Contenu connexe Similaire à Con 8810 who should have access to what - final (20) Con 8810 who should have access to what - final2. CON 8810 Who Should Have
Access to What – Better Risk
Management with Identity
Governance
Neil Gandhi
Product Manager
Oracle Identity Governance
2
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
3. Safe Harbor Statement
The following is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated
into any contract. It is not a commitment to deliver any material, code,
or functionality, and should not be relied upon in making purchasing
decision. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole
discretion of Oracle.
3
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
4. Session Goals
Understand the current market trends regarding Access Compliance
and Risk Management
Realize the benefits of an Identity Governance platform and how it can
help meet your everyday Compliance and Risk Management
challenges
Hear from and engage with customers regarding their experiences with
managing Risk by implementing an Identity Governance solution
4
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
5. Program Agenda
Market Trends
Risk Management & Compliance with Oracle Identity
Governance
Panel Discussion
Q&A
5
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
7. Explosion of Scale
• Few Administrators
• Handful of Audit Staff
• Too many privileged accounts
7
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
8. Getting the right access is hard
8
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
9. Market Trends
Compliance Requires Business User Participation
Increasing volume and frequency of
employee access certifications
Business Users do not understand what
they are attesting to
IT and Compliance teams struggle with
“Who should have access to what”
9
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
10. Enterprise Certification Requirements
Who’s who & what can they do?
Extract
Entitlement
s
Ad Hoc
10
Review
Entitlement
s
Complex
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Correlate
Results
Remediate
Access
Un-auditable
Non-verifiable
11. Market Trends
Scale requirements are increasing
Corp PCs
400M
Enterprise
Facebook
800M
Social
China
1.3B
Citizen
Cell Phones
5B +
Mobile
Moving from employee to massive scale for even small companies.
11
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
13. Oracle Identity Governance
Governance Platform
Connectors
Provision
De-Provision
Grant User Access
Monitor User Access
Privileged
Account
Request
Access
Request
Role
Lifecycle
Management
Roles
Check-in/
Checkout
Identity
Certifications
Access Catalog
IT Audit
Monitoring
Rogue
Detection &
Reconciliation
Ownership, Risk & Audit Objectives
Entitlements
Accounts
Glossaries
13
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Reporting &
Privileged
Access
Monitoring
Catalog Management
14. Oracle Identity Governance
Access Catalog
Harvesting
Catalog
Definition
Catalog
Enrichment
14
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
16. A Smarter Approach to Identity Compliance
Reduce
Cost, Time & Risk
$
Identity
Warehouse
Aggregating
Information &
Building a
Catalog
16
Prioritizing &
Automating
Certification
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Closed-Loop
Feedback &
Remediation
Simplified User
Experience &
Reporting
17. Automate Identity Based Controls
1
Set Up
Periodic
Review
2
Reviewer Is Notified
Goes to Self Service
3
Automated Action
is taken based on
Periodic Review
4
Report Built
And Results
Stored in DB
Reviewer Selections
What Is
Reviewed?
Certify
Reject
Who Reviews
It?
Decline
Email Result
to User
Automatically
Terminate User via
Closed Loop
Remediation
Notify the
Process Owner
Archive
Delegate
Start When?
How Often?
17
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Notify Delegated
Reviewer
Attested Data
Attestation Actions
Delegation Paths
Comments
18. Oracle Identity Manager 11g R2
Provisioning Context with Identity Auditor
18
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
19. Focusing on What (Who) Matters Most
High Risk
Leverage data collected to streamline access certification
Prioritize certifications based on user risk profiles
Aggregate risk profile over the ENTIRE lifecycle
19
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
20. Risk Based Certification
Identity Warehouse
Applications
Risk Factors
Identity Data
Sources
DB
Roles
Certification
History
Entitlements
Mainframe
Provisioning
Events
Resources
Risk Aggregation
Low Risk User
Bulk Certify
High Risk User
Cert360
Approve
Reject
Focused
Sign-off
20
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Policy
Violations
24. Demo Pods
Moscone South
Oracle Identity
Governance Suite:
Managing
Privileged Accounts
from Your Identity
Platform
24
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Moscone South
Oracle Identity
Governance Suite:
Complete Identity
Lifecycle
Management
Moscone South
Identity
Management
Monitoring with
Oracle Enterprise
Manager
25. Sessions Not to Miss
Tuesday
10:30 am – 11:30am
• CON8811: Converged Identity
Governance for Speeding up Business
and Reducing Cost
Moscone West, Room 2018
• Justifying and Planning a Successful
Identity Management Upgrade
Moscone West, Room 2018
Wednesday
1.15 pm – 2.15 pm
25
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
26. Join the Oracle Community
Twitter
twitter.com/OracleIDM
Facebook
facebook.com/OracleIDM
Oracle Blogs
Blogs.oracle.com/OracleIDM
Oracle.com/Identity
26
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
27. Innovation Awards
18 Winners Across Eight Categories
Lam Research Theater (Next to Moscone North)
Session ID: CON8082
Session Title: Oracle Fusion Middleware: Meet This
Year’s Most Impressive Innovators
Venue / Room: YBCA - Lam Research Theater
Date and Time: Monday Sep 23, 4:45 - 5:45 p.m.
27
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
28. Oracle Fusion Middleware
Business Innovation Platform for the Enterprise and Cloud
Complete and Integrated
Web
Social
Mobile
Best-in-class
User Engagement
Business
Process
Management
Open standards
Content
Management
Service Integration
Business
Intelligence
Data Integration
Identity Management
Development
Tools
28
Cloud Application
Foundation
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Enterprise
Management
On-premise and Cloud
Foundation for Oracle Fusion
Applications and Oracle Cloud
Notes de l'éditeur Notes:Extract Entitlements With Fusion Middleware, you can extend and maximize your existing technology investment with the same technologies used in Fusion Applications, including embedded analytics and social collaboration, and mobile and cloud computing. Oracle’s complete SOA platform lets your IT organization rapidly design, assemble, deploy, and manage adaptable business applications and—with Oracle’s business process management tools—even bring the task of modeling business processes directly to the business analysts. Oracle Business Intelligence foundation brings together all your enterprise data sources in a single, easy-to-use solution, delivering consistent insights whether it’s through ad hoc queries and analysis, interactive dashboards, scorecards, OLAP, or reporting. And, your existing enterprise applications can leverage the rich social networking capabilities and content sharing that users have come to expect in consumer software. Oracle Fusion Middleware is based on 100 percent open standards, so you aren’t locked into one deployment model when your business requirements change.