partner webcast – oracle identity cloud service: introducing secure, on-demand identity management
TRANSCRIPT
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Thanos Terentes Printzios Technology Adoption Manager, EMEA A&C Luca Martelli Director of Identity Management & Security EMEA
Security Cloud Services
Oracle Identity Cloud Service January 26th 2017
EMEA Upcoming Security Webcasts & Events Partner Webcasts (@OracleIMC) • Identity Cloud Service – 26 Jan • CASB CS Palerra – 23 Feb • API Platform CS – 09 March * 27-28 April, Budapest, annual Oracle Partner Security Forum
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Agenda
• Security & Cloud? EU GDPR? Oracle Cloud Security Strategy
• Overview & Demo of Oracle Identity Cloud Service
• Customer Scenarios
– Cloud SSO for Oracle and non-Oracle Cloud services
– Manage External Identities on IDCS
• Licensing Model, Pricing
• Roadmap
• Training and Enablement opportunities for Partners
• Q&A
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Oracle Confidential – Internal/Restricted/Highly Restricted 4
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Employees Partners Consumers
Digital Disruption – Changing Changed World
Oracle Public 5
ON PREMISES PUBLIC CLOUD
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Your Sensitive Data is Already in the Cloud
6
2016 Cloud Security Research Report, Crowd Research Partner
79% Of enterprises are actively deploying cloud solutions in public, private, or hybrid cloud environments
% of Enterprises Deploying
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 7
Workloads are Everywhere Cloud is not just SaaS. Workloads are moving
rapidly to PaaS and IaaS
71% of large enterprise will shift some workloads to cloud by 2018
Enterprises plan to use an average of 6 clouds to run their workloads
2016 McKinsey, 2016 Right Scale
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 8
The Perimeter Has Moved
Traditional perimeter security solutions
are ineffective
91% of organizations have security concerns
adopting public cloud
Only 14% believe network security tools work well protecting public cloud
2016 Cloud Security Research Report, Crowd Research Partners
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
A New Model is Required
Oracle Public 9
Secure
Monitor Respond
Discover
Automated response to augment already stretched security teams
Visibility into what and how cloud services are being used and by whom
Continuous
Visibility and
Verification
Proactive application and data security to ensure sensitive data is protected
Ability to detect threats if anomalous activity is occurring
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 10
Security Cloud Services: Enabling Faster and More Secure Cloud Adoption
Identity Cloud Service
Compliance Cloud Service
Security Monitoring & Analytics Cloud Service
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
API Platform Cloud Service
Hybrid Data Security Protection: Database Security
CASB Cloud Service (Palerra)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 11
Threat intelligence
Oracle Cloud Security Vision Identity SOC
CASB UEBA
Identity Management
SIEM
Automated remediation
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• Key aspects of GDPR
– New statutory requirements will require companies to re-think how they handle and protect their personal data
– Includes a new liability and sanction regime
– Entry into force on 24 May 2018
• Potential serious consequences
– Fines of up to 4% of global annual revenue or €20M
– 72 hours for data breach notification
• Aspects of GDPR that Oracle Offerings may Help Address
– “Data Protection by design and default”
– “Security of Processing“
– “Data Breach Notifications to Individuals” not required if security controls prevent breach from occurring
– If a data breach occurs “administratives fines shall” take into account “technical and organisational measures implemented”
12
• Relevant Oracle Offerings
– Database Security options (Advanced Security Option, Database vault, Audit Vault Database Firewall, Key Vault, Data Masking/Subsetting). DB Cloud can make use of DB security features/options
– Identity Management (Identity Governance, Identity Cloud Service, Access Management, Centralised Directory), API-Platform Cloud Service, CASB Cloud Service
– High availability and resilience: Data Guard, RAC, Backup solutions, ZDLRA
– Applicable to “existing/legacy systems and new digital systems”
Summary: GDPR & Oracle Offerings
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
SaaS PaaS IaaS
Cloud Era Requires Identity-Centric Security
Mobile
Social Internet of Things
Cloud
Big Data
IDENTITY
13 Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 14
Identity Cloud Service
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Modern App Security Centralized authentication, authorization, user management and self-service based on latest standards Hybrid Identity Manage user identities for both cloud and on-premises applications with enterprise-grade hybrid deployments Secure Defense In-depth Gain layers of defense with identity hosted as an Oracle Public Cloud (OPC) service and integrated with cloud security fabric
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Apps
Apps
CLOUD PLATFORM
Employees
Partners
Consumers
Cloud applications
On Premise
Cloud Directory ID Store
ID Admin User Mgmt.
Access Mgmt. SSO, Federation
MFA Strong Auth.
Governance Certs, Access Requests,
SoD
Intelligence Risk & Context, Threat
Provisioning Account, LC mgmt.
