Oracle Security Solutions

Carl Terrantroy Director Technology Initiatives ANZ

?

226 Million is…...
1. Noted data breaches to date 2. The population of the USA 3. What you should earn 4. # of digits a Pentium CPU can calculate pi to

3

Primary Security Challenges Today

1

Business Information is Not Secure Today

Many Forms of Information Many Stores for Information Many Users Complexity - Defining Policies & Detecting Violations

2

Costs to Secure Information Escalating

Many New Applications Many New Self-Service Users New Forms of Vulnerability & Security Policies Manual Forensic Process to Detect Policy Violations Legislative Changes

3

Integrating Security with Systems Challenging

Multiple Point Applications Multiple Security Solutions Limited Integration across Identity Lifecycle Limited Integration with Auditing & Controls

?

Natasha Stott Despoja Did Not Introduce The Following Members Bill
1. Paid Maternity Leave 2. Data Security Breach Notification 3. Same Sex Marriages 4. Climate Change

And the winner is…

?

How many security features does Oracle have for 9iR2 ?
1. 5 2. 9 3. 10 4. 12

?

What Is The Leading Contributor For Unplanned Down Time?
1. Water Damage 2. Human Error 3. Software Failure 4. Other

?

The Choice Is Yours
1. Comprehensive Data Protection 2. Comprehensive Identity & Access Management 3. Comprehensive Controls Enforcement 4. Legislative Pressures

1

Comprehensive Data Protection

1

Comprehensive Data Protection
1. When Sent Over Network 2. When Stored in Database 3. When Distributed Outside Database 4. When Archived or Backed Up 5. When Administered

Oracle Data Protection Solutions
Oracle Advanced Security
Network Encryption Database Encryption

Oracle Information Rights Management
Protect Distributed Documents

Oracle Secure Backup
Protect Database Archives

Oracle Database Vault
DBA Access Control

Oracle Advanced Security
Network Encryption

Benefits  Strong encryption for data in flