oracle identity management - guors – grupo de … identity management.pdf · oracle identity...

1

<Insert Picture Here>

GUO/RS – Oracle Identity ManagementJuliano SulzbachConsultor de Vendas

2


Agenda

• Identity Management• definição

• Identity Management• a Oracle possui uma solução?

• Oracle Identity Management• Análises de Mercado


Agenda




3

Identity Management Defined

A set of processes and a supporting infrastructure for the creation, maintenance, and use of digital identity.

-Burton Group

Identity Management (IdM) is an integrated system of business processes, policies and technologies that enable organizations to facilitate and control their users' access to critical online applications and resources — while protecting confidential personal and business information from unauthorized users.

-Wikipedia

What is Identity Management?Securing your IT assets from within

• Management of digital identities through their complete lifecycle

• Employee hire -> promotion -> departure

• Securing access to applications and information• Authentication: proving you are who you say you are• Authorization: what you have access to, when, where

• Scalable and available storage of identity information• Profile: roles and attributes about you

4

Identity ManagementKey Drivers

Compliance Enablement

Risk Management

Privacy

Cost Savings

Identity ManagementBusiness Value

“Identity management projects are much more than technology implementations — they drive real business value by reducing direct costs, improving operational efficiency and enabling

regulatory compliance.”

5

Identity ManagementKey Concepts

(Strong) Authentication

FederationDirectoryUser Provisioning

Identity Admin Delegated AdminAuthorization


Agenda




6

Oracle Identity ManagementAté 2005 …

• Há muito tempo a Oracle oferece características de Segurança e Identity Management nos seus produtos• Oracle Database

• VPD, Label Security, ASO, Criptografia, EUS, …• Oracle Application Server

• Web SSO e servi ços diretório LDAP• Oracle Portal• Oracle Discoverer

• Oracle Forms• Aplicações J2EE• …

• Solução Homogênea à somente produtos Oracle

Directories

Applications

Portals

Operating Systems

ACF-2 & TSS RACF

Groupware

Application/Web Servers

Oracle Identity ManagementApós 2005 … Solução: Homogênea à Heterogênea

7

Identity ManagementComo a Oracle consegue oferecer tudo isso?


Agenda




8

Enterprise Identity Management

NOS/DirectoriesOS (Unix)

Systems & RepositoriesApplications

ERP CRM HR Mainframe

Auditingand

ReportingPolicy and Workflow

EmployeesIT Staff SOA Applications

Partners

External

Delegated Admin

SOA Applications

Customers

Internal

Identity Management Service

Access Management•Authentication & SSO•Authorization & RBAC•Identity Federation

Identity Administration•Delegated Administration•Self-Registration & Self-Service•User & Group Management

Directory Services•LDAP Directory•Meta-Directory•Virtual Directory

Identity Provisioning•Agent-based•Agentless•Password Synchronization

Monitoringand

Management

• Access Control• Single Sign-On• Identity Federation• Web Access Control• Web Services Security

• Identity Administration• User, Role Management• User Provisioning

• Identity Infrastructure• Virtual Directory• Directory

Key Areas of Identity Management

9

• Features• Multi-level, multi-factor authentication• Web and App server level authorization• Workflow driven Self-service & Delegated administration• Services-based architecture eases integration with existing

IT infrastructure• Benefits

• Policy-based access management• Centralized and consistent security

across heterogeneous environments• Reduced administration cost• Increased IT governance and compliance readiness

• Differentiators• Administrative scalability via workflow and delegation• Access control leverages up to date identity information• Comprehensive auditing to a common database

Authentication

Authorization

Identity Admin

Oracle Access Manager

• Identifies users when they need to access a network or system• Separately, authorizes their access to individual applications • Sits between every users and everything they want to access

Poorly managed sign-on leads to many problems …

Network

Sign-on Sign-on

Enterprise Single Sign On

10

Case Study – American Power Conversion

• Improved customer experience

• Lower operational costs by centralizing user administration and password reset capabilities

BUSINESS CHALLENGE

• Looking to deploy a B2B marketing application that will allow customers to interact with APC through the various phases of product selection and use

• Had an external -facing application, but no standard user administration for managing accounts, resetting passwords, etc.

RESULTS

ORACLE SOLUTION

• COREid Access and Identity chosen over RSA

• 3M External Users, 12K internal Users

• Using with OID

• APC was already an Oracle Applications customer

• Oracle demonstrated ability to meet requirements and deliver single vendor solution

Case Study – British Airways

• Enjoy integrated, end-to-end security and management of both user and application interactions• Cut time, cost, and risk of deploying web applications and web services• Increase agility and visibility across internal and external environments

BUSINESS CHALLENGE

• Reduce internal IT costs• Increase number of Web Enabled Applications• Increase web connectivity with business partners• Increase cross-sell opportunities• Reduction in number of passwords• Increased customer (internal and external)

satisfaction

RESULTS

ORACLE SOLUTION

• COREid Access and Identity

• Access control, SSO, self-services for 200,000+ employees, agencies, suppliers, partners

• BEA Portal, Apache/Tomcat, Lotus Domino

• Strong multi-factor authentication using RSA SecurID Tokens

11

Case Study – Burger King

• Delegated administration model and self service allows users to efficiently be added, deleted and modified• Management can easily and securely turn access on and off while reducing costs• Solution comprehends that roles/profiles change based on modifications to the underlying directory

BUSINESS CHALLENGE

• Annual employee turnover is greater than 250%• Need to regularly add new users• Needs to remove access when an employee

leaves the company • Employees are highly distributed and primarily

manual labor workers• Need to provide employees with the ability to add

or modify personal information

RESULTS

ORACLE SOLUTION


• Solution provided tight integration between COREid Access and Identity and Microsoft Active Directory

• COREid delivers real -time security. Access is immediately terminated for workers who leave the company

Case Study – The Coca-Cola Company

• Integration of access and identity management in one product lowers cost to administer• Created an enterprise, system-wide directory with ability to distribute the responsibility to administer• Facilitated move to Microsoft Active Directory and away from IBM SecureWay

• Easy integration and protection of current applications

BUSINESS CHALLENGE

• Wanted to replace IBM TAM and move away from IBM-only policy system

• Needed system wide identity management –primary focus on providing access control and SSO capabilities

• Needed to automate and delegate the administrative responsibility of the enterprise directory

RESULTS

ORACLE SOLUTION


• Integrated with J2EE, Microsoft, and 3rd party Applications

• Superior user self-service and delegated administration capabilities

• Workflow capabilities to automate and enforce administrative rules

12

Case Study – CUNA Mutual

• Reduced administrative costs by 4 passwords per 2000 employee approximately $500,000 per year.

• Cost saving estimates of $3-4 million per year in not having to hire 40-50 additional help desk workers.

BUSINESS CHALLENGE

• Need to implement a secure, online architecture• Must scale - 40 million people could have access• Must provide a customized user experience for

each customer• Must be flexible and allow customers to

seamlessly interface with multiple backend systems

RESULTS

ORACLE SOLUTION


• Integrated with Active Directory and Siebel

• COREid provided the ability to deliver a highly customized user experience

Case Study – General Motors

• GM gains real -time and secure supplier connections

• Production schedules have accelerated. Delegated administration and group management reduces IT costs • Each supplier can determine exact levels of delegation and can do business with GM according to their unique

business processes

BUSINESS CHALLENGE

• Securely manage a large, highly distributed and complex user base

• Reduce cost and speed interactions with supplier base

• Deploy a user administration model that will deliver many levels of delegation

• Must seamlessly integrate with an existing access control system

RESULTS

ORACLE SOLUTION

• COREid Access and Identity. COREid Federation for secure dealer network access to financial svc

• Seamless integration with GM’s access control system (IBM Tivoli)

• Provide attribute by attribute control for multiple levels of delegated administration (GM supply power portal required more than 6 levels)

13

Case Study – HCA Healthcare

• Reduced cost through integration with multiple third party applications.

• Increased productivity through reduced sign-on

BUSINESS CHALLENGE

• Meet government/regulatory compliance• Reduce Cost• Improve productivity• Improve customer satisfaction• Environment with disparate business levels

• All doctors do not work for HCA

RESULTS

ORACLE SOLUTION


• Integration with Active Directory and MS Exchange

• Automated workflow processes for setting up users, account and group creation in Microsoft Exchange

• Oracle Virtual Directory to provide centralized identities by pooling SunONE LDAP Server, Microsoft Active Directory and RedHat LDAP directory

• COREid Access and Identity to provide SSO to over 1 M external and 12 K internal users across 100 applications including 60 applications deployed on IBM Websphere

• Dramatically reduce helpdesk and IT administration costs with self service password and user management

Case Study – Highmark

BUSINESS CHALLENGE

• Multiple directories force application customization

• Existing SSO solution not open or scalable to allow 1M external and 12 K internal users secure access

• Allow seamless and secure access to 100 applications

• Improve cost savings and reduce administrative investment in user password management

RESULTS

ORACLE SOLUTION

• Oracle COREid Access and Identity• Oracle Virtual Directory• Replaced BMC’s (OpenNetwork’s)

DirectorySmart product• Will provide strong SSO capability to 1M external

and 12K internal users• "We found Oracle COREid and Oracle Virtual

Directory… as the most open, integrated and comprehensive tool to meet our needs…”

14

Case Study – Kaiser Permanente

• COREid architecture fit well into Kaiser ’s future vision for WSSO

• Strong identity management capabilities, workflow and integration with all 3rd party provisioning solutions allowed flexibility for Kaiser to manage it’s end user communities

BUSINESS CHALLENGE

• Reduce the number of end user sign-ons and passwords

• Improve the security of disparate web application systems

• Simplify the management of security in the web environment

• Ensure compliance with HIPAA requirements and applicable healthcare laws and regulations

RESULTS

ORACLE SOLUTION


• Heterogeneous product - integration with ATG Portal, Critical Path LDAP, Oracle DB

Case Study – NYK Line

• Delivered a solution that replaces their old solution without impacting their existing applications

• Low Risk: Oracle had experience migrating clients like WAMU fromEntrust GetAccess to COREid

BUSINESS CHALLENGE

• Stability and performance issues with Entrust GetAccess impacting client access to critical logistics/ scheduling applications

• Process for approving client access to NYK apps resource intensive and time consuming

• Several geographically distributed stakeholders responsible for various user and policy management functions

RESULTS

ORACLE SOLUTION


• Integration with BEA WebLogic, SunONE LDAP

• COREid chosen for its ease of use: NYK user administrator finds it difficult to turn on a computer

15

Case Study – Polycom

• Improved application security, better usability and lower cost to administer

• Opportunity to add on federation capabilities

BUSINESS CHALLENGE

• Customer identified need for employee web single sign-on solution

• First focus on consolidating sign-on to multiple PeopleSoft instances

• Costly, labor-intensive management of user identities and passwords

RESULTS

ORACLE SOLUTION

• COREid Access and Identity chosen over CA and ActivCard with an MS Active Directory as identity repository

• COREid has a proven ability to single sign-on with PeopleSoft

Case Study – State of Minnesota

• Medical claims are secure and processed more quickly• State of Minnesota is “HIPAA compliant”

BUSINESS CHALLENGE

• Minnesota’s Department of Human Services (DHS) 30,000 medical providers and 80,000 users submit electronic claims. These must be secured to comply with federal HIPAA regulations

• Management overhead of all users is tremendous as providers and users change regularly

RESULTS

ORACLE SOLUTION

• State of Minnesota selected Oracle COREid Access and Identity

• Secure access claims submission portal, using audit and log capabilities

• Superior workflow capabilities for setting up users in Microsoft Exchange and Active Directory

