con 8810 who should have access to what - final
DESCRIPTION
Neil Gandhi's OpenWorld 2013 PresentationTRANSCRIPT
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.1
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.2
CON 8810 Who Should Have Access to What – Better Risk Management with Identity Governance
Neil GandhiProduct ManagerOracle Identity Governance
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.3
The following is intended to outline our general product direction. It is
intended for information purposes only, and may not be incorporated
into any contract. It is not a commitment to deliver any material, code,
or functionality, and should not be relied upon in making purchasing
decision. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole
discretion of Oracle.
Safe Harbor Statement
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.4
Session Goals
Understand the current market trends regarding Access Compliance and Risk Management
Realize the benefits of an Identity Governance platform and how it can help meet your everyday Compliance and Risk Management challenges
Hear from and engage with customers regarding their experiences with managing Risk by implementing an Identity Governance solution
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.5
Program Agenda
Market Trends
Risk Management & Compliance with Oracle Identity
Governance
Panel Discussion
Q&A
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.6
Market Trends
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.7
Explosion of Scale MillionsOf
Entitlements100’s of
Thousands of Users10’s
Thousands of Apps
Thousands of
Systems
• Few Administrators
• Handful of Audit Staff
• Too many privileged accounts
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.8
Getting the right access is hard
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.9
Increasing volume and frequency of employee access certifications
Business Users do not understand what they are attesting to
IT and Compliance teams struggle with “Who should have access to what”
Market TrendsCompliance Requires Business User Participation
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.10
Enterprise Certification RequirementsWho’s who & what can they do?
Extract Entitlement
s Ad Hoc
Review Entitlement
s Complex
Correlate Results
Un-auditable
Remediate Access
Non-verifiable
Manual
Error Prone
Expensive
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.11
Moving from employee to massive scale for even small companies.
Market TrendsScale requirements are increasing
Corp PCs400MEnterprise
Facebook800MSocial
China1.3BCitizen
Cell Phones5B +Mobile
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.12
Risk Management & Compliance with Oracle Identity Governance
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.13
Oracle Identity GovernanceGovernance Platform
Access Catalog Ownership, Risk & Audit Objectives
Catalog ManagementAccounts
Roles
Glossaries
Entitlements
Grant User Access Monitor User Access
AccessRequest
Privileged AccountRequest
RoleLifecycleManagement
Check-in/Checkout
Identity Certifications
IT Audit Monitoring
Rogue Detection &Reconciliation
Reporting & Privileged Access Monitoring
Provision De-Provision
Connectors
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14
Catalog Enrichment
Catalog Definition
Harvesting
Oracle Identity GovernanceAccess Catalog
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15
Oracle Identity ManagerProvisioning with Preventative SOD Controls
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16
A Smarter Approach to Identity Compliance
Aggregating Information & Building a Catalog
Prioritizing & Automating Certification
Closed-Loop Feedback & Remediation
Reduce Cost, Time & Risk
IdentityWarehouse
Simplified User Experience & Reporting
$
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17
Report Built
And Results
Stored in DB
4
ArchiveAttested Data
Attestation Actions
Delegation Paths
Delegate
Reject
Certify
Decline
Reviewer Selections
Comments
Automate Identity Based Controls
Set Up Periodic
Review
1 Reviewer Is Notified
Goes to Self Service2
Automated Action
is taken based on
Periodic Review
3
Who Reviews It?
What Is Reviewed?
Start When? How Often?
Notify Delegated Reviewer
Notify the Process Owner
Automatically Terminate User via
Closed Loop Remediation
Email Resultto User
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18
Oracle Identity Manager 11g R2Provisioning Context with Identity Auditor
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.19
Focusing on What (Who) Matters Most
Leverage data collected to streamline access certification
Prioritize certifications based on user risk profiles
Aggregate risk profile over the ENTIRE lifecycle
High Risk
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.20
Risk Based Certification
Mainframe
DB
Identity Data Sources
ApplicationsIdentity Warehouse
Roles Certification History
Entitlements Provisioning Events
Risk Factors
Risk Aggregation
Resources Policy Violations
Bulk Certify Cert360
Approve
RejectFocused
Sign-off
Low Risk User High Risk User
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.21
Automate The Remediation
Reduce Remediation Time to Minutes
Instead of Days or Weeks
• Focus on Large Scale• Quick Extract Transform Load• Rolling Certifications• Rolling Data Import• Large Volume Remediation
• Close Loop Remediation• Reduce Help Desk Volume • Complete Audit Trail• Increase Throughput
EntitlementReview
Auto-Remediate
EntitlementReport
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.22
Customer Panel Discussion
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.23
Customer Panel
Patrick Landry David Mathias Robert House
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.24
Moscone South
Oracle Identity Governance Suite: Managing Privileged Accounts from Your Identity Platform
Demo Pods
Moscone South
Identity Management Monitoring with Oracle Enterprise Manager
Moscone South
Oracle Identity Governance Suite: Complete Identity Lifecycle Management
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.25
Sessions Not to Miss
Tuesday10:30 am – 11:30am • CON8811: Converged Identity
Governance for Speeding up Business and Reducing Cost
Moscone West, Room 2018
Wednesday1.15 pm – 2.15 pm • Justifying and Planning a Successful
Identity Management UpgradeMoscone West, Room 2018
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.26
Join the Oracle Community
Oracle.com/Identity
Twittertwitter.com/OracleIDM
Facebookfacebook.com/OracleIDM
Oracle Blogs
Blogs.oracle.com/OracleIDM
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.27
Innovation Awards
Lam Research Theater (Next to Moscone North)
Session ID: CON8082
Session Title: Oracle Fusion Middleware: Meet This Year’s Most Impressive Innovators
Venue / Room: YBCA - Lam Research TheaterDate and Time: Monday Sep 23, 4:45 - 5:45 p.m.
18 Winners Across Eight Categories
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.28
Oracle Fusion MiddlewareBusiness Innovation Platform for the Enterprise and Cloud
Complete and Integrated
Best-in-class
Open standards
On-premise and Cloud Foundation for Oracle Fusion
Applications and Oracle Cloud
User Engagement
Identity Management
Business Process
Management
Content Management
Business Intelligence
Service Integration Data Integration
Development Tools
Cloud Application Foundation
Enterprise Management
Web Social Mobile
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.29
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.30