SlideShare a Scribd company logo

Oracle Privileged Account Manager Secures Access

Download as PPTX, PDF
O
OracleIDM

Olaf Stullich & Mike Laramie's OOW2013 presentation

Technology
1 of 40
1 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Securing Privileged Accounts with an Integrated IDM Solution Olaf Stullich Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team
Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Program Agenda  Introduction  What is Oracle Privileged Account Manager?  OPAM Integration with Oracle Identity Governance and Database Security  Use Case: Oracle Cloud for Industry and OPAM  Demo 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Introduction 5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
What do have these two in Common? • Privileged account access • Excessive access privileges • Difficult to monitor shared accounts across multiple administrators 6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
IDM – Overcome Threats and Regulations to Unlock Opportunities Threats  Increased Online Threat  Costly Insider Fraud Compliance  Tougher Regulations  Greater Focus on Risk  Stronger Governance Opportunities 76% Data Stolen From Servers 86% Hacking Involve Stolen Credentials 48% Caused by Insiders 17% Involved Privilege Misuse  Social Media  Cloud Computing  Mobile Access 2011 Data Breach Investigations Report 7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Managing Privilege Access Is Not Well Defined SCALE Manual solutions don’t scale (like managing privileged access via spreadsheets) 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. RISK Using default system passwords is prone to risk COST Deploying point solutions can increase integration costs
Two Big Management Problems IDENTIFYING PRIVILEGED ACCOUNTS TRACKING PRIVILEGED ACCOUNTS 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
The Right Approach is Self-Reinforcing Access Request Reporting & Certification SelfReinfor cing Remediation 10 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. AutoProvisioning VISIBILITY ACROSS COMPLETE USER ACCESS IS KEY
Privileged Account Management A Platform Approach Shared Connectors Centralized Policies Workflow Integration Common Reporting 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Reduce Risk Improve Compliance
What is Oracle Privileged Account Manager 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Fusion Middleware Business Innovation Platform for the Enterprise and Cloud  Complete and Integrated Web Social Mobile  Best-in-class User Engagement Business Process Management  Open standards Content Management Service Integration Business Intelligence Data Integration Identity Management Development Tools 13 Cloud Application Foundation Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Enterprise Management  On-premise and Cloud  Foundation for Oracle Fusion Applications and Oracle Cloud
Identity Management Securing the Social Enterprise  Simplified Identity Governance – Access Request Portal with Catalog and Shopping cart UI – In product, durable customization of UIs, forms and work flows – Privileged Account Management – leverage Identity connectors, workflows, audit  Complete Access Management – Integrated SSO, Federation, API Management, Token Management, Granular Authorization – Mobile application security with SSO, device finger printing and step up authentication – Social identity log-in from popular social media sites – REST, OAuth, XACML  Directories that Scale – 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. OUD optimized on T4 hardware delivering 3x performance gain and 15% of set up time
Privileged Account Manager Definition of Terms  Privileged Account –  A “human” accessible accounts with elevated permissions (root for UNIX, Linux, or SYS for DB) Service Account – – Some customers use the term “service accounts” when they refer to Application Accounts –  Most customers use the term “service accounts” when they refer to Privileged Accounts OPAM uses “services accounts” in the connector configuration End User –  An administrator who is accessing OPAM to check-out an account Administrator – –  The OPAM server Administrator An Administrator who is accessing OPAM to checkout an account Application accounts –  Target – 15 Accounts that are used by application (stored in applications) to access e.g. a database OPAM manages account access on “Targets” Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Privileged Account Manager Overview of Product Capabilities  Secure password vault to centrally manage passwords for privileged accounts –  OPAM uses an Oracle DB EE instance with limited use license to TDE to encrypt passwords Session Management and Auditing – –  Session control without revealing a privileged account password Session History and searchable Session Recording Extensible Framework –  JAVA based for customized solutions Audit Reporting – – 16 Customizable audit reports through BI Publisher Real time status available via the OPAM dashboard (charts, tables, etc.) Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Privileged Account Manager Overview of Product Capabilities  Integrated with Identity Governance Platform – –  Shared Connectors and Workflow integration with OIM Centralized Policies Management via OIM and OIA Using out-of-the-box connectors, OPAM Targets can be configured for –  Databases, Operating Systems and LDAP Directories, and Oracle FMW applications Policy-based access to privileged accounts via “grants” – – Grants are represented as OPAM Usage Policies. –  Grants control if and when a given administrator has access to a privileged account Grants are typically assigned through LDAP Group Membership in the identity store Flexible Password Policies – 17 Mirror corporate password standards Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Supported Clients / Targets Generic UNIX Systems UNIX 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Generic Database Servers MS SQLServer Sybase 15 Generic LDAP Directories
Typical OPAM Use-Case • User logs in as SYSTEM • Adds Table to DB • System out of space HR Application OPAM sets the SYSTEM password for Database HR App Database, based on the password policy for HR App Database Return SYSTEM password Request SYSTEM password Verify the OPAM User, Joe, is in the “HR DBA” Role Return root password Request root password User checks in passwords Database and Unix Admin (Joe) Oracle Privileged Account Manager OPAM sets the root password for the Unix Server, based on the password policy for Unix Server. • User logs in as root • Adds disk space Unix Server 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. LDAP Server