• Powerful delegated administration features

16

Case Study – State of NC

• Delegated administration and user self service lowered the cost of deploying a common architecture and accelerated user adoption

• Administrative costs are dramatically reduced• Security policies are enforced in real -time and consistently across state agencies

BUSINESS CHALLENGE

• Need to manage the identity information of a constantly changing employee population

• Need to scale infrastructure to manage identity information and control access for companies that want to do business with the state

• Need to scale to provide seamless access to online services 8+ million state residents

• Need to move citizens to a self service model

RESULTS

ORACLE SOLUTION


• COREid has the best administration tools for managing users in a centralized directory

• Group management allows people to be placed in groups that have common access rights allowing online services to be deployed more rapidly (e.g., all teachers have access to the education portal)

• Automated user management and password reset for 1M+ users• Provided integrated security and SSO for their Plumtree based banking portal• Provided enforcement of business processes for editing user identities via identity workflow• Reduced management costs via delegated administration

Case Study – SunTrust

BUSINESS CHALLENGE

• Automate user management functions for one million users of its online banking portal

• Government mandates all financial services firms deliver online account access functionality with stronger rules for management of consumer identity

• Need to scale to 5M+ users within 2 years

RESULTS

ORACLE SOLUTION

• Oracle COREid Access and Identity • Integrated with Plumtree portal infrastructure• SunTrust experienced early success with

COREid Access for their banking portal which then created a need to reduce costs by automating user management functions

17

Case Study – TDC

• Improved user experience for customers and employees

• Successfully migrated from their previous access solution (Entrust)

BUSINESS CHALLENGE

• Needed SSO across their different business units and easier administration of millions of users

• Existing solution (Entrust) did not meet their requirements

RESULTS

ORACLE SOLUTION

• COREid Access and Identity chosen over CA, Entrust and Sun

• 3M External Users, 12K internal Users

• SSO into applications running on BEA

Case Study – US Postal Service

• COREid allows single sign-on to 3rd party services without having to authenticate again. This encourages USPS’s customers to monitor and track the progress of the direct marketing mailers via USPS’s portal

• Self service allows consumers to make changes to their accounts quickly and easily and to track their shipments

BUSINESS CHALLENGE

• Need to meet 508 Compliance (ADA)• Error prone, untimely paper based system was

hindering consumers from using online applications

• Need to connect 75 applications through the USPS portal for billing, tracking, and delivery of mail

• Need to increase customer user experience

RESULTS

ORACLE SOLUTION


• XSL component of COREid allows the USPS to be 508 Compliant

• COREid is key to USPS for its performance and ability to handle high capacity

• Integration of access and identity management in one product perceived lower risk to integrate

18

• Features• Automated user provisioning and

de-provisioning• Rich, flexible connector framework • User-friendly request & policy wizards• Sophisticated workflow & reconciliation engines• Unique compliance automation & reporting

• Benefits• Reduced administration cost• Improved end user experience• Critical for regulatory compliance• Improved security

• Differentiators

• Enables compliance via comprehensive audit history and periodic attestation framework

• Powers largest global provisioning implementation by number of targets

• Adapter Factory significantly lowers the TCO of customers’solutions over time

HRMSUser

created or removed in HR system

Business Applications

Workflow;Assign or

revoke roles,

privileges

Application Driven Identity

SystemProvision

accounts and access rights

Oracle Identity Manager

Case Study – Accenture

• Password management savings of $63K per month ($750k per year)

• Xellerate replaced a required upgrade in RSA token registration process, saving $110k• Automated provisioning of users to fine-grained attributes within SAP will enforce Sarbanes-Oxley compliance

requirements & eliminate 10 security administrators ($500k per year saving)

BUSINESS CHALLENGE

• Reduce costs & increase controls related to password resets

• Centralize security administration processes • Centralize security management of access

control• Enable compliance with Sarbanes-Oxley and

other regulatory requirements

RESULTS

ORACLE SOLUTION

• Selected Xellerate March ‘ 04 over Sun & M-Tech

• Maturity of provisioning solution

• Strength of workflow engine

• Customizable user interfaces

• Support provided by Thor

• Showcase for Accenture’s Market Identity & Access Management offering

19

Case Study – Barclays Plc

• Enable operational efficiency and increase security across application environment

• Reduced business risk by facilitating regulatory and policy compliance – control access to production systems• Automation of reconciliation and reporting within strategic Enterprise Platform environment which will enable

SOX compliance

BUSINESS CHALLENGE

• Audit finding required improving logical access management. Attempt at doing this manually lead to increased labor cost and decrease productivity

• Enable SOX and other regulatory compliance• Eliminate increasing operational risk from lack of

control & auditing of user access privileges: In just one application Barclays recognized over 30,000 inappropriately provisioned users.

RESULTS

ORACLE SOLUTION

• Xellerate selected over CA, Sun/Waveset & IBM

• Fulfilled more POC requirements than the competition

• Out-of-the-box functionality and the integration ability required for legacy applications in the Bank

• Staff knowledgeable of product and complementary IT infrastructure

Case Study – DaVita

• WSSO and automated provisioning will reduce costs and increase end user satisfaction across all facilities in North America

• Reduce new application development and costs by centralizing run-time and administrative security functions• Establish who-has-what and exception reporting across all compliance-critical applications

BUSINESS CHALLENGE

• Need an overhaul of the current applications that support dialysis clinics & centralized security of those applications.

• Need to automate and support delegation of all security administration processes performed by the dialysis clinics

• Need to streamline operations, and cost-effectively meet regulatory requirements

RESULTS

ORACLE SOLUTION

• Xellerate selected over CA in July 2004

• Better and broader platform support

• Solution comprises of best-in-class components

• Solution demonstrated excellent flexibility during evaluation

• Reputation for excellent customer support

20

Case Study – D & B

• ‘Who Has What’ preventative and corrective reporting across Tier 1 applications by Sept. 04

• End user self-attestation of their accesses, with workflow-based sign off by December 2004• Reduced operational risk by facilitating regulatory and policy compliance

• Introduction of automation will increase the efficiency of outsourced service delivery

BUSINESS CHALLENGE

• Outsourcing service provider (CSC) seeks operational efficiencies

• Client needs to be able to report on Who Has What for critical (Tier 1) applications for regulatory reporting

• Hard requirement to enforce separation of duties with regard to access rights across critical applications

RESULTS

ORACLE SOLUTION

• Xellerate selected in May ‘ 04 as a competitive replacement of Netegrity’s (now CA) IdM solution

• Proved rapid integration capability during due diligence exercise by outsourcing provider

• Out-of-the-box coverage of 80% of Tier 1 apps

• Supports outsourcing provider ’s strategic I&AM market offering

Case Study – FHLB Atlanta

• Automation of user entitlement admin. across multiple business-critical apps - lower costs & increasing SLAs

• Established tie-in between business& provisioning events-triggered by a daily feed from the trusted HR system• Policy-based control of user assignment to 400 fine-grained authorization containers (e.g. roles, groups, etc)

across AD, ClearTrust, SQL Server & Sybase (web application iden tity stores)

BUSINESS CHALLENGE

• Lifecycle management of employees’ identities across multiple authN and authZ repositories for all web apps is highly labor -intensive & high risk

• Poor service levels for responding to employees’& members’ access requests to critical resources

• No centralized management and control of provisioning processes, necessary for enforcement of compliance with regulations

RESULTS

ORACLE SOLUTION

• Xellerate selected over BMC, Sun & IBM December 2004


• Product functionality, flexibility, scalability

• Xellerate’s ability to adapt to existing business processes

21

Case Study – Goldman Sachs

• Established who-has-what reporting capability across infrastructure targets

• Reduced security risks via immediate removal of user access from core IT resources• Cleaned up incorrect data as part of the process via the introduction of automation

• Automation of user access rights with minimal manual intervention is reducing IT operations costs

BUSINESS CHALLENGE

• Need a centralized, authoritative and auditable solution for all infrastructure accounts, physical assets and technology applications, to better meet internal policy & external regulatory requirements

• Reduce administrative labor costs via increasing end user self-service functionality

• Need flexible and extensible provisioning solution

RESULTS

ORACLE SOLUTION

• Xellerate selected over internal system, Sun (Waveset) & HP (Trulogica) in September 2004

• Proven scalability to support growth

• Implemented all 3 POC scenarios within 5 days

• Ability to meet all workflow requirements

• Integration with broad and diverse set of targets

• Quickly create unique asynchronous transactions

Case Study – Halifax Bank

• Reduced NT account creation time from 5 days to minutes – now creating 12,000 NT accounts annually

• Decreased new account requests from 5 to 1 per employee annually, through clearly defined roles• Reduced thousands of weekly helpdesk calls for password reset requests via self-service capability

• Reduced business risk by facilitating regulatory and policy compliance.

BUSINESS CHALLENGE

• 60% of security operations focused on managing access to IT systems

• High & increasing operational risk due to lack of control over user access privileges and auditing capabilities of those privileges

• Increasing helpdesk call volume• High maintenance costs from existing suite of

tools used for identity management

RESULTS

ORACLE SOLUTION

• Xellerate selected in December 2003, over CA, BMC, Netegrity (now CA) & Sun Microsystems


• Richer set of relevant functionality

• Reduced implementation and maintenance complexity (less bespoke development required)

22

Case Study – Hanover Insurance Group AllMerica

• Reduced lead time for customer access request to fulfillment from 5 days to 15 minutes

• Self Service Password reset capability will reduce IT operations costs• Who Has What reports can now be run across supported targets by app. & business owners

• Reduced business risk by facilitating regulatory and legislative compliance

BUSINESS CHALLENGE

• Replace existing product with a more robust, scalable & viable product: needed quicker integration capabilities

• Need to meet external regulatory requirements and record & track all security administration processes for auditing purposes

• Enhanced security & operational efficiency driven by business units and IT infrastructure

RESULTS

ORACLE SOLUTION

• Xellerate selected in June ‘04 over CA and IBM

• POC performance, particularly in responding to unscripted client requirements

• Excellent out-of-the-box coverage of most Tier 1 target resources

• Cheaper, quicker and less complex integration with new & existing partners

Case Study – Hershey Foods

• Password synch from AD across the SAP environment will reduce costs & enforce common security policies

• Establish Who Has What Reporting across all managed resources (SAP, AD, SunONE, Oracle)• Flexible assignment of users to roles & profiles within SAP, in accordance with internal security policies

• Reduce new application development costs by leveraging common IdM infrastructure

BUSINESS CHALLENGE

• Inconsistent processes for managing user access privileges across network, SAP & web envt

• Poor end user satisfaction arising from multiple passwords across SAP & network environment

• High IT operations costs with assignment of employee privileges to roles in SAP

• Difficulty in establishing processes for attesting & reporting on ‘who has what’ across the enterprise

RESULTS

ORACLE SOLUTION

• Xellerate selected in May ‘ 05 over Sun & M-Tech


• Provided confidence regarding alignment with their SAP (CUA) integration requirements

• Strong alignment between client’s future requirements and Oracle’s roadmap

23

Case Study – IRD

• Reduce user access cost/increase end user self-service functionality

• Rapid employee access to internal systems with minimal helpdesk assistance• Reduced business risk by facilitating internal policy requirements

• Increased user capabilities and volume, leading to decreased IT operations costs

BUSINESS CHALLENGE

• Need secure, adaptable and efficient I&AM system for employees and citizens

• Integrate existing authentication infrastructure with a more advance and flexible solution

