Insert Picture Here Introduction To Oracle Identity And

Introduction To Oracle Identity And Access Management (IAM) Shujaat Ali Sr. Security Specialist, Public Sector Sales Consulting

Agenda • State of enterprise security and the need for IAM • Oracle solutions • Industry validations and customer success stories • The future of Oracle IAM • Summary and best practice • Q&A

5 Questions to ask your CISO

Q: What’s posted on this monitor? a – password to financial application b – phone messages c – to-do’s

Q: What determines your employee’s access? a – give Alice whatever Wally has b – roles, attributes, and requests c – whatever her manager says

Q: Who is the most privileged user in your enterprise? a – security administrator b – CFO c – the 3 -peat summer intern who is now working for your competitor

Q: How secure is your identity data? a – It is in 18 different secured stores b – We protect the admin passwords c – Privacy? We don’t hold credit card numbers

Q: How much are manual compliance controls costing your organization? a – nothing, no new headcount b – don’t ask c – don’t know

Today’s IT Challenges More Compliant Business • Increasing regulatory demands • Increasing privacy concerns • Business viability concerns More Agile Business More Secured Business • More accessibility for employees, customers and partners • Higher level of B 2 B integrations • Faster reaction to changing requirements • Organized crime • Identity theft • Intellectual property theft • Constant global threats

State Of Security In Enterprise • Incomplete • Multiple point solutions from many vendors • Disparate technologies that don’t work together • Complex • Repeated point-to-point integrations • Mostly manual operations • ‘Non-compliant’ • Difficult to enforce consistent set of policies • Difficult to measure compliance with those policies

Identity Management Values • Trusted and reliable security • Efficient regulatory compliance • Lower administrative and development costs • Enable online business networks • Better end-user experience

Identity & Access Management Access Control Identity Administration Authentication & Authorization Identity Lifecycle Administration Directory Services Virtualization Single Sign-On Role & Membership Administration Synchronization Federation Provisioning & Reconciliation Storage Web Services Security Compliance Automation Audit & Compliance Audit Data Attestation Segregation of Duties Controls Management Service Levels Configuration Performance Automation

Oracle IAM Products Access Control Identity Administration Directory Services Oracle Access Manager Oracle Enterprise Single Sign-On Oracle Identity Federation Oracle Virtual Directory Oracle Identity Manager Oracle Web Services Manager Oracle Internet Directory (with Directory Integration Platform) Audit & Compliance Oracle Identity & Access Management Suite Management Oracle Enterprise Manager for Identity Management

Leader in User Provisioning, 1 H 2006 Magic Quadrants Web Access Management, 2 H 2006 Magic Quadrant Disclaimer: The Magic Quadrant is copyrighted by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Heterogeneous Support “Of all the large platform vendors, Oracle, Novell, CA and BMC seem the most committed to providing significant support for heterogeneous environments. “ - Ray Wagner, Gartner, October 2006 Portals Application/Web Servers Applications Groupware Directories Operating Systems ACF-2 & TSS RACF

Standards Support • Contribute and lead • SSTC (SAML Working Group) - Co-Chair • Liberty Alliance - President, Board Member • WSS, WS-SX (Web Services Security) - Author • SPML - Author • XACML – Voting member • Implement • Accelerate product development • Simplify product integration & minimize TCO • Innovate • Enable Identity Services Framework: CARML, AAPML • Standards for end-to-end security

Access Control Authentication & Authorization Single Sign-On Oracle Access Manager (Web) Oracle e. SSO Suite (Desktop/Legacy) Federation Oracle Identity Federation Web Services Security Oracle Web Services Manager

Oracle Access Manager (Web) • Benefits • Centralized and consistent security across heterogeneous environments • Reduced administration cost • Improved end user experience • Features • Web single-sign-on • Common policy management • Multi-level, multi-factor authentication management • Self-service and delegated administration • Workflow engine • Web Services interfaces