OPAM Integration with Oracle Identity Governance and Database Security 20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
OPAM and OIM - a Complete Governance Platform Request for Privileged Account Access  Leverage OIM policy/role based provisioning  A system admin may be provisioned to specific LDAP groups that OPAM uses for privileged account access  Workflow and approval will be followed as defined 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
OPAM and OIM - a Complete Governance Platform Request for Privileged Account Access  OIM to publish privileged account entitlements in request catalog  An admin user uses access request self service, search the catalog, pick the privileged accounts he needs and submit for approval  The request kicks off workflow and approval as defined  The user is provisioned with group membership after approval  The user can access OPAM for privileged password checkout and checkin 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
OPAM and OIM - a Complete Governance Platform Risk based certification  Through existing OIM OIA integration and OIM OPAM integration, privileged access info is made available to OIA for certification.  Risk can be calculated based on its privilege status and other data such as provisioning method etc  If access violation is found, it can be revoked based on OIM OIA close-loop remediation 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Use Case: Oracle Cloud for Industry and OPAM 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud for Industry Overview  What is OCI? – An internal provider of cloud-based IaaS and PaaS services available to Oracle Global Business Units (GBUs) for the packaging of Oracle Industry Solutions to end customers.  E.g. Financial Services, Healthcare, Retail – http://www.oracle.com/us/industries/index.html 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud for Industry Problems  Disparate privileged account practices between multiple operational roles – Password vault utilities – Spreadsheets  Minimal auditing/reporting on privileged account usage  Difficulty of access – “Which vault is that stored in?”  Additional requirements driven by regulatory compliance – PCI – HIPAA/HITECH 27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud for Industry Solution  Implement password solution that – Easy to use – Supports privileged accounts from multiple teams with differing requirements – Reliable – Secure – Auditable – Meets or exceeds regulatory compliance  Solution – OPAM 28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud for Industry OCI & OPAM  How did OPAM help? – Role based access to privileged accounts:  LDAP group membership determines which privileged accounts users can access – Convenient, accessible BUI – Automated reporting of privileged account access and usage – Centralized, secure repository – Automated password management – Unique passwords for each system 29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud for Industry PCI & OPAM  How did OPAM help with PCI Compliance?  Addressed PCI DSS 2.0 Requirements: – 2.1 » “Always change vendor supplied passwords before installing a system…” – 8.5.8 » “Do not use group, shared, or generic accounts and passwords…” – 8.5.9 » “Change user passwords at least every 90 days.” 30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Cloud for Industry OPAM Flexibility  Customized scripts for password aging reporting – Required for 8.5.9 – Wrote custom script to retrieve data from OPAM and email admins as necessary  RFE submitted to include functionality in future release’s BUI  Daily reports of check-in/check-out activity – Currently done through BI Publisher  Emailed to security team nightly – On-Demand reporting will be in future release 31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Case Study Overview Solution  Securely stores local privileged account information in a central location  Access to accounts is limited by LDAP group membership (RBAC)  Reportable audit trail on account usage 32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
OPAM Privileged Account Manager in Action 33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Privileged Account Manager in Action Demo Overview  How OPAM “lockbox” is used by Oracle Cloud for Industry  How does OPAM Session Management and Auditing enhances the “lockbox” concept to provide additional compliance data  How to extend OPAM operations to enable emergency access  How can emergency access be integrated with physical access security using the Lockitron lock 34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Summary 35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
OPAM Benefits  Enforce internal security policies and eliminate potential security threats from privileged users  Cost-effectively enforce and attest to regulatory requirements  Reduce IT costs through efficient self service and common security infrastructure  Real time usage reports  Customizable audit reports with BI Publisher 36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Demo Pods Moscone South Moscone South Oracle Identity Governance Suite: Managing Privileged Accounts from Your Identity Platform 37 Oracle Identity Governance Suite: Complete Identity Lifecycle Management Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Moscone South Identity Management Monitoring with Oracle Enterprise Manager
Sessions not to miss CON8823 Wednesday 09/25, 5:00PM CON8826 Thursday, 09/26, 3:30PM CON8902 Thursday, 09/26 2:00PM CON8836 Thursday 09/26, 11:00AM CON 4342 Thursday 09/26, 12:30PM CON9024 Thursday 09/26, 2:00PM 38 Moscone West, Room 2018 Moscone West, Room 2018 Marriot Marquis – Golden Gate C3 Moscone West, Room 2018 Moscone West, Room 2018 Moscone West, Room 2018 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Access Management for the Internet of Things Kanishk Mahajan, Oracle Zero Capital Investment by leveraging Identity Management as a Service Mike Neuenschwander, Oracle Developing Secure Mobile Applications Mark Wilcox, Oracle Leveraging the Cloud to simplify your Identity Management implementation Guru Shashikumar, Oracle Identity Services in the New GM IT GM Next Generation Optimized Directory Oracle Unified Directory Etienne Remillon, Oracle
Join the Oracle Community Twitter twitter.com/OracleIDM Facebook facebook.com/OracleIDM Oracle Blogs Blogs.oracle.com/OracleIDM Oracle.com/Identity 39 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
40 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
41 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Recommended

Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkErni Susanti
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Marco Di Martino
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 

Recommended

Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkErni Susanti
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Presentazione-CyberArk-MDM-v3
Presentazione-CyberArk-MDM-v3Marco Di Martino
 
Privileged Access Management - 2016
Privileged Access Management - 2016Privileged Access Management - 2016
Privileged Access Management - 2016Lance Peterman
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 
Secure Management of Privileged Passwords
Secure Management of Privileged PasswordsSecure Management of Privileged Passwords
Secure Management of Privileged PasswordsHitachi ID Systems, Inc.
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"Jose Luis Balbiano
 
Cyber ark training
Cyber ark trainingCyber ark training
Cyber ark trainingGlobal Online Trainings
 
CyberArk Cleveland Defend Multi-Factor
CyberArk Cleveland Defend Multi-FactorCyberArk Cleveland Defend Multi-Factor
CyberArk Cleveland Defend Multi-FactorChad Bowerman
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesTrish McGinity, CCSK
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlSymantec
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erpManoj Jhawar
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training pptAkhil Kumar
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Iraje brochure v17 master
Iraje brochure v17 masterIraje brochure v17 master
Iraje brochure v17 masterMechsoft Technologies LLC
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]AgilePractitionersIL
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Bpc 10.1 nw classic training
Bpc 10.1 nw classic trainingBpc 10.1 nw classic training
Bpc 10.1 nw classic traininggriteshkaran
 

More Related Content

What's hot

The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access ManagementBeyondTrust
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
CyberArk Cleveland Defend Multi-Factor
CyberArk Cleveland Defend Multi-FactorCyberArk Cleveland Defend Multi-Factor
CyberArk Cleveland Defend Multi-FactorChad Bowerman
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesTrish McGinity, CCSK
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsImperva
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...Symantec
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlSymantec
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erpManoj Jhawar
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Digital Bond
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training pptAkhil Kumar
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database ThreatsImperva
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]AgilePractitionersIL
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 

What's hot (20)

Secure Management of Privileged Passwords
Secure Management of Privileged PasswordsSecure Management of Privileged Passwords
Secure Management of Privileged Passwords
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access Management
 
10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management10 Steps to Better Windows Privileged Access Management
10 Steps to Better Windows Privileged Access Management
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
 
"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"
 
Cyber ark training
Cyber ark trainingCyber ark training
Cyber ark training
 
CyberArk Cleveland Defend Multi-Factor
CyberArk Cleveland Defend Multi-FactorCyberArk Cleveland Defend Multi-Factor
CyberArk Cleveland Defend Multi-Factor
 
Privileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA TechnologiesPrivileged accesss management for den csa user group CA Technologies
Privileged accesss management for den csa user group CA Technologies
 
Database Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower CostsDatabase Security, Better Audits, Lower Costs
Database Security, Better Audits, Lower Costs
 
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
A Symantec Advisory Guide Migrating to Symantec™ Validation and ID Protection...
 
Stop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device ControlStop Attacks and Mitigate Risk with Application and Device Control
Stop Attacks and Mitigate Risk with Application and Device Control
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erp
 
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
Managing and Securing Remote Access To Critical Infrastructure, Yariv Lenchne...
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training ppt
 
Top 10 Database Threats
Top 10 Database ThreatsTop 10 Database Threats
Top 10 Database Threats
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Iraje brochure v17 master
Iraje brochure v17 masterIraje brochure v17 master
Iraje brochure v17 master
 
Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]Technical debt in cyber ark [agile practitioners-2015]
Technical debt in cyber ark [agile practitioners-2015]
 
CyberArk Master Policy Intro
CyberArk Master Policy IntroCyberArk Master Policy Intro
CyberArk Master Policy Intro
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 

Viewers also liked

Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
Bpc 10.1 nw classic training
Bpc 10.1 nw classic trainingBpc 10.1 nw classic training
Bpc 10.1 nw classic traininggriteshkaran
 
Oia ICT Presentation
Oia ICT PresentationOia ICT Presentation
Oia ICT PresentationPravin Karde
 
The 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access ManagementThe 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access Managementbanerjeea
 
IT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveIT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveDaina Love
 
Lehdonvirta: Näin syntyi kasiluokkalaisten esitietolomake
Lehdonvirta: Näin syntyi kasiluokkalaisten esitietolomakeLehdonvirta: Näin syntyi kasiluokkalaisten esitietolomake
Lehdonvirta: Näin syntyi kasiluokkalaisten esitietolomakeKouluterveyskysely
 
LODStats (Presentation for KESW2013 System Demo)
LODStats (Presentation for KESW2013 System Demo)LODStats (Presentation for KESW2013 System Demo)
LODStats (Presentation for KESW2013 System Demo)Ivan Ermilov
 
Sequencing behavior for walking meetings
Sequencing behavior for walking meetingsSequencing behavior for walking meetings
Sequencing behavior for walking meetingsAngad Singh
 
How to estimate_oracle_cost
How to estimate_oracle_costHow to estimate_oracle_cost
How to estimate_oracle_costPhilip Zhong
 
100 Things to Watch in 2013 - JWT INTELLIGENCE
100 Things to Watch in 2013 - JWT INTELLIGENCE100 Things to Watch in 2013 - JWT INTELLIGENCE
100 Things to Watch in 2013 - JWT INTELLIGENCEGustavo Barbosa
 
AÇÃO CAUTELAR 4.174 DISTRITO FEDERAL
AÇÃO CAUTELAR 4.174 DISTRITO FEDERALAÇÃO CAUTELAR 4.174 DISTRITO FEDERAL
AÇÃO CAUTELAR 4.174 DISTRITO FEDERALMiguel Rosario
 

Viewers also liked (18)

Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
Bpc 10.1 nw classic training
Bpc 10.1 nw classic trainingBpc 10.1 nw classic training
Bpc 10.1 nw classic training
 
Oia ICT Presentation
Oia ICT PresentationOia ICT Presentation
Oia ICT Presentation
 
The 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access ManagementThe 7 Layers of Privileged Access Management
The 7 Layers of Privileged Access Management
 
IT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveIT 510 Final Project - Daina Love
IT 510 Final Project - Daina Love
 
Menciones
MencionesMenciones
Menciones
 
Aw african safari
Aw african safariAw african safari
Aw african safari
 
Lehdonvirta: Näin syntyi kasiluokkalaisten esitietolomake
Lehdonvirta: Näin syntyi kasiluokkalaisten esitietolomakeLehdonvirta: Näin syntyi kasiluokkalaisten esitietolomake
Lehdonvirta: Näin syntyi kasiluokkalaisten esitietolomake
 
