The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle s products remains at the sole discretion of Oracle.
<Insert Picture Here> Breaking Cloud Security Barriers with Identity Management Presenter s Name Presenter s Title
Agenda Introduction Cloud Security Barriers Identity Management For Private Clouds For Public Clouds For Service Providers Why Oracle? Q&A <Insert Picture Here>
The Allure of Cloud Computing A New Paradigm Pay As You Go Availability Flexibility Time To Value Simplicity
The Reality of Cloud Computing Recent News Highlights
Agenda Introduction Cloud Security Barriers Identity Management For Private Clouds For Public Clouds For Service Providers Why Oracle? Q&A <Insert Picture Here>
Key Barriers to Cloud Computing Security, Compliance and Control 87% Percentage of IT who rate security as a challenge with Cloud Computing 80% 77% Percentage of IT that believes bringing cloud services back on premise is hard Percentage of IT that rates cloud services hard to integrate with in house IT 49% Source: IDC Enterprise Panel, 3Q09 Percentage of IT that rates regulatory requirements as prohibitive in the cloud Source: IDC Enterprise Panel, Sep 008.
Cloud Security Challenges Private Cloud Insider Threats Role-based Access Control Secure B2B Collaboration Compliance/Governance IT Agility Public Cloud Sophisticated Security Attacks Privileged User Access Proliferation of Application Silos Jurisdictional Issues Vendor Lock-in
Compliance Considerations in Cloud! Report and audit Regulations on the rise worldwide Severe penalties for non-compliance Jurisdictional challenges Loss of Governance Costly and unsustainable manual processes Costs of audit, breach investigation, remediation and notification can quickly add up 40% Percent of IT budgets spent on addressing compliance mandates
Cloud and Loss of Control Vendor Lock-In, Integration & Interoperability Challenges Built by Cloud Customer Built by Cloud Customer Built by Cloud Customer Provided by Cloud Built by Cloud Customer Provided by Cloud - Control + Provided by Cloud Enterprise (ITaaS) Provided by Cloud Infrastructure (IaaS) e.g. Amazon EC2 Platform (PaaS) e.g. Google App Engine Application (SaaS) e.g. Oracle On Demand Cloud Computing accelerates adoption of Apps apps but forces loss of control
Agenda Introduction Cloud Security Barriers Identity Management For Private Clouds For Public Clouds For Service Providers Why Oracle? Q&A <Insert Picture Here>
Private Clouds Identity Management Considerations Dept 1 IAM Apps Dept 2 Integration of IAM into private cloud IT infrastructure and applications Modular set of services for managing access, identities, provisioning, and entitlements. Compliance/Attestation, Analytics Self Service and Delegated Administration When it comes to private clouds, traditional silo ed security solutions will not cut it. Instead, delivering security solutions through a service model will help security controls to adapt and protect information where needed Gartner 2010
Oracle Identity Management Delivers Service-Oriented Security Oracle Fusion Apps 3 rd Party Apps Custom Apps User Provisioning Service Role Management Service Identity Data Services Partner Apps Authentication Service Authorization Service Federation & Trust Services Cloud IdM Service Provider Oracle IDM or In-house IDM provider SaaS Apps Revolutionary architectural framework that leverages SOA and App Frameworks Delivers security functionality in a consistent, reusable service-oriented model Allows enterprise to leverage 3 rd Party and Cloud-based Providers of Identity Services in addition to rolling out their own Promotes loose coupling to ensure long term viability and heterogeneity of business solutions 2010 Oracle Corporation
Oracle Platform Security Services (OPSS) Foundation for Service-Oriented Security Oracle Platform Security Services Authentication Authorization Roles & Entitlements Auditing Directory Services User Provisioning Policy Store Session Data Management Standards-based Interfaces Oracle Identity Management Identity Store, Credential Store, and Policy Store Providers Access Management Identity Administration Directory Services Declarative Security Framework optimizes application lifecycle support Standards-based and Hot-Pluggable with Identity Management Systems Security Platform for Oracle Fusion Middleware and Fusion Apps 2010 Oracle Corporation
Qualcomm Leverages Oracle s Pioneering Work on Identity as a Service 2010 Oracle Corporation Proprietary and Confidential 15
Oracle Enterprise SSO Suite Plus On-Demand Client Install Remote Client Download ESSO Anywhere Enterprise Applications Credential Store Authenticate Validate Access Enterprise Applications Access Applications from Anywhere Faster Deployment and Version Control on the Deployment Packages Automate Updates and Rollbacks Reduce Overall Deployment Costs 2010 Oracle Corporation
Externalizing Authorization from Apps Distributed Fine-Grained Security Enforcement for Applications Shared Services App Owner Build application Apps App Owner Externalize Authorization Controls from App into XACML policies using OPSS API Deploy Application Oracle SOA Suite Oracle BPM Suite Oracle WebCenter Oracle Identity Management Authentication Service User Provisioning Service Authorization Service Role Mgmt Service policies Directory Service Federation Service Oracle WebLogic Suite-based Application Grid IT Centralize Enforcement of Policies across all Apps with OES Admin UI Modify Policies in response to evolving security mandates without any code changes Portal Users Fine-Grained Authorization Policy Enforcement 2010 Oracle