Oracle Enterprise SSO Oracle e. SSO Suite (Desktop/Legacy) • Benefits • Eliminates forgotten passwords for Windows desktop and applications • Improves security & user experience • Meet regulatory compliance • Features • Sign-on to any Windows, web, host, mainframe or Java application • Use any combination of tokens, smart cards, biometrics and passwords • Auto inactive session termination and application shutdown for shared workstation • Reset Windows password directly from locked workstation

Oracle Identity Federation • Benefits • Secured integration with partners • Reduced administration cost • Improved end user experience • Features • Seamless SSO and identity sharing • Multi-protocol gateway – SAML, Liberty, WS-Federation • Service Provider or Identity Provider • Flexible deployment configurations • Standalone for use with pre-existing web-access management solution • Protocol SDK for custom applications

Oracle Web Services Mgr. Oracle Web Services Manager • Benefits • Quick and simple deployment • Provide standard (J 2 EE) policy enforcement points • Enable SLA definition and monitoring, quality of service reporting. • Features • Declarative policy (no coding) • Rich library of pre-built policies • Centralized policy management with local enforcement • Supports WS-Security • Integrated security for SOA Suite/Services infrastructure

Identity Administration Lifecycle Administration Role & Membership Administration Provisioning & Reconciliation Oracle Identity Manager Compliance Automation

Oracle Identity Manager • Benefits • Reduced administration cost • Cost effective regulatory compliance • Improved security • Improved service level • Features • Identity life-cycle management for the heterogeneous enterprise • Approval and provisioning workflows • Role based access control • Complete integration solutions: OOTB connectors & Adapter Factory • Deep integration to ERP and HRMS • Audit and compliance reporting and process automation

Directory Services Virtualization Synchronization Storage Oracle Virtual Directory Oracle Directory Integration Platform Oracle Internet Directory

Oracle Virtual Directory • Benefits • Rapid application deployment • Tighter controls on identity data • Real-time identity information access • Features • Modern Java & Web Services technology • Virtualization, proxy, join & routing capabilities • Superior extensibility • Scalable multi-site administration • Direct data access Oracle Virtual Directory

Oracle Internet Directory With Directory Integration Platform • Benefits • Reduced operational cost with Oracle Grid support • Seamless integration with Oracle applications and products • Features • Full feature LDAP server with a RDBMS data-store • Industry leading scalability and HA capabilities • Strong Oracle platform integration • VSLDAP certified and EAL 4 compliant • Entity level directory synchronization support for all major directory products (DIP) Oracle Internet Directory

Identity Audit & Compliance Audit Data & Reporting Attestation Segregation Of Duties Controls Oracle Identity & Access Management Suite

Identity Audit & Compliance Oracle Identity Audit & Compliance • Benefits • Cost effective compliance • Enhance data integrity and auditability • Real time and consistent enforcements • Enable compliance to SOX, GLB, HIPAA, J-SOX, … • Features • Comprehensive historical and temporal audit data • Comprehensive operational and historical reports • Attestation of entitlements • Segregation of duties via denial policies • Comprehensive system and exception logging • Integration with Audit Vault, ICM, and 3 rd party compliance products

Management Service Levels Performance Configuration Oracle Enterprise Manager For Identity Management Automation

Oracle Enterprise Manager For Identity Management Oracle Enterprise Manager • Benefits • Actively manage Id. M service levels • Rigorous management of Id. M technology stack • Simplified deployment, patching, and upgrade • Features • Automated modeling of IAM components and infrastructure • Define SLA, monitor and report • Response time, throughput, usage metrics, … • Server, application, and user level metrics • Automated discovery of IAM components and infrastructure • Discover & track configuration attributes / values • Installing, Patching, Upgrading, Cloning • Development Test Production

Identity Management Customers Some Sample References Financial Services Retail & Services Manufacturing & Transportation Technology & Communications Government & Public Sector Healthcare Oracle Confidential