TelOne Zimbabwe - An Internet Research
TelOne Zimbabwe - An Internet ResearchTelOne Zimbabwe - An Internet Research
TelOne Zimbabwe - An Internet Research
 
LODStats (Presentation for KESW2013 System Demo)
LODStats (Presentation for KESW2013 System Demo)LODStats (Presentation for KESW2013 System Demo)
LODStats (Presentation for KESW2013 System Demo)
 
Sequencing behavior for walking meetings
Sequencing behavior for walking meetingsSequencing behavior for walking meetings
Sequencing behavior for walking meetings
 
The four agreements
The four agreements The four agreements
The four agreements
 
How to estimate_oracle_cost
How to estimate_oracle_costHow to estimate_oracle_cost
How to estimate_oracle_cost
 
100 Things to Watch in 2013 - JWT INTELLIGENCE
100 Things to Watch in 2013 - JWT INTELLIGENCE100 Things to Watch in 2013 - JWT INTELLIGENCE
100 Things to Watch in 2013 - JWT INTELLIGENCE
 
Q4 06
Q4 06Q4 06
Q4 06
 
Modul I/O by MRobbyF
Modul I/O by MRobbyFModul I/O by MRobbyF
Modul I/O by MRobbyF
 
AÇÃO CAUTELAR 4.174 DISTRITO FEDERAL
AÇÃO CAUTELAR 4.174 DISTRITO FEDERALAÇÃO CAUTELAR 4.174 DISTRITO FEDERAL
AÇÃO CAUTELAR 4.174 DISTRITO FEDERAL
 
NC Live How To
NC Live How ToNC Live How To
NC Live How To
 

Similar to Oracle Privileged Account Manager Secures Access

Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager OracleIDM
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Oracle
 
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Oracle
 
Con8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalCon8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalOracleIDM
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!Dayalan Punniyamoorthy
 
Con8811 converged identity governance for speeding up business and reducing c...
Con8811 converged identity governance for speeding up business and reducing c...Con8811 converged identity governance for speeding up business and reducing c...
Con8811 converged identity governance for speeding up business and reducing c...OracleIDM
 
Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016Sorathaya Sirimanotham
 
Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016Bastien Leblanc
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfMelody Liu
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideCourtney Llamas
 
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteEnabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteRevelation Technologies
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceDr. Wilfred Lin (Ph.D.)
 
Streamline it management
Streamline it managementStreamline it management
Streamline it managementDLT Solutions
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOracle
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationDelivery Centric
 
B6 power exceptional users with oracle webcenter
B6 power exceptional users with oracle webcenterB6 power exceptional users with oracle webcenter
B6 power exceptional users with oracle webcenterDr. Wilfred Lin (Ph.D.)
 
Integrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the CloudIntegrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the CloudAtul Goyal
 
Latest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise ManagerLatest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise ManagerHari Srinivasan
 

Similar to Oracle Privileged Account Manager Secures Access (20)

Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager Con9573 managing the oim platform with oracle enterprise manager
Con9573 managing the oim platform with oracle enterprise manager
 
Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824Advanced Controls access and user security for superusers con8824
Advanced Controls access and user security for superusers con8824
 
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...Integrate Oracle Identity Management and Advanced Controls for maximum effici...
Integrate Oracle Identity Management and Advanced Controls for maximum effici...
 
Con8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users finalCon8833 access at scale for hundreds of millions of users final
Con8833 access at scale for hundreds of millions of users final
 
Automating Security Management in PBCS!
Automating Security Management in PBCS!Automating Security Management in PBCS!
Automating Security Management in PBCS!
 
Con8811 converged identity governance for speeding up business and reducing c...
Con8811 converged identity governance for speeding up business and reducing c...Con8811 converged identity governance for speeding up business and reducing c...
Con8811 converged identity governance for speeding up business and reducing c...
 
Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016Oracle Cloud Café hybrid Cloud 19 mai 2016
Oracle Cloud Café hybrid Cloud 19 mai 2016
 
Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016Oracle Management Cloud - HybridCloud Café - May 2016
Oracle Management Cloud - HybridCloud Café - May 2016
 
Ppt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdfPpt dbsec-oow2013-avdf
Ppt dbsec-oow2013-avdf
 
Enterprise manager 13c
Enterprise manager 13cEnterprise manager 13c
Enterprise manager 13c
 
Oracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners GuideOracle Enterprise Manager Security A Practitioners Guide
Oracle Enterprise Manager Security A Practitioners Guide
 
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA SuiteEnabling: Optimized Integrations at Amway with Oracle SOA Suite
Enabling: Optimized Integrations at Amway with Oracle SOA Suite
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
 
Streamline it management
Streamline it managementStreamline it management
Streamline it management
 
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced ControlsOptimizing order to-cash (e-business suite) with GRC Advanced Controls
Optimizing order to-cash (e-business suite) with GRC Advanced Controls
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
 
Oracle 360
Oracle 360Oracle 360
Oracle 360
 
B6 power exceptional users with oracle webcenter
B6 power exceptional users with oracle webcenterB6 power exceptional users with oracle webcenter
B6 power exceptional users with oracle webcenter
 
Integrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the CloudIntegrating Enterprise Controls with the Cloud
Integrating Enterprise Controls with the Cloud
 
Latest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise ManagerLatest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
Latest Innovations in Database as a Service Enabled by Oracle Enterprise Manager
 

