1. enterprise security & grc global partner strategy sean cronin – sr. director, grc ken zeng...
TRANSCRIPT
<Insert Picture Here>
Enterprise Security & GRC Global Partner Strategy
Sean Cronin – Sr. Director, GRCKen Zeng – Sr. Director of Technology Global Sales SupportLaura Romero – Director, Global Partner Strategy
3
Agenda
• Oracle At-A-Glance• Global Market Trends• Oracle GRC Platform• Oracle Security & GRC Strategy• Market Opportunity• Partner Initiative Overview• More Information & Contacts• Q&A
4
Oracle At-a-Glance
Globally…
#1 in Database
#1 in Supply Chain Mgmt
#1 in Customer Relationship Mgmt
#1 in Human Capital Mgmt
#1 in Industries
- Retail
- Communications
- Public Sector
- Professional Services
- Financial Services
• 275,000 total customers
• 220,000 database customers
• 30,000 applications customers
• 19,000 SMB apps customers
• 30,000 middleware customers
• 17,700 partners
• 60,000 employees
• 14,000 developers
• 7,000 support staff
Founded in 1977. Headquarters in Redwood Shores, CA with operations in 145 countries.
5
Rebuilding TrustShareholders and consumers demand more transparency, less risk
CONSUMERS & EMPLOYEES• Protect personal information • Less risk around products and services• Social and environmental responsibility
SHAREHOLDERS• Increasing levels of shareholder activism• Seeking advisory vote on executive pay and
selection of board of directors• Growing power of individual investors and
hedge funds
BOARD OF DIRECTORS• Highlight enterprise risk as area where more visibility is needed
Source: Mckinsey, 2007
What they want…
Source: Economist, 2007
Source: Mckinsey, 2006
A survey of global consumers shows that public trust in business leaders fell to 28% in 2006, down from 36% at the peak of corporate scandals in 2002.
Source: Mckinsey, 2007
6
<Insert Picture Here>
Risky Business: Financial Services
• Bank of America, Wachovia Customer account information was illegally sold by bank employees to a business posing as a collection agency. More than 670,000 customer accounts may have been breached. Source: CNNMoney, May 2005
• Citibank Mass theft of debit card PINS results in several hundred fraudulent cash withdrawals in Canada, Russia, and the U.K. This follows the loss of unencrypted tapes containing information on 3.9M customers. Source: InformationWeek, March 2006
• Nationwide Building Society The U.K.’s largest building society was fined £980,000 for failing to have effective systems and controls in place to manage its information security risk. Source: OpRisk & Compliance, March 2007
• Capita Financial Administrators Third-party administrator of collective investment schemes was fined £300,000 for poor anti-fraud controls over client identities and accounts. The firm discovered that client names and addresses had been changed, and sale of units processed without orders from the client.
Source: OpRisk & Compliance, April 2006
7
<Insert Picture Here>
Risky Business: Pharma and Healthcare
• WellPointHealth Insurer WellPoint settled claims brought by over 700,000 physicians against six major U.S. health insurers, agreeing to pay $198 million for miscoding legitimate reimbursement claims. As part of the settlement, WellPoint agreed to invest in IT and reform its payment system with enforceable standards for properly coding claims. Source: iHealthBeat, July 2005
• American Red Cross In 2006, the FDA fined the American Red Cross $4.2 million dollars for violating blood handling safety requirements that stemmed from poor quality controls, assurance and inventory audit management, along with inadequate donor screening standards. Source: WSVN News, September 2006
• Biogen IdecIn January 2007, Biogen Idec Inc. settled with the Office of the Attorney General in Vermont after failing to file its financial disclosures regarding its promotion and other marketing activities for Fiscal 2003 and Fiscal 2004 by the state’s deadline.
Source: Center for Business Intelligence, May 2007
• HealthSouthFormer CEO Richard Scrushy was sentenced to nearly seven years in federal prison, while former Alabama Gov. Don Siegelman was sentenced to more than seven years, for related crimes in their bribery and corruption case. Prosecutors requested at least 25 years for each.
Source: The Wall Street Journal, June 28, 2007
8
<Insert Picture Here>
Risky Business: Data Privacy
• Mellon BankFor a violation of the Fair Debt Collection Practices Act, in which employees destroyed 80,000 unprocessed Federal tax returns and tax return checks in an attempt to conceal failure to meet IRS processing deadlines, Mellon paid a fine of $18.1 million and closed its tax processing center. Source: Unbossed.com, April 27, 2005
• ChoicePointIn addition to paying $500,000, ChoicePoint has agreed to a monitored customer data protection program as part of its settlement with 43 State Attorneys General and the District of Columbia, stemming from a 2004 personal database breach. ChoicePoint was fined $15 million in its 2006 Settlement with the Federal Trade Commission for violations of the Fair Credit Reporting Act resulting from this incident.