• Centralize management of access controls and administrative provisioning processes

• Reduce user access cost/increase user functionality

RESULTS

ORACLE SOLUTION

• Xellerate selected over IBM in June 2004


• Proven ease of integration with wide range of technologies via Adapter Factory

• Scalability of product to support future business growth

Case Study – La-Z-Boy

• Provide a self-service interface to external users for Partner Portal access

• Reduced helpdesk overhead costs• Enable operational efficiency and increase security across application environment

• Reduced business risk by facilitating regulatory and policy compliance – control access to productions systems

BUSINESS CHALLENGE

• Establish a central access control repository for SOX compliance

• Improve end-user experience and reduce helpdesk costs with improved password mgt

• Improve productivity within the application development environment

• Minimize required changes to existing applications infrastructure

RESULTS

ORACLE SOLUTION

• Xellerate selected in October 2004, as part of acquisition of RSA Cleartrust


24

Case Study – Lehman Brothers

• ‘Day one’ access lead time reduced to < 5 mins• Knowing Who Has Access to What = Priceless• Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems• Reduced compliance effort across 50 SOX-critical applications by 12 man weeks

BUSINESS CHALLENGE

• Critical systems vulnerable to unmanaged & orphaned system accounts

• No detailed audit trails of each user ’s access rights – current and historical

• Reduce the cost of user administration from $30.00 per access modification

• Comply with external regulations – Sarbanes Oxley & Gramm-Leach-Bliley Acts

RESULTS

ORACLE SOLUTION

• Lehman selected Xellerate Identity Provisioning over A360, Waveset & Business Layers

• Very flexible (adaptable), open architecture simplified integration

• Integrated with 650+ business applications

• GUI-based business rule development

Case Study – Mercedes Benz USA


• Create a platform for completely automating all resource & IT account provisioning processes • Eliminate existing manual/paper -based provisioning processes for employee on-boarding and termination

• Decrease administrative overhead. Reduction in business risks and cost of SOX compliance

BUSINESS CHALLENGE

• Centrally manage and audit all account creations, changes, deletions, and assigned access rights across all systems

• Enforce and attest the corporate initiative to move MBUSA towards SOX compliance

• Eliminate increasing operational risk from lack of control & auditing of user access privileges

RESULTS

ORACLE SOLUTION

• Xellerate selected over BMC in January 2005


• Out-of-the-box functionality and the integration ability required for legacy applications

• Staff knowledgeable of product and complementary IT infrastructure

25

Case Study – MphasiS

• Phase 1 is live – supporting 1000 users & 5 targets

• Average lead time from request to fulfillment reduced from 5 days to 15 minutes for Tier 1 targets• Self Service Password reset capability reduced the load of system administrators to a great extent

• Who Has What reports can now be run across supported targets by application & business owners

BUSINESS CHALLENGE

• Clients perceived risk from opening their systems to a remote operations team

• MphasiS BPO needs to track employee entitlements across a large number of IT systems

• Manual user accounts & credentials lifecycle management costly in high turnover environment

• Enable regulatory and security compliance efforts

RESULTS

ORACLE SOLUTION

• Xellerate was selected in December ‘03 due to its ability to handle high-volume & demanding contact centers, which require provisioning to a variety of complex applications

• Availability of core resource adapters for critical targets, including Avaya, Oracle, BEA and others

• Availability of trained Mphasis resources

Case Study – Pearson

• Allow secure end-user (customers) provisioning to appropriate Pearson-hosted applications

• Ensure protected customer enrollment and registration with self-service password management capabilities• Provide the infrastructure to permit additional applications to be automatically/easily provisioned to users

• Stringent password policy enforcement based on corporate standards

BUSINESS CHALLENGE

• Increase infrastructure security• Efficiently manage growing number of customer-

facing applications• Sarbanes Oxley compliance• Provide secure user enrollment and self-

registration capabilities to Pearsons’ customers• Enhance password management processes and

capabilities across organization

RESULTS

ORACLE SOLUTION

• Xellerate selected over IBM

• Expertise level of the POC and pilot implementation team

• Commitment to customer support

• Corporate and product reputation

• Xellerate’s ease of use and ‘solid’ architecture

• Xellerate’s rich functionality

26

Case Study – Principal Financial Group


• Establish a platform for completely automating all resource & IT account provisioning processes• Provide end users, business and application owners with extensible, dynamic workflow for managing approval

and provisioning processes

BUSINESS CHALLENGE

• Centrally manage and audit all account creations, changes, deletions, and assigned access rights across all systems

• Auditing complex user interactions • Modeling access for 20+ systems and

applications• Eliminate increasing operational risk from lack of

control & auditing of user access privileges

RESULTS

ORACLE SOLUTION

• Xellerate selected in June 2005 over IBM


• Professional services and customer support commitment

• Flexible access modeling options

• Product’s scalability – the ability to add processes, workflows, resources after Day 1

Case Study – Royal Bank of Canada Capital Markets

• RBC will improve security by automatically capturing identity da ta across the defined employee and application scope and deliver visibility of user permissions and processes (out-of-policy access rights)

• RBC will benefit from cost reduction as automated compliance and reporting processes replace the manual capture and linking of user account data actions

BUSINESS CHALLENGE

• Attestation requirements to comply with US Sarbanes-Oxley Act and Basel II

• Remove orphan accounts on critical systems when employees leave a department or the organization

• Automate the compliance reporting and attestation process

RESULTS

ORACLE SOLUTION

• RBC Capital Markets selected Xellerate Identity Provisioning over IBM

• Phase I integration with three systems

• Phase II will expand to an additional 35 systems

• Automate the attestation process via Xellerate Attestation and reporting solution

27

Case Study – Sherwin Williams

• Reduction in labor and acquisition cost across all six divisions

• Increase productivity of administrative staff via user self helpcapabilities• Reconciliation of local administrative changes across all six divisions will eliminate ghost or orphaned

accounts, reducing risks, increasing security & enabling compliance with internal and regulatory policies