More from OracleIDM

Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - finalCon9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - finalOracleIDM
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalOracleIDM
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Con8837 leverage authorization to monetize content and media subscriptions ...
Con8837 leverage authorization to monetize content and media subscriptions ...Con8837 leverage authorization to monetize content and media subscriptions ...
Con8837 leverage authorization to monetize content and media subscriptions ...OracleIDM
 
Con8836 leveraging the cloud to simplify your identity management implement...
Con8836 leveraging the cloud to simplify your identity management implement...Con8836 leveraging the cloud to simplify your identity management implement...
Con8836 leveraging the cloud to simplify your identity management implement...OracleIDM
 
Con8834 bring your own identity - final
Con8834 bring your own identity - finalCon8834 bring your own identity - final
Con8834 bring your own identity - finalOracleIDM
 
Con8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalCon8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalOracleIDM
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
Con8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - finalCon8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - finalOracleIDM
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - finalOracleIDM
 
Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2OracleIDM
 
Con8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy finalCon8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy finalOracleIDM
 
Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pubOracleIDM
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10OracleIDM
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10OracleIDM
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationOracleIDM
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidatedOracleIDM
 
Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1OracleIDM
 
Trends gartner iam-amit12-4-12
Trends gartner iam-amit12-4-12Trends gartner iam-amit12-4-12
Trends gartner iam-amit12-4-12OracleIDM
 

More from OracleIDM (20)

Con9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - finalCon9024 next generation optimized directory - oracle unified directory - final
Con9024 next generation optimized directory - oracle unified directory - final
 
Con8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-finalCon8902 developing secure mobile applications-final
Con8902 developing secure mobile applications-final
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Con8837 leverage authorization to monetize content and media subscriptions ...
Con8837 leverage authorization to monetize content and media subscriptions ...Con8837 leverage authorization to monetize content and media subscriptions ...
Con8837 leverage authorization to monetize content and media subscriptions ...
 
Con8836 leveraging the cloud to simplify your identity management implement...
Con8836 leveraging the cloud to simplify your identity management implement...Con8836 leveraging the cloud to simplify your identity management implement...
Con8836 leveraging the cloud to simplify your identity management implement...
 
Con8834 bring your own identity - final
Con8834 bring your own identity - finalCon8834 bring your own identity - final
Con8834 bring your own identity - final
 
Con8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade finalCon8828 justifying and planning a successful identity management upgrade final
Con8828 justifying and planning a successful identity management upgrade final
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Con8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - finalCon8819 context and risk aware access control any device any where - final
Con8819 context and risk aware access control any device any where - final
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
 
Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2Opening remarks-dave-profozichv2
Opening remarks-dave-profozichv2
 
Con8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy finalCon8808 enabling business growth in the new economy final
Con8808 enabling business growth in the new economy final
 
Innovations dbsec-12c-pub
Innovations dbsec-12c-pubInnovations dbsec-12c-pub
Innovations dbsec-12c-pub
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
 
Identityofthings amitjasuj av10
Identityofthings amitjasuj av10Identityofthings amitjasuj av10
Identityofthings amitjasuj av10
 
Sun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformationSun2 oracle avea's identity management platform transformation
Sun2 oracle avea's identity management platform transformation
 
Healthcare it consolidated
Healthcare it consolidatedHealthcare it consolidated
Healthcare it consolidated
 
Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1Trends gartner iam-amit12-4-12-v1
Trends gartner iam-amit12-4-12-v1
 
Trends gartner iam-amit12-4-12
Trends gartner iam-amit12-4-12Trends gartner iam-amit12-4-12
Trends gartner iam-amit12-4-12
 

Recently uploaded

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Oracle Privileged Account Manager Secures Access