Oracle Identity Cloud Service
B2C Social, Insights
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Introducing Identity Cloud Service Complete Hybrid Identity Management
16
Identity Cloud Service
So wareasaService
InfrastructureasaService
Pla ormasaService
3rd Party Cloud Services
• Cloud-Native Multi-tenant platform on the Oracle Cloud
• Manage Users
– Sync identities, SSO, Federation
• Manage Applications
– Integrate using open standards
• Manage Policies
– Protect Applications using strong access control policies
On-Premises Applications
On-premises IAM
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Growing Market Opportunity for IDCS to provide value to SaaS
“Through 2018, federated single sign-on (SSO) will be the predominant SSO technology required by 85% of organizations.”
“The adoption of SaaS applications is the most common driver for new SSO projects, followed by consumer-facing and B2B use-case drivers.”
- Gartner Take a Pragmatic Approach to Single Sign-On for Quicker Value, 29 July 2016
17
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Demetris Skourides Cloud Transformation and Platform Solutions Leader, EMEA A&C Luca Martelli Director of Identity Management & Security EMEA Patrick McLaughlin Oracle Fellow
Oracle Identity Cloud Service January 26th 2017
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 19
ACME Chip Design: Manage External Identities in the Cloud
• ACME admin onboards partner users and applications
• New Partner self-registers and onboards new users
• Partner end user downloads sensitive data and is automatically locked out
• Partner admin remediates access on-demand
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 20
Hybrid Identity
• Application security for cloud and on-premises workloads
• Access Certification, Audit and Compliance for Cloud Apps using OIG
• Move app policies to the cloud as apps and workloads begin moving to the cloud
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 21
Open and Standards-based
OAuth SCIM SAML OpenID
SAML
• API first design
• 100% standards-based: SAML, SCIM, OpenID Connect and OAuth
• Sustaining board member of OpenID Foundation
• Leading FastFed Working Group to simplify and accelerate integrations
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 22
Secure
• Zero-trust design between microservices
• Data security at rest using Transparent Data Encryption and Schema Isolation
• Risk-aware, adaptive access control
• Layered defense spanning Silicon, Infrastructure, DB, Middleware and Applications
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Public Cloud
Apps
Use Case: Secure Access for Cloud and on Prem
Apps
Customer On-Premise
Oracle IAM or AD
Apps
Synchronized
IDCS
ID Bridge
Cloud applications
Apps
Employee Apps
Employee access
Apps Apps
Customer On-Premise
On-Prem IdM directory
24
Use Case: ID Management of External Identities
Customer identities in cloud directory
Oracle Public Cloud
IDCS
Consumer access
Apps
Customer Portal
Apps Apps
Other Clouds
User and partner access
Admin access
Oracle Public Cloud
Cloud directory with stored identities
25
Use Case: Moving Apps to the Cloud
Any Cloud Service
Apps Apps Apps
Web, Desktop, or Mobile Apps
IDCS
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Manage Users
26
Oracle Identity Cloud Service
Identity Bridge
• Synchronize user identities from on-premises AD or OIM
– Identity Bridge for Active Directory
– OIM Connector for IDCS
– User Account Upload using CSV
• Federate access policy to external Identity Provider (i.e. Oracle Access Manager)
– SAML 2.0 compliant IDCS Connector
OIM IDP
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• Add Custom and 3rd Party Applications using Templates or off-the-shelf App Catalog
• Single-Sign-On using SAML 2.0, OpenID Connect or OAuth 2
• Unified User Experience across multiple device platforms
27
Manage Applications
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 28
Oracle Mobile Authenticator
Integrated biometrics Soft Token Generator Push Notifications
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Why IDCS is Important for Oracle SAAS & PAAS
• Provide true SSO:
– Across SAAS
– Across id domain (SIM)
– No multiple agreement and configurations with on-prem
• Provide SSO and user authentication for mash up apps with multiple SAAS and PAAS
• Group based access control across SAAS
• SOD across SAAS
• Multi Factor Authentication – Risk based authN, UEBA
• Off course provisioning soon
29
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Licensing & Pricing
30
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Feature List Basic is for Oracle Use Cases, Standard for 3rd Party Clouds Feature Foundation IDCS for OPC* IDCS Basic IDCS Standard
Single Sign On Yes Yes Yes
User and Role Management Yes Yes Yes
Self-service User Profile Management Yes Yes Yes
Identity Objects No limit No limit No limit
Security/Usage Reports Yes Yes Yes
Company Branding and customization Yes Yes Yes
External IDP Federation Yes Yes Yes
Self-service password reset Yes Yes
Group-based access controls Yes Yes
ID Sync Yes Yes
Enterprise SLA (99.9%) Yes Yes
3rd Party Cloud Services (non-Oracle) Yes
31
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Identity Cloud Service (IDCS) Pricing more info: https://cloud.oracle.com/en_US/identity
32
Features: SSO and User Management for OPC services only
$1 /user /month
(Enterprise users only)
$4 /user/month for Enterprise
Users
$0.02 /user/month Non-
Enterprise Users
IDCS Basic (Non-metered)
IDCS Standard (Non-metered)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Roadmap
33
Oracle Identity Management – Planned Releases
IDM 11gR2 PS3 Bundle Patches
IDM 12c Release and Patches
IDCS Release and Continuous Updates
IDCS Customer & Partner Beta
Partner Ecosystem Innovation
Oracle Confidential – Internal 35
Oracle Confidential – Internal 36
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Awarness and Enablement Plan for Partners Demo Workshops Partner Community Forum (April)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Access a cloud instance of IDCS: demo.oracle.com (GSE) • Partners have
access to demo.oracle.com (GSE) directly provided they sign the DSS Addendum
• Demo Services Addendum can be signed on line via http://www.oracle.com/partnerstore (Demo Services -> Apply for Addendum)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
IDCS Workshop for Partners
The workshop is designed to provide an introduction into Identity Cloud Service architecture, capabilities and functionality through live demos and hands-on exercises.
