solutions Platform Intelligence

Private In-House Cloud

Enterprise

Private Hosted Cloud

Public Cloud Administration

•  Role Mgmt •  Provisioning •  Identity Analytics •  Certification

Dimensions of Cloud Identity Management

Identity as a Bridge to Cloud

c c Are you using cloud apps?

Are you building cloud apps?

Do you need IdM but don’t want to maintain it?

Identity as a Foundation for Cloud

Identity Hosted as a Cloud Service

Authentication and SSO

• Access anytime, anywhere from any device

• Mobile authentication, SSO and access control

• Connect Internet and Social identities to enterprise identity

• Seamless integration and control with enterprise

Federated Standards

• Multiple standard support for authentication to multiple clouds

• SAML

• OAuth

• OpenID

• WS-Fed

• Accelerated on boarding of partners and service providers

Employees/Contractors

Partners/ Subsidiaries

SaaS Applications

Social Networks

Authorization

Policy Enforcement for Apps, Middleware and

Databases

Evaluate Policies and Enforce Access

Centralized Policy Administration

• Centralized Policy Enforcement

• Distributed Real-time Policy Execution

• Standards-based policies: XACML, RBAC, ABAC, JAAS

Context-Aware Security and Fraud Prevention

User: Jdoe Paswd:1happycat$

User: Jdoe Paswd:1happycat$

User: Jdoe Paswd:1happycat$

Filtered Private Data

Entitlement Policy

•  Location aware

• Device aware

• Entitlements based

• Enterprise control

• Full audit

Trust but Verify: Limit Access by Policy

User Provisioning and Role Management

Managers

Roles, Entitlements

Apps Users

• User lifecycle management for on-premise and SaaS applications

• Self-service provisioning and request mgmt

• Flexible – Roles, rules and policies

Audit and Compliance

Audit Reporting

• Access certification

• Risk scoring

• Privileged access control

• Workflow remediation

• Business views

Actionable Intelligence

Oracle Identity Management Platform Bridges the Gap

Identity

Administration Audit

Risk Management

AuthN and AuthZ

Adaptive Access •  Context / Risk Aware •  Anomaly detection •  Access certification

Administration •  Role Mgmt •  Provisioning •  Identity Analytics •  Certification

Access •  Single-sign on •  Password policy •  Authorization

Scalable Repository •  Identity Synch •  Identity Virtualization •  Reporting

Directory Services Reduces latency and fragmentation by consolidating identity data

Access Management Overcomes security silos by centralizing and consolidating security policies.

Fraud Detection Reduces risk and latency by preventing fraud in real time

Identity Admin and Governance Consolidates user roles and entitlements and reduces risk

Tools Point Solutions Platform Intelligence

Oracle Identity Management Is Cloud-Ready

SaaS Apps

Desktop/Mobile On Premise Apps

Social Networks

Partners

COMPANY OVERVIEW

•  A large commercial bank holding company headquartered in NA •  Over 20K employees and operates nearly 1500 branches and 4000

ATMs all over North America

CHALLENGES/OPPORTUNITIES •  Needed to secure PeopleSoft application with multi-factor

authentication for a financial services customer

•  Wanted to avoid costly registration schemes and proprietary hardware •  Wanted to protect customers ‘ identities and preserve brand value by

preventing phishing attacks

SOLUTION •  Leveraged Oracle Adaptive Access Manager as a hosted solution from

Oracle On Demand

RESULTS

•  75% of users were deployed in less than 1

week

•  Single solution now delivers anti-phishing,

anti-malware and fraud detection

•  Deployment is cost effective and included

layered multifactor authentication

Case Study: Citizens Bank Identity consumed as a service example

COMPANY OVERVIEW

•  A leading Canadian full service communications provider in the Province of Saskatchewan with nearly 5000 employees

•  Offers a wide range of communications products and services including voice, data, Internet, entertainment, security monitoring, messaging, cellular, wireless data and directory services

CHALLENGES/OPPORTUNITIES •  A number of legacy technologies had to be refreshed to cut down

operational expenses and increase scope of capabilities

•  Nearly a half million customers accessing Sasktel’s services from a wide variety of devices demanded self service

SOLUTION •  Leveraged Oracle Identity and Access Management Suite

RESULTS •  Displaced legacy SiteMinder solution with

Oracle Identity and Access Management

•  Monetized capital investments by offering Oracle Identity and Access Management Suite to general public as a cloud services

•  Reduced internal opex and capex

Case Study: Sasktel Identity as a Service Example

Case Study: Oracle Public Cloud Security and Identity Management Service

Identity Management in the Cloud •  Built on Oracle Identity Management •  Single Sign-On and Federation •  Multi-factor authentication •  Fully Delegated Administration

25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Case Study: Oracle On Demand Cloud Services

•  Offers Hosted Strong Auth, Provisioning, SSO, and Directory Integration

•  Enterprise-grade performance, security, and availability

•  End-to-end cloud service portfolio

Identity as a Hosted Cloud Service Example

12+ years as premier cloud provider

5.5 million satisfied end-users

20+ patented and patent pending technologies

14,000 Oracle Service experts

2,000+ Critical Patch Updates proactively applied annually

2x Faster service request resolution time

64% Reduction in downtime for upgrades

Secure and Compliant: ISO 27001, ISO 27002, HIPAA, ISAE 3402 / SSAE 16, NIST, DIACAP, PCI, 21 CFR Part 11

Oracle Identity Management Platform Reduces Cost

46% Cost Savings

Source: Aberdeen “Analyzing point solutions vs. platform” 2011

Benefits Oracle IAM Suite Advantage

Increased End-User Productivity

•  Emergency Access

•  End-user Self Service

•  11% faster

•  30% faster

Reduced Risk •  Suspend/revoke/de-provision end user access •  46% faster

Enhanced Agility •  Integrate a new app faster with the IAM infrastructure

•  Integrate a new end user role faster into the solution

•  64% faster

•  73% faster

Enhanced Security and Compliance

•  Reduces unauthorized access

•  Reduces audit deficiencies

•  14% fewer

•  35% fewer

Reduced Total Cost

•  Reduces total cost of IAM initiatives •  48% lower

48% More Responsive

35% Fewer Audit Deficiencies

• Complete, Open and Integrated

•  Innovative, Scalable and Modernized

•  Identity Management for Enterprise. Cloud, Mobile and Social environments

• Simplified, Actionable Compliance

Oracle Identity Management Summary

IaaS PaaS

SaaS

•  Normand Sauvé •  Normand.sauve@oracle.com

•  Call 1-800-672-2537

Contact

•  www.oracle.com/identity

•  twitter.com/OracleIDM

•  facebook.com/OracleIDM

•  Blogs.oracle.com/OracleIDM

Join the Oracle IDM Community

Learn More

Q&A