  • 1. 1 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 2. Securing Privileged Accounts with an Integrated IDM Solution Olaf Stullich Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team
  • 3. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 4. Program Agenda  Introduction  What is Oracle Privileged Account Manager?  OPAM Integration with Oracle Identity Governance and Database Security  Use Case: Oracle Cloud for Industry and OPAM  Demo 4 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 5. Introduction 5 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 6. What do have these two in Common? • Privileged account access • Excessive access privileges • Difficult to monitor shared accounts across multiple administrators 6 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 7. IDM – Overcome Threats and Regulations to Unlock Opportunities Threats  Increased Online Threat  Costly Insider Fraud Compliance  Tougher Regulations  Greater Focus on Risk  Stronger Governance Opportunities 76% Data Stolen From Servers 86% Hacking Involve Stolen Credentials 48% Caused by Insiders 17% Involved Privilege Misuse  Social Media  Cloud Computing  Mobile Access 2011 Data Breach Investigations Report 7 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 8. Managing Privilege Access Is Not Well Defined SCALE Manual solutions don’t scale (like managing privileged access via spreadsheets) 8 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. RISK Using default system passwords is prone to risk COST Deploying point solutions can increase integration costs
  • 9. Two Big Management Problems IDENTIFYING PRIVILEGED ACCOUNTS TRACKING PRIVILEGED ACCOUNTS 9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 10. The Right Approach is Self-Reinforcing Access Request Reporting & Certification SelfReinfor cing Remediation 10 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. AutoProvisioning VISIBILITY ACROSS COMPLETE USER ACCESS IS KEY
  • 11. Privileged Account Management A Platform Approach Shared Connectors Centralized Policies Workflow Integration Common Reporting 11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Reduce Risk Improve Compliance
  • 12. What is Oracle Privileged Account Manager 12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 13. Oracle Fusion Middleware Business Innovation Platform for the Enterprise and Cloud  Complete and Integrated Web Social Mobile  Best-in-class User Engagement Business Process Management  Open standards Content Management Service Integration Business Intelligence Data Integration Identity Management Development Tools 13 Cloud Application Foundation Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Enterprise Management  On-premise and Cloud  Foundation for Oracle Fusion Applications and Oracle Cloud
  • 14. Identity Management Securing the Social Enterprise  Simplified Identity Governance – Access Request Portal with Catalog and Shopping cart UI – In product, durable customization of UIs, forms and work flows – Privileged Account Management – leverage Identity connectors, workflows, audit  Complete Access Management – Integrated SSO, Federation, API Management, Token Management, Granular Authorization – Mobile application security with SSO, device finger printing and step up authentication – Social identity log-in from popular social media sites – REST, OAuth, XACML  Directories that Scale – 14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. OUD optimized on T4 hardware delivering 3x performance gain and 15% of set up time
  • 15. Privileged Account Manager Definition of Terms  Privileged Account –  A “human” accessible accounts with elevated permissions (root for UNIX, Linux, or SYS for DB) Service Account – – Some customers use the term “service accounts” when they refer to Application Accounts –  Most customers use the term “service accounts” when they refer to Privileged Accounts OPAM uses “services accounts” in the connector configuration End User –  An administrator who is accessing OPAM to check-out an account Administrator – –  The OPAM server Administrator An Administrator who is accessing OPAM to checkout an account Application accounts –  Target – 15 Accounts that are used by application (stored in applications) to access e.g. a database OPAM manages account access on “Targets” Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 16. Privileged Account Manager Overview of Product Capabilities  Secure password vault to centrally manage passwords for privileged accounts –  OPAM uses an Oracle DB EE instance with limited use license to TDE to encrypt passwords Session Management and Auditing – –  Session control without revealing a privileged account password Session History and searchable Session Recording Extensible Framework –  JAVA based for customized solutions Audit Reporting – – 16 Customizable audit reports through BI Publisher Real time status available via the OPAM dashboard (charts, tables, etc.) Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 17. Privileged Account Manager Overview of Product Capabilities  Integrated with Identity Governance Platform – –  Shared Connectors and Workflow integration with OIM Centralized Policies Management via OIM and OIA Using out-of-the-box connectors, OPAM Targets can be configured for –  Databases, Operating Systems and LDAP Directories, and Oracle FMW applications Policy-based access to privileged accounts via “grants” – – Grants are represented as OPAM Usage Policies. –  Grants control if and when a given administrator has access to a privileged account Grants are typically assigned through LDAP Group Membership in the identity store Flexible Password Policies – 17 Mirror corporate password standards Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 18. Supported Clients / Targets Generic UNIX Systems UNIX 18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Generic Database Servers MS SQLServer Sybase 15 Generic LDAP Directories
  • 19. Typical OPAM Use-Case • User logs in as SYSTEM • Adds Table to DB • System out of space HR Application OPAM sets the SYSTEM password for Database HR App Database, based on the password policy for HR App Database Return SYSTEM password Request SYSTEM password Verify the OPAM User, Joe, is in the “HR DBA” Role Return root password Request root password User checks in passwords Database and Unix Admin (Joe) Oracle Privileged Account Manager OPAM sets the root password for the Unix Server, based on the password policy for Unix Server. • User logs in as root • Adds disk space Unix Server 19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. LDAP Server