BUSINESS CHALLENGE

• Current administrative processes extremely time intensive and expensive

• Standardization of accounts across division• Provide user self-service to reduce costs &

manual effort for helpdesk staff• Central compliance reporting incl. Top Secret

RESULTS

ORACLE SOLUTION

• Xellerate selected over Netegrity (now CA), Novell in December 2003

• Showcased fastest application integration with existing infrastructure during the POC

• Seamlessly completed all 11 use cases in POC requirements

Case Study – Sprint (Nextel)

• Password management solution delivered for 25,000 users across 18 packaged resources in 4 months

• Password rules now centrally enforced across all resources under management• Managing user privileges for over 110,000 users across multiple critical business applications

• Self-service reduced operational costs associated with password management & user administration

BUSINESS CHALLENGE

• Password management cost $1.1 million annually• Password policies not uniformly applied to all

systems and applications• Existing I&AM architecture and roadmap did not

support emerging business models• Ad hoc, costly processes for requesting/tracking

access requests to critical enterprise applications • Need to facilitate regulatory compliance

RESULTS

ORACLE SOLUTION

• Xellerate selected in September ‘03 over IBM, Netegrity (now CA) & Waveset (now Sun)

• Strength & flexibility of workflow & reconciliation

• Out-of-the-box integration with infrastructure.

• Proven scalability to support business growth.

• State engine supports roll-back


28

Case Study – Swedish Police

• Significant cost avoidance (est. over $1M) for identity synchronization, workflow & administration functionality

• Establishment of automated role & rule-based assignment of access privileges to all managed systems• Improvement of information quality by centralizing user records and cleaning existing data

• Detailed and easily accessible audit functionality

BUSINESS CHALLENGE

• Establish secure and centralized mgt of identities across multiple enterprise directories & applications - incorporation of process workflows

• End users and managers have poor visibility into in-process and completed provisioning workflows

• Protect against locally administered changes to user entitlements directly w/in the target systems

• Poor mgt of user certificates within RSA Keon

RESULTS

ORACLE SOLUTION

• Xellerate selected over Novell in March 2005

• Highly flexible and extensible product

• Superior support for onboarding and analysis mechanisms for orphan account detection

• Support for rollback/undo and escalation

• Mature product with solid architecture

• Flexibility and customizability

Case Study – Toyota Financial Services

• Automated provisioning process execution in response to business events, via integration with Peoplesoft HR• Documented evidence of compliance of “who has what” reporting across business-critical applications• Helpdesk cost savings arising from measurable reductions in call volume due to self-service password reset• Within 2 weeks of rollout, eliminated 90% of rogue accounts and privileges across managed systems

BUSINESS CHALLENGE

• Prior provisioning solution implementation failed -not fit for purpose

• Authorization workflow not linked to reporting structure

• Eliminate increasing operational risk from lack of control & auditing of user access privileges

• Manage increase in helpdesk call volume, which decreases productivity and increases labor costs

RESULTS

ORACLE SOLUTION

• TFS selected Xellerate Identity Provisioning over Netegrity, IBM, HP & Sun

• Integration with Peoplesoft, Siebel, RACF, AD

• Adapter Factory enabled 2-3 day build cycle for integration with Siebel 7.7

• Reduced implementation and maintenance complexity

29

• Features• Identity and trust sharing across business partners, both as

Service Provider (Hub) or Identity Provider (Spoke)• Lightweight, multi-protocol gateway – SAML, Liberty, WS-

Federation• Integrates with leading Identity Management platforms

• Benefits• Reduced cost of interaction between business partners• Reduce administration cost• Deliver improved end user experience

• Differentiators• Self-contained, easy to deploy solution• Flexible deployment configurations• Rich, 100% web-based configuration interfaces for

improved administrator and end user experience• Proven scalability - large production deployments

Oracle Identity Federation

Case Study – Northern Trust

• Delivered a solution that replaces their old solution without impacting their existing applications

• COREid allows Northern Trust the flexibility and scalability to increase their user base• Interoperability with partners’ SAML applications

BUSINESS CHALLENGE

• Performance issues with their home grown solution - slow performance, high maintenance costs, and highly customized application.

• Home Grown solution was not scalable • Difficulty keeping their solution current with

emerging technologies such as federation and SAML that would allow them to interoperate with their partners’ applications

RESULTS

ORACLE SOLUTION

• COREid Federation, COREid Access and Identity

• Integration with SunONE and Sybase

• COREid was the only solution that could allow 3.5 million hits/day, 20 concurrent users, and a 5 second authentication/ user

30

• Oracle COREid solution saves Southwest $30/month per employee 40k users for a total of $1.2 million per month

• Reduction of user passwords from 7 to 1 resulted in a cost savings of $3.9 million per month for Boeing• Reduced equipment idle time at the rate of $15,000 per hour

Case Study – SWA & Boeing

BUSINESS CHALLENGE

• SWA wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer (Boeing) via the Web

• Increase efficiency• Reduce the business costs of transactions

with the aircraft manufacturers

RESULTS

ORACLE SOLUTION

• COREid Federation, COREid Access and Identity• Six week implementation • Allowed Southwest to be the first in airline

industry to implement SAML

Case Study – US Navy

• “The effort of the defense portal initiative will reduce strike time from 15 minutes to 15 seconds.“

• COREid enables personnel to access applications and services that connects them with people at home, an application to transfer funds, access healthcare information & services, etc. - increasing job satisfaction.

• Personnel securely linked with vendors providing authentication from ship to shore.