Public Clouds Identity Considerations Intranet Internet SaaS PaaS IaaS SaaS PaaS IaaS User lifecycle management for both on-premise and cloud apps Federated Authentication into the Cloud Apps Eco-system Sustainable Compliance
The Amazing Security Race
Identity Administration Oracle Identity Manager Provisioning Integration Framework with Adapter Factory Self Registration Password Reset Automated Provisioning and De-provisioning to Cloud Applications Self Service Registration to Cloud and On-Premise Applications Audit Reporting across On-Premise and Off-Premise Applications
Self-Service Provisioning Oracle Identity Manager New Self Approval Contractor Registration On-Premise Applications Identity Store User Group Access Policy Workflow Connector Cloud Applications SPML New Employee HRMS Reconciliation Engine
Automated De-Provisioning Manual Task Revoked On-Premise Applications Oracle Identity Manager Identity Store Terminated Employee HRMS Reconciliation Engine Provisioning Workflow Connector Revoked SaaS Applications
Embry Riddle Aeronautical University Relies on Oracle IDM to Manage Student Accounts in the Cloud 2010 Oracle Corporation Proprietary and Confidential 23
Oracle Identity Federation Federated Single Sign-On Oracle Identity Federation Employees/Partners/ Customers SAML 1.x Business Affiliates/Subsidiaries SAML 2.0 Windows CardSpace WS-Fed OpenID On-Premise Applications Cloud Applications Seamless SSO between On-premise and Cloud Applications Standards-based Federation Enables Interoperability Accelerates on-boarding of partners and service providers
Oracle OpenSSO Fedlet SAML Enablement of Cloud Applications Cloud App Fedlet Identity Provider Oracle Identity Federation 3 rd Party Fedlet Partner App Lightweight SP-only implementation of SAML 2.0 SSO protocols Delivers a Flexible integration framework Can be used by a Cloud App Provider to Federation-enable their app Standard-based cross-domain authentication and SSO Standard-based attribute exchange with identity attribute mapping and filtering Multi-Tenant 2010 Oracle Corporation
Use Case: Attribute-based Federation FEDERATION SAML 2.0 Response (Purchasing Mgr) Identity Repository Identity Provider (IDP) Service Provider (SP) Identity Repository NAME: SCOTT TIGER TITLE: PURCHASING MGR A B NAME: SAM GREEN TITLE: PURCHASING MGR IDP A TITLE: PURCHASING MGR SP ROLE: CUSTOMER Purchasing Manager(s) SP Application(s)
Cloud Service Providers Identity Management Considerations Client Enterprise 1 Cloud IdM MSP Client Enterprise 2 MSPs looking to offer IdM as a Service Requires: Multi-Tenancy, Federation Maintenance simplicity Self Service, Delegated Admin May require higher identity assurance Enterprise Customers looking to outsource IdM Want to augment in-house IdM or replace parts of it IT Staff expertise is a challenge 2010 Oracle Corporation
British Telecom Leverages Oracle IDM to deliver Identity Services to Consumers
Agenda Introduction Cloud Security Barriers Identity Management For Private Clouds For Public Clouds For Service Providers Why Oracle? Q&A <Insert Picture Here>
Identity Management with the Oracle Cloud Platform Applications Cloud Management 3rd Party Apps Oracle Apps ISV Apps Oracle Enterprise Manager Platform as a Service Application Performance Mgmt Integration: SOA Suite Process Mgmt: BPM Suite Security: Identity Mgmt User Interaction: WebCenter Lifecycle Management Application Grid: WebLogic Server, Coherence, Tuxedo, JRockit Database Grid: Oracle Database, RAC, ASM, Partitioning, IMDB Cache, Active Data Guard, Database Security Configuration Management Application Quality Mgmt Infrastructure as a Service Oracle Operating Solaris Systems: Oracle Enterprise Oracle Linux Oracle VM for SPARC (LDom) Solaris Containers Servers Oracle VM for x86 Ops Center Physical & Virtual Systems Mgmt Storage
Oracle Identity Management Differentiators Comprehensive, best-in-class solutions Hot Pluggable Service-Oriented Security
Oracle Identity Management Overview Comprehensive and Best-of-Breed Identity Administration Roles based User Provisioning Self-Service Request & Approval Password Management Access Management Authentication & Fraud Prevention Single Sign-On & Federation Authorization & Entitlements Web Services Security Information Rights Management Directory Services LDAP Storage Virtualized Identity Access Identity Governance Platform Security Analytics, Fraud Prevention, Privacy Controls Identity Services for Developers 2010 Oracle Corporation Proprietary and Confidential 32
Comprehensive Standards and Systems Support Leading Standards: Innovate, Contribute, Implement Support All Leading Applications and Systems ACF-2 & TSS 33
Summary Best-in-Class Oracle Identity Management Is comprehensive and open Is proven for real world deployments Ensures reliable security for private and public clouds Delivers Service-Oriented Security Is available for download today For More Information www.oracle.com/identity bit.ly/idmcloud
For More Information search.oracle.com Identity management or oracle.com/identity 2010 Oracle Corporation Proprietary and Confidential 35
2010 Oracle Corporation Proprietary and Confidential 36
Cloud Security with Oracle Identity Management Real World Examples Alternate Customer Slide for Cities without A/V Option Offers Managed Identity Services including Managed Fraud Prevention and Identity Verification Services Federated Provisioning deployment spans hosted PeopleSoft hosted and on-premise apps Federated User Provisioning to Microsoft Live Offers Strong Authentication as a hosted service to customers