Two workshop versions:
- Short (4 hours) recommended for online delivery through Webex
- Full (1 day) recommended for in-class with hands-on labs
39
A Virtual Workshop will be offered to the partners attending this webcast Get in touch with your local partner manager or the contacts details at the end of this presentation to request a dedicated Virtual or in Room workshop for you and your team
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Short version (4 hours) - Virtual
• Introduction
• Architecture
• UI Tour
• User & Group Management
• IDCS Customization
• Password Management
• Federation – IDCS SP and OAM IDP
– IDCS IDP and SalesForce SP
• Identity Bridge
• BYOA (Bring Your Own Application)
Full version (1 day) – In Room
• Introduction
• Architecture
• UI Tour (live demo)
• User & Group Management (lab)
• IDCS Customization (lab)
• Password Management (lab)
• Federation – IDCS SP and OAM IDP (lab)
– IDCS IDP and SalesForce SP (live demo)
• Identity Bridge (live demo)
• BYOA (Bring Your Own Application) (lab)
IDCS Workshop Agenda
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• 2 days annual meeting with focused EMEA Identity&Security partners
• Benefits:
– Sharing about customer business priorities
– Getting the latest roadmaps and insights from HQ head of security development (HQ PMs Team + EMEA Team)
– Networking
• Expectations:
– Bidirectional conversations
Security Partner Community Forum Budapest – 27, 28 April 2017
41
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Identity Cloud Service: Hybrid, Secure, And Open
Introducing Oracle Identity Cloud Service, part of a strategic hybrid identity solution—giving you a single point of management, and one view of all your employees, partners, and customers across on-premises and cloud resources.
Extending Identities To The Cloud with Oracle IDCS
Take advantage of modern, cloud-based access capabilities, while laying a foundation for tomorrow with Oracle Identity Cloud Service
Managing Your Customers With Oracle Identity Cloud Service
Take control of digital business now with Oracle Identity Cloud Service, a secure on-demand identity service that helps achieve people-centric security that is both seamless and transparent to your users.
Secure Cloud Single Sign-On with Oracle Identity Cloud Service
Oracle Identity Cloud Service makes accessing cloud applications simple, and reduces the risks involved—helping to keep your apps, data, and users safe, secure, and productive.
Resources to Share: 4 Videos to Help You Explain the Benefits of IDCS
YouTube
YouTube YouTube
YouTube
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• A&C Team
– Thanos Terentes Printzios
– Your Oracle Partner Manager
• EMEA Security – Franck Hourdin
– Luca Martelli
– Patrick McLaughlin
– Prashant Barot
Regional Security Goto Persons:
– Alessandro Vallega, France, Italy
– Mauricio Gumiel, Iberia
– Karen Weebers, Benelux
– Dragan Petkovic, MEA
– Dimitris Theodoropoulos, EECIS
– Ernst Lorenz, North
– Paul Kennedy and Graeme Kerr, UKIE
– Natalia Diskin, Israel
Follow-up Contact Details in the Security Team ([email protected])
43
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public 44
Security Cloud Services: Enabling Faster and More Secure Cloud Adoption
Identity Cloud Service
Compliance Cloud Service
Security Monitoring & Analytics Cloud Service
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
API Platform Cloud Service
Hybrid Data Security Protection: Database Security
CASB Cloud Service (Palerra)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 45
&
EMEA Security Webcasts & Events
Partner Webcasts @OracleIMC
• Identity Cloud Service - 26 Jan
• CASB CS Palerra - 23 Feb
• API Platform CS - 09 March
27-28 April, Budapest Annual Oracle Partner Security Forum
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Stay In Touch Oracle IMC blog: http://blogs.oracle.com/imc
Oracle ECEMEA Partner Hub Homepage: http://oracle.com/goto/hub-ecemea
Oracle IMC Mail: [email protected]
Twitter: http://twitter.com/oracleimc
Facebook: http://facebook.com/oracleimc
LinkedIn: http://linkedin.com/groups/OracleIMC-4535240
Google+: http://plus.google.com/+OracleIMC
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 47