BUSINESS CHALLENGE

• Increase personnel satisfaction • Need to accelerate speed and accuracy of

decision at every level of command• Integrate all force elements throughout battle

space• No common infrastructure across internal and

external resources

RESULTS

ORACLE SOLUTION


• Full SAML capabilities

• Integration with Active Directory, and BEA

• Provides a common identity management infrastructure to facilitate interoperability inside and outside the Navy with the Army, Marines and other groups.

31

Case Study – Washington Mutual

• Saved $20K – $30K per application per year. The cost savings comes from lower costs to maintain the business relationships.

• Increased security which leads to less inappropriate exposure ofsensitive data• Decreased calls to help desk for password resets

BUSINESS CHALLENGE

• Washington Mutual ’s intranet enables employee self-service for over a dozen HR functions

• Wanted to Increase productivity and efficiency• Solution needs to integrate outsourced

applications with their intranet

RESULTS

ORACLE SOLUTION


• Washington Mutual out sources most of its services and is using federated single sign-on to provide access to multiple outsourced applications

• Intranet portal integrates 14 outsourced applications to date

• Features• Full feature LDAP server with a

RDBMS data-store• Industry leading scalability and

HA capabilities• Strong Oracle Platform integration• VSLDAP certified and EAL4 compliant

• Benefits• Reduced operational cost with

Oracle Grid support• Seamless integration with Oracle Applications and Products

• Differentiators• RDBMS backend provides proven scalability & performance• Rich, built in auditing of all events and operations• Flexible data replication and redundancy features• Ships with built-in directory integration functionality

Oracle Internet Directory

32

Case Study – Amgen

• Leverage OID to synchronize with Microsoft Active Directory and SunONE

• Lower administration costs by reigning in multiple, fragmented systems with many different LDAP directories

BUSINESS CHALLENGE

• Many departmental applications built on Oracle Forms, needed a sync from OID to Active Directory / Kerberos.

• Amgen has Kerberos & AD as central security and LDAP

• Want to consolidate their other LDAP Directories (Sun, Microsoft Active Directory)

RESULTS

ORACLE SOLUTION

• AppServer (OID, Directory Integration Platform)

• Competition we beat:

• BEA (incumbent J2EE standard; however issues with long-term viability)

• IBM (Used by R&D group, but not seen as complete solution)

• CA(would require FDA regulatory validation)

Case Study – CampusEAI

• Solved problem of managing diverse ever changing user community, massive user turn-over every semester

• Provide new services and sources of revenue – through better alumni relations (they now have accounts)• Administration costs were reduced by approximately 80%. Help desk calls reduced from over 2,000 to less

than 200

BUSINESS CHALLENGE

• Have a complex IT environment consisting of multiple data stores and administrative silos: packaged applications, legacy applications, database, file, and standard LDAP directories

• 10,000s of new users every semester• Difficult managing the changing roles and

identities of students, alumni and parents which is critical for fundraising and support

RESULTS

ORACLE SOLUTION

• Oracle Internet Directory, Directory Integration Platform, SSO, Portal

• Integrates disparate data silos (database, file, other LDAP)

• Supports any sized Single Sign-On user audience: 5K internal to 1.8M external users

• Works with Oracle Portal and other applications

33

Case Study – Samsung Electronics

• Enhanced infrastructure for sharing production information company- wide

• Timely delivery of consolidated information in personalized format• Highly available architecture to support 24 x 7 x 365 operation with minimal downtime;

• Now have a framework for the next generation of LCD Manufacturing Operations

BUSINESS CHALLENGE

• Needed to reduce time and effort required to analyze and report raw data from assembly lines

• Needed to provide individually relevant information to users

• Needed an effective and stable solution• Required a highly available system to support

24x7x365 operation

RESULTS

ORACLE SOLUTION

• OracleAS 10g SSO & OID

• User management

• Integrated with SINGLE (Samsung’s enterprise SSO)

• High availability with cold failover cluster for OracleAS infrastructure

Case Study – Shanda Networking

• High availability gaming service assures Shanda that there will be no downtime and therefore no impact to their revenue stream

BUSINESS CHALLENGE

• Shanda was looking for a platform that would provide high availability, scalability and performance given their high volume

• Goal is to be able to support 10 million active users (current load is 1.1M concurrent users)

• Consolidating and cleaning up duplicates of massive number of user identities from individual games

RESULTS

ORACLE SOLUTION

• Oracle Internet Directory is chosen over SunONE and Microsoft to support their massive storage requirements

• Using a clustered deployment of Oracle Internet Directory against a clustered deployment of RAC Oracle databases

34

Case Study – Spheris

• 10 months migration project within 6% of forecast

• Realized significant cost savings• High availability positively impacting SLAs

• Simplified compliance through highly available SSO

BUSINESS CHALLENGE

• Stringent Service Levels require highly available IT

• Authentication is key to overall system availability• System not available if authentication not

available• SSO simplifies compliance in highly regulated

healthcare industry

RESULTS

ORACLE SOLUTION

• Implemented highly available Oracle Identity Management (OID, SSO) for Spheris network (3,500 users) and several 10,000s of individual doctors

• Corporate Intranet with Oracle Portal

Case Study – Swisscom

• Greatly enhanced user experience for customers & employees (sing le sign-on & zero login)

• ROI – lowers internal support costs (e.g. forgotten logins/passwords)

BUSINESS CHALLENGE

• General Manager demands single sign-on for customers

• General Manager demands no login dialog for employees signed onto their Windows desktop

• Required one identity management solution for employees and customers, supporting all web applications

RESULTS

ORACLE SOLUTION

• Oracle Internet Directory and Single Sign-On chosen to work with Microsoft Active Directory

• Provides single sign-on with multiple J2EE Web applications

35

Case Study – UBS

• Their RADAR dashboard portal, a composite applications solution, is live today and delivers comprehensive information on the stocks, customers and contacts required by analysts and brokers

BUSINESS CHALLENGE

• UBS Warburg was looking to reduce demands on IT services and provide access to information and applications from a centralized location