Source: Statesman.com, June 1, 2007
• Crédit Lyonnais French data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL) announced its first-ever fine, amounting to EUR 45,000 (U.S. $57,556) against Crédit Lyonnais. CNILaccused the bank of violating French privacy law and obstructing investigations by “abusively” recording names of clients with bad credit managed by the French central bank. Crédit Lyonnais also erroneously informed the French central bank of fraudulent use of debit cards by customers, although these customers had other financial incidents.
Source: Winston & Strawn, LLP, June, 2006
• Xanga.comXanga.com, a social-networking and blog site, will pay $1 million in a settlement with the Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA). Xanga had been letting users create accounts even if the dates of birth they entered indicated that they were under the age of 13, and with no provisions for parental notification. Source: CNET News.com, September 8, 2006
9
Savings on legal liability avoidancefrom GRC investment
Source: General Counsel Roundtable, 2006
Spending on Compliance
Savings on Lower Legal Liability $1$5
# of GRC projects
Ad hocApproach
PlatformApproach
Resources for innovation
Opportunity cost of siloed GRC
Cost of GRC
Ounce of Prevention Worth a Pound of Cure
Source: Lord & Benoit, 2006
Share-price performance of companiescomplying with SOX rules
28%26%
6%Control weakness in 2004, but none
in 2005
No control weaknesses in 2004 -05
Reported control weakness 2004-05
Information protection less costly than breaches
Source: Gartner, 2005
Spending on Security
Cost of a Data Breach
$6$90
10
70%
IT’s Role in Rebuilding Corporate TrustThe need for IT Governance
Security
Source: Ponemon Institute, 2005
70%The Ponemon Institute finds that
of all reported security breaches were due to insiders
Strategy
69%
66%
57%
Compliance
Majority of 400 directors surveyed recognize that the right IT strategy is very important for
Customer Satisfaction
Managing Risk
Source: Corporate Board Member/ Deloitte Consulting, March 2007
Control
2%2%When a company announces a security breach, its stock price can drop by
Source: Gartner, 2005
“More than 80 per cent of IT groups may be incapable of satisfying many of the laws and regulations, such as HIPAA and 21 CFR Part 11, that require change-related audit trails and accountability over material configuration items.”
Gartner warns that
11
Financial S
ervice
s
Financial S
ervice
s
Public S
ector
Public S
ector
Financial
Compliance
Financial
Compliance
IT G
overn
ance
IT G
overn
ance
……
LogicalApps - GRC Controls
Access Controls
Setup Controls
Transaction Controls
Oracle GRC ManagerRisks Assessments IssuesProcesses
PoliciesProcedures Remediation
Fusion GRC IntelligenceReportsDashboards Alerts
Key Risk & Control Indicators
Repository
Infrastructure Services
Data Security
Identity MgmtContent Mgmt
Change Mgmt
Data Audit
Oracle Delivers a Comprehensive
Platform for Governance, Risk, and Compliance
Management
Oracle GRC Platform
12
Oracle Security & GRC Strategy
The Oracle Investment• Partners – Software, Platform, Infrastructure & Services • Products – Comprehensive, Industry Leading Solutions;
Common Integrated Security Across Applications & Data Infrastructure; Hot-Pluggable & Open
• Customers – Enabling & Ensuring Sustainable Compliance and a Secure Infrastructure
13
Market Opportunity
Oracle• Secure and maintain Oracle’s leadership position• Oracle’s install base demands it of all of us • New doors to knock on with a different audience• Sell complete partner-enabled solutions and services that
address multiple security and GRC business requirements
Partners• Increase partner value proposition by leveraging Oracle’s
technology and applications, position and brand• New opportunities through access to the Oracle customer
base and Oracle sales• Participation in focused market events by region
14
Partner Initiative Overview
FOR IMMEDIATE RELEASE
Oracle Unveils Enterprise Security and Governance, Risk and Compliance Initiative for Partners
Enables Oracle Partners to Deliver Comprehensive Solutions to Help Customers Address Regulatory Mandates, Organizational Complexity and
Risk Management Requirements
REDWOOD SHORES, Calif., - Nov. 8, 2007
15
Security & Compliance Initiative StrategyObjectives
• Generate net new revenue (increase influence rate & resale)• Increase Oracle product adoption & integration among ISV community• Create ecosystem of partners identifiable by solution and business
issues solved• Enable partners to sell and implement security and compliance
solutions based on Oracle technology
Approach• Create formal program and standardized framework• Identify target initiative partners by solution or service, commitment to