Case Study – Lehman Brothers GLB & SOX Compliance BUSINESS CHALLENGE • Critical systems vulnerable to unmanaged & orphaned system accounts • No detailed audit trails of each user’s access rights – current and historical • Reduce the cost of user administration from $30. 00 per access modification • Comply with external regulations – Sarbanes Oxley & Gramm-Leach-Bliley Acts ORACLE SOLUTION • Lehman selected Oracle Identity Manager over IBM, Sun, and CA • Very flexible (adaptable), open architecture simplified integration • Integrated with 800+ business applications • GUI-based business rule development RESULTS • • • ‘Day one’ access lead time reduced to < 5 mins Knowing Who Has Access to What = Priceless Eliminated ghost accounts via reconciliation of local administrative changes across 650 managed systems Reduced compliance effort across 50 SOX-critical applications by 12 man weeks Award winning deployment

Case Study – Southwest Airlines Seamless B 2 B Integration & Low TCO BUSINESS CHALLENGE • Wanted to obtain engineering drawings, blueprints, color coding reports and other technical documents from the manufacturer via the Web • Increase efficiency • Reduce the business costs of transactions with the aircraft manufacturers ORACLE SOLUTION • Oracle Access Manager and Oracle Identity Federation • Six week implementation • 1 st in airline industry to implement SAML RESULTS • Oracle Access Manager solution saves Southwest $30/month per employee 40 k users for a total of $1. 2 million per month. • Also reduced equipment idle time at $15, 000 per hour.

Case Study – State of Delaware Convergence of HR and Identity Data BUSINESS CHALLENGE • DTI wanted to provided 12000 state employees with self service HR capability. • It also wanted to initiate e. Government efforts to offer Delaware residents the ability to do common online tasks. • Most of the self service tasks were manual and paper/fax based. ORACLE SOLUTION • Oracle Access Manager, Oracle Virtual Directory, and OID chosen over Sun and CA, May 2006 • 150 K External Users, 12 K Internal Users • Oracle Solution works with IBM Web. Sphere midtier and People. Soft HR • Oracle was able to demonstrate a web services based identity management solution RESULTS • User self service expected to lower cost and improve user adoption • Improved security and efficiency by migrating manual self service tasks to an automated system

Looking Ahead • Oracle will broaden security product portfolio • Strategic priority for Oracle development • Strong authentication, role management, compliance … • From security silos to built-in security • Built into databases, middleware, enterprise applications • Identity Services Framework • Project Fusion • Single security model across Enterprise Applications Suite • Enforced uniformly at all parts of technology infrastructure • Across entire life-cycle from development to maintenance

Identity Services Framework Oracle Fusion Applications & Middleware 3 rd Party ISF Aware Applications Business Functions Custom Developed ISF Aware Applications Business Functions Legacy Applications Business Functions Authentication User Authorization Management Federation Legacy Integration Interface Connectors, Agents Oracle IAM Suite with Identity Services Framework Service Interfaces WS-*, SPML, SAML, XACML, CARML Identity Services Authentication Provisioning Identity Provider Audit Authorization Administration Role Provider Federation & Trust Enterprise Identity Management Infrastructure Policy & Orchestration Virtualization & User Store

Key Oracle Differentiators • Complete suite of best-of-breed products • Complete & best integrated identity management suite • Includes compliance, virtualization and system management • Market leadership validated by press and analysts • Proven for large scale deployments • Large, complex, and award winning deployments • Broad customer base and use cases • Large referenceable customer base • Best long-term investment • Strong support of open standards and hot-pluggable strategy • Pre-integrated with Oracle products – DB, middleware, apps • Pre-integrated with over 50 applications and infrastructure • Underpins Oracle’s next generation of Fusion Applications

Key To Successful IAM Projects • Establish the strategic nature of I&AM • Focus on processes and people, technology is only an enabler • Obtain executive support and buy-in • Develop overall business requirements and a starting point – • • directory, access management or provisioning Select software based on requirements of today and the future Follow a phased approach for integration of applications and different types of users Get developers on board early on for integration with consolidated authentication, authorization and identity services Put in place a comprehensive change management and communication plan