• Required a highly available system – zero downtime

RESULTS

ORACLE SOLUTION

• OracleAS SSO chosen as the bank’s strategic Single Sign-on product alongside OID

• Used to protect over 100 Applications within the bank

• User base of 60K

• Most highly available directory solution

Case Study – Verizon Communications

• Better end-user experience for their customer portal• Easily manageable and comprehensive directory environment • Virtually unlimited scalability • Ability to sustain 6 way multi-master replication

BUSINESS CHALLENGE

• Need to effectively manage 60M entries in LDAP directory

• Each user authentication performs 6 write operations

• Requirement for highest possible availability of their infrastructure

• They have a geographical distribution of LDAP repositories at 6 different locations

RESULTS

ORACLE SOLUTION

• Oracle Internet Directory is chosen over SunONE and Microsoft Active Directory to support their massive storage requirements and write performance

• Implemented highly available Oracle Internet Directory

36

• Features• Virtualization, Proxy, Join &

Routing capabilities• Modern Java & Web Services technology• Superior extensibility• Scalable multi-site administration• Direct data access

• Benefits• Perform Real-time directory integration• Accelerate application deployment• Lower development costs

• Differentiators• Lightweight & flexible architecture• Supports true virtualization without local cache,

enabling stringent policy or privacy requirements• Modular architecture supports the addition of

connectors to a wide array of identity stores

LDAP

VDE DIRECTORY ENGINE

WEB GATEWAYWEB SERVICES WEB GATEWAY

JOIN VIEW

LocalStore LDAP DB NT Custom

Oracle Virtual Directory

Case Study – Boeing

• Avoided customization• Accelerated application deployment• Protects investment in existing infrastructure

BUSINESS CHALLENGE

• Needed to integrate Plumtree and applications into heterogeneous environment

• Complex existing directory services require application customization

• Can’t change current infrastructure - 700+ existing applications use it

RESULTS

ORACLE SOLUTION

• Oracle Virtual Directory selected over Radiant Logic and MaxWare after 9month POC

• Aggregates Information from Active Directory, Oracle 9i, and SunOne Directory

• Easier deployment and lower TCO than competition

• More Flexible Data Joining

37

Case Study – The Coca Cola Company

• Customer self-installed in 1 day• SAP Portal went into production in under 30 days with all users• Almost no daily maintenance vs. data integrity issues of sync solutions

BUSINESS CHALLENGE

• Minute Maid division was being positioned for spin-off, requiring separate IT infrastructure

• SAP Portal required a single view of all users across both infrastructures

RESULTS

ORACLE SOLUTION

• Oracle Virtual Directory

• 1 Day POC

• Worked instantly and could be deployed in production quickly

• Low TCO

• Low/No cross-division political impact

Case Study – Fidelity

• Customization eliminated at the application layer• Integrated with existing web services for audit and control• Simplified and accelerated deployment of new applications

BUSINESS CHALLENGE

• Custom identity data access web service required application customization

• Customization delays deployments and hinders use of off-the-shelf technology

RESULTS

ORACLE SOLUTION

• Oracle Virtual Directory selected over Radiant Logic

• Much better performance

• Stronger management framework

• Better extensibility

38

• Features• Rich library of pre-built policies• Centralized policy management

with local enforcement• Standards support: JAAS, JACC, WS-Security• Supports .Net & J2EE Web Services

• Benefits• Improved visibility and policy administration at

lower cost• Cross-platform monitoring and service level (SLA)

enforcement• Reduced Compliance Risk

• Differentiators• Rapid development and deployment of security

policies• Unique support for cross-platform monitoring and

service level enforcement• Provides rich audit data that supports cross-

enterprise compliance reporting

Oracle Web Services Manager

Case Study – The Hartford

• Flexible architecture that allows The Hartford to integrate appl ications with Enterprise Java Beans (EJBs) as well as SOAP messages.

• OWSM provides transformation of XML code in less time with less custom coding.

BUSINESS CHALLENGE

• Need to access industry-specific, web-based applications to process quotes across multiple carriers.

• Integrating corporate legacy systems with their portal applications in an interoperable manner.

• Agents, who are contractors, sell insurance need to be able to have multiple quotes in a secure way via their homegrown solution.

RESULTS

ORACLE SOLUTION

• Oracle Web Services Manager

• Provides secure and effective interpretability across multiple backend systems across various insurance carriers

• Ease of use based on its out-of-the-box policy template approach.

39

• Features• Who has/had what, when, how and why?• Periodic attestation of user privileges• Leverages Oracle’s core data

management and reporting competencies• Pre-built Reports

• Benefits• Reduced cost of compliance• Improved process visibility• Better exception monitoring and

management

• Differentiators• Hot-pluggable with third-party components• Supports separation of operational

reporting from historical reporting• Proven track record of reducing

customers’ cost of compliance

Audit and Compliance

Oracle Application ServerOIM – sub-set

40


Agenda




“Oracle’s offering of IAM products now pushes ahead of other IAM competitors such as BMC, Computer Associates International,

Hewlett-Packard, IBM, Microsoft, Novell and Sun Microsystems”- Roberta Witty, Gartner (Nov 2005)

“Oracle's acquisition of Thor and OctetString is a good move. These acquisitions coupled with Oracle's unique application top down approach to Identity Management will send ripples through the

industry.”- Mike Neuenschwander, Burton Group (Nov 2005)

“Oracle has an advantage and early lead with its top down application strategy that is aligned with customer needs.”

- Chris Christiansen, IDC (Nov 2005)

Analyst Endorsements

41

More Analyst Endorsements

Leader in User Provisioning! Gartner, April 2006

“[Oracle] has amassed a very strong management team and IAM technology portfolio …Its IAM road map looks the best of all vendors.”

PR&P E R G U N T A S

R E S P O S T A S

oracle identity management - guors – grupo de … identity management.pdf · oracle identity...

Documents