Oracle and market presence• Leverage SIs and Platform Vendors as channel to bring ISV solutions
to market• External content highlighting Oracle’s security & compliance solutions
including integrated partner components• Create an ecosystem of strategic partners that the regions can
integrate into local sales initiatives & go-to-market activities
16
Enterprise Security & GRC Initiative Update
Current• Security & Compliance Initiative
• Loose criteria & approval process
New Initiative Updates• Enterprise Security & GRC Initiative
• Supports Oracle’s updated product strategy
• Open to partners with solutions and/or services for enterprise security, identity management, IT governance, risk management and compliance management
• Partner Solutions are complementary to Oracle’s offerings in this space
• More selective in order to add value and validity to the partner ecosystem and our overall strategy
• Better benefits for greater visibility
17
Criteria to Apply for Initiative
• OPN member in good standing• Acceptance in Database or Fusion Middleware Product
Focus• Published Solutions Catalog profile• Existing Enterprise Security and/or GRC solution or
service offering• Solution that is complementary to Oracle products &
services• Completed application & acceptance based on review of
qualifications
• Note: Applications will be reviewed at the regional and global levels prior to acceptance
18
Application Process
1. Review the criteria for and information on Enterprise Security & GRC Partner Initiative on the OPN Portal• Click on Engage with Oracle• Then on the Go-to-Market link• Find the link to Enterprise Security & GRC
20
Application Process
2. Complete the application online – includes:• Company information
• Product , solution or service description
• Sales and marketing information including business issues addressed by solution or service, customer information
• Business case for initiative participation
• Value proposition to Oracle sales
3. Application is reviewed by regional Alliances & Channels team for completeness and fulfillment of criteria
4. If an ISV, application is reviewed by Development
5. Email response to be sent to you within 15 business days
6. If approved, your company will be flagged as Accepted and you will see a link on the Engage with Oracle page (under My Company Initiatives)
21
Initiative Benefits
• Recognition as a key partner in the Oracle Enterprise Security and GRC partner ecosystem
• Visibility to Oracle sales & customers on Oracle.com• Eligibility for Security Strategy Workshops• Consideration for inclusion in the Enterprise Security and GRC
solution map• Consideration for targeted sales and marketing opportunities and
participation in events and promotions by region • Consideration for inclusion in Oracle press and analyst activities
focused on Oracle’s security and compliance strategy• Consideration for “expert services” bundles with Oracle Consulting• Access to the Enterprise Security & GRC Initiative Dashboard
22
So What? Who Cares?Initiative Value Proposition
For Oracle • Oracle can satisfy customer demand for solutions that enable and ensure
enterprise security and sustainable regulatory compliance, risk management and corporate governance by leveraging our partners’ assets to drive more revenue.
For Partners• Partners can differentiate themselves and help prospective and existing
Oracle clients rationalize their current position and exposure, by mapping solutions to Oracle technology and applications that help fill clients’ security and compliance gaps.
For Customers• Access to a portfolio of qualified solutions and services that help reduce
cost and complexity by managing multiple GRC requirements on a single platform, enable visibility of GRC related activity across the enterprise and safeguard brand and reputation.
23
Metrics for Success
• Expanded partner ecosystem and portfolio of complementary solutions and services
• Extended security & GRC solution and services map• Increased Resell/Co-sell Revenue• Increased partner awareness & training• Increased Oracle footprint, product adoption and
services development among partner community• Partner & Customer References
24
More Information…
Enterprise Security & GRC Initiative Teaser Page
http://www.oracle.com/partners/home/bi/global/security_idty/unauth/index.html
Oracle Products & Solutions
http://www.oracle.com/grc
http://www.oracle.com/security
Initiative Partners
http://solutions.oracle.com (Keyword Search “GRC”)
25
Contacts
• OPN Interaction Centers• [email protected] - North America OPN IC• [email protected] - EMEA OPN IC• [email protected] - LAD OPN IC• [email protected] - Brazil OPN IC• [email protected] - APAC OPN IC
• Additional OPN Information• [email protected] - Global OPN Email Box