  • 20. OPAM Integration with Oracle Identity Governance and Database Security 20 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 21. OPAM and OIM - a Complete Governance Platform Request for Privileged Account Access  Leverage OIM policy/role based provisioning  A system admin may be provisioned to specific LDAP groups that OPAM uses for privileged account access  Workflow and approval will be followed as defined 22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 22. OPAM and OIM - a Complete Governance Platform Request for Privileged Account Access  OIM to publish privileged account entitlements in request catalog  An admin user uses access request self service, search the catalog, pick the privileged accounts he needs and submit for approval  The request kicks off workflow and approval as defined  The user is provisioned with group membership after approval  The user can access OPAM for privileged password checkout and checkin 23 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 23. OPAM and OIM - a Complete Governance Platform Risk based certification  Through existing OIM OIA integration and OIM OPAM integration, privileged access info is made available to OIA for certification.  Risk can be calculated based on its privilege status and other data such as provisioning method etc  If access violation is found, it can be revoked based on OIM OIA close-loop remediation 24 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 24. Use Case: Oracle Cloud for Industry and OPAM 25 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 25. Oracle Cloud for Industry Overview  What is OCI? – An internal provider of cloud-based IaaS and PaaS services available to Oracle Global Business Units (GBUs) for the packaging of Oracle Industry Solutions to end customers.  E.g. Financial Services, Healthcare, Retail – http://www.oracle.com/us/industries/index.html 26 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 26. Oracle Cloud for Industry Problems  Disparate privileged account practices between multiple operational roles – Password vault utilities – Spreadsheets  Minimal auditing/reporting on privileged account usage  Difficulty of access – “Which vault is that stored in?”  Additional requirements driven by regulatory compliance – PCI – HIPAA/HITECH 27 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 27. Oracle Cloud for Industry Solution  Implement password solution that – Easy to use – Supports privileged accounts from multiple teams with differing requirements – Reliable – Secure – Auditable – Meets or exceeds regulatory compliance  Solution – OPAM 28 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 28. Oracle Cloud for Industry OCI & OPAM  How did OPAM help? – Role based access to privileged accounts:  LDAP group membership determines which privileged accounts users can access – Convenient, accessible BUI – Automated reporting of privileged account access and usage – Centralized, secure repository – Automated password management – Unique passwords for each system 29 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 29. Oracle Cloud for Industry PCI & OPAM  How did OPAM help with PCI Compliance?  Addressed PCI DSS 2.0 Requirements: – 2.1 » “Always change vendor supplied passwords before installing a system…” – 8.5.8 » “Do not use group, shared, or generic accounts and passwords…” – 8.5.9 » “Change user passwords at least every 90 days.” 30 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 30. Oracle Cloud for Industry OPAM Flexibility  Customized scripts for password aging reporting – Required for 8.5.9 – Wrote custom script to retrieve data from OPAM and email admins as necessary  RFE submitted to include functionality in future release’s BUI  Daily reports of check-in/check-out activity – Currently done through BI Publisher  Emailed to security team nightly – On-Demand reporting will be in future release 31 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 31. Case Study Overview Solution  Securely stores local privileged account information in a central location  Access to accounts is limited by LDAP group membership (RBAC)  Reportable audit trail on account usage 32 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 32. OPAM Privileged Account Manager in Action 33 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 33. Oracle Privileged Account Manager in Action Demo Overview  How OPAM “lockbox” is used by Oracle Cloud for Industry  How does OPAM Session Management and Auditing enhances the “lockbox” concept to provide additional compliance data  How to extend OPAM operations to enable emergency access  How can emergency access be integrated with physical access security using the Lockitron lock 34 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 34. Summary 35 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 35. OPAM Benefits  Enforce internal security policies and eliminate potential security threats from privileged users  Cost-effectively enforce and attest to regulatory requirements  Reduce IT costs through efficient self service and common security infrastructure  Real time usage reports  Customizable audit reports with BI Publisher 36 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 36. Demo Pods Moscone South Moscone South Oracle Identity Governance Suite: Managing Privileged Accounts from Your Identity Platform 37 Oracle Identity Governance Suite: Complete Identity Lifecycle Management Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Moscone South Identity Management Monitoring with Oracle Enterprise Manager
  • 37. Sessions not to miss CON8823 Wednesday 09/25, 5:00PM CON8826 Thursday, 09/26, 3:30PM CON8902 Thursday, 09/26 2:00PM CON8836 Thursday 09/26, 11:00AM CON 4342 Thursday 09/26, 12:30PM CON9024 Thursday 09/26, 2:00PM 38 Moscone West, Room 2018 Moscone West, Room 2018 Marriot Marquis – Golden Gate C3 Moscone West, Room 2018 Moscone West, Room 2018 Moscone West, Room 2018 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Access Management for the Internet of Things Kanishk Mahajan, Oracle Zero Capital Investment by leveraging Identity Management as a Service Mike Neuenschwander, Oracle Developing Secure Mobile Applications Mark Wilcox, Oracle Leveraging the Cloud to simplify your Identity Management implementation Guru Shashikumar, Oracle Identity Services in the New GM IT GM Next Generation Optimized Directory Oracle Unified Directory Etienne Remillon, Oracle
  • 38. Join the Oracle Community Twitter twitter.com/OracleIDM Facebook facebook.com/OracleIDM Oracle Blogs Blogs.oracle.com/OracleIDM Oracle.com/Identity 39 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 39. 40 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
  • 40. 41 Copyright © 2013, Oracle and/or its affiliates. All rights reserved.

Editor's Notes

  1. This is our Safe Harbor statement…Please take a moment to review it…
  2. With Great Power Comes Great Risk Organizations are trying to drive greater productivity out of administrators. In optimal cases today organizations can get 1K to 2K users per administrator ratio. Increasing that ratio is important Most organizations have 100s of service accounts that execute software on servers and web-servers. These accounts if hijacked are a key entry point for fraud Excessive access is also the number one attack vector at the database level. (March 28 2012) http://educationinfree.wordpress.com/2012/03/28/top-10-database-attacks/These accounts are shared across multiple administrators and becomes difficult to monitor who is doing what. Analogous to this problem is the privileged elevation problem where someone uses a privileged account to elevate the privileges of another account, then logs in to the other account and performs malicious activity … very difficult to track.
  3. In most cases the exploits we are seeing exploit Identity and access weaknesses. When hackers break in they are going after password weaknesses – orphaned and dormant accounts. They are using means like phishing etc. They are using accounts that have excessive access in the organization. Most of the data stolen comes from servers – not from last laptops of stolen phones – this is something well within our control. 17% are just misuse of privileges – good people gone bad. 86% of the hacking are lost or stolen credentials – so instituting good behavior on password reset and access review can reduce that number 48% caused by insiders What’s more important is that the hackers are going after our applications and our data – they want to perform transactions that are impactful or financially beneficial … ie give yourself a raise… trade beyond the controls of the organization. They are going after customer information.. Financial information. Its really all about access – Despite all the money we have spent on firewalls and network security we have left the applications vulnerable and we can get better results for our spending if we refocused.In the Forrester Insights 2011 – they noted that companies have spent an inordinate amount of time on perimeter security and have left the applications and data vulnerable. Hence the 48% cause by insiders are not being addressed adequately. Take away : Its about your applications and data Its about access both internal and external. The ORCLE FOCUS IS THAT…..IF WE FOCUS ON CONTROLS THAT IMPACT THE 48% and FOCUS ON THE DATA AND APPS WE CAN REDUCE approx 48% OF THE PROBLEM. APPS AND DATA ARE OUR STRENGTH. – WE HAVE ONE OF THE STRONGEST IDENTITY MANAGEMENT PLATFORMS AND WE HAVE BEEN SECURING DATA FOR A VERY LONG TIME.
  4. Today Managing Privilege Access is Not Well Defined Organizations have a difficult time managing privileged access because the people who have these accounts are the people we rely on to keep the business safe.  Organizations take a few approaches Ignore the issue Have help desks handle administrative requests Deploy point solutions for specific systems Largely the problem is ignored and administrative and service accounts are a huge vulnerability The help desk approach hampers productivity administrators have to wait to get access and removing the excessive is a pain to do.The impact is reduced productivity and an approach that does not scale beyond a department level.The problem is that each request is manual and takes a long time t complete There is no visibility across all privileged accessThere is no way to monitor and report on access There is no way to centralize policy control across departments or multiple systems. 
  5. Two Big Management Problems Managing privileged accounts presents to big problems which point solutions don’t address well1 Identifying the accounts . they are not just root and sys admin accounts they also include any account where privileges are elevated. They include service accounts and accounts from apps to databases to operating systems to firewalls. 2. Tracking privileged accounts.. we have to have the notion of identity because they are not tied to one person . they can be tied to multiple people and that creates the risk
  6. The Right Approach is Self-Reinforcing By combining the ability to control accounts on multiple platforms along with the workflow automation that can span cross system .. we can get a self-reinforcing and intelligent approach to privilege account management. We call this a platform approach.We can tie multiple identity to a privileged account We can automate the remediation and removal of excessive accessWe can automate the request of access for privileged accounts so there is no lost productivity waitingWe can track when privileges are increased because the platform approach includes the ability to automate provisioning and change controlWe get consolidated auditing And we get visibility across the complete user access which is keyWe can serve multiple systems because the platform has a breadth of target system support
  7. Oracle Provide a Platform Approach to Privileged Account Management Connectors reuse – build on your existing deployment – and reduce overall TCO Centralized policy control Interoperable with the other components including OIM and OIA So what we are providing here is a password checkout system for shared OS, application and database accounts. Today these accounts are the most impactful and because they are shared increases the risk of fraud. With privilege account manager we can lease and account to a user for a period of time and remove the access when the time period as expired.It takes a platform approach leveraging the connectors, workflows, certification and closed loop remediation of OIA and OIMProvides emergency access – and removes access within a given timeframe.With service accounts – we can control the time fo day the account is used etc.
  8. With Fusion Middleware, you can extend and maximize your existing technology investment with the same technologies used in Fusion Applications, including embedded analytics and social collaboration, and mobile and cloud computing. Oracle’s complete SOA platform lets your IT organization rapidly design, assemble, deploy, and manage adaptable business applications and—with Oracle’s business process management tools—even bring the task of modeling business processes directly to the business analysts. Oracle Business Intelligence foundation brings together all your enterprise data sources in a single, easy-to-use solution, delivering consistent insights whether it’s through ad hoc queries and analysis, interactive dashboards, scorecards, OLAP, or reporting. And, your existing enterprise applications can leverage the rich social networking capabilities and content sharing that users have come to expect in consumer software. Oracle Fusion Middleware is based on 100 percent open standards, so you aren’t locked into one deployment model when your business requirements change.
  9. We’ll spend just a few minutes reviewing some common terms relevant to OPAM.A privileged account is….A service account is…really a privileged account, sometimes referred.From an OPAM perspective…An end user is…An administrator is…And finally…Application Accounts are…
  10. The next 4-slides provide a high-level introduction into OPAM…OPAM provides a password vault capability to privileged, service and application accounts…OPAM integrates with DB Security in that it leverages Oracle DB EE as it’s password vault and uses the Transparent Data Encryption (TDE) capability of Advanced Security Options (ASO) to encrypt passwords in the Oracle DB (secure data at Rest)To support customer requirements, OPAM enables declaring a privileged account as exclusive or sharedWhen the account is “shared”, this means……multiple administrators can check-out the account credentials at the same time, e.g. if multiple administrators need to apply patches or run backup jobs…it’s difficult to know “who” was using the privileged account, when reviewing audit logs, etc.When an account is “exclusive” (e.g. not-shared), this means……only one (1) user can check-out the password at any point in time…this provides clarity into “who did what” with a privileged account by matching the check-in/out activity against the native system audit logsWith the next upcoming patchset (11g R2 PS2) we’ll address some of these potential limitation.
  11. In addition to storing the privileged account passwords, OPAM provides controls for managing user access to these passwordsPassword access is available via “grant”…it controls WHICH privileged accounts any given person can access via OPAM…it optionally controls WHEN / HOW a privileged account is accessed by this personGrants are managed within OPAM as Usage Policies.Grants can be “directly-assigned” or can be indirectly assigned via LDAP Group MembershipIt is recommended as a best practice to avoid dual-paths for a user to privileged accounts, since this can lead to non-deterministicBehavior. The indirect-grants via Group Membership provides a familiar and scalable “role-based access control” model for OPAM.The other type of policy within OPAM are Password Policies…these determine the composition of the managed password. …only one Password Policy is defined for any given privileged account; but the PW Policies can be used by multiple accounts…the PW Policy must be at-least as strong as the one on the native system – e.g. database, directory, operating system… multiple password policies can be created, to mimic corporate policies. At this time OPAM cannot “simply” import existing corporate policies an OPAM administrator has to create them.The OPAM Policies and configuration also determine when a privileged account password is changed – e.g. …on check-out…on check-on…or both-- each checkout of a shared account has the same password, however once the last shared account occurs this password will be reset
  12. OPAM supports a wide range of account types including:Generic UNIX Any UNIX/LINUX server with SSHGeneric DatabaseOracle 9-11AnyGeneric LDAPAny LDAP
  13. Here is an example of how OPAM is Interoperable with OIM Request access De-provision access Connector reuse – means that OPAM can use all existing OIM integrations Works with the OIM request catalog – for easy searching and self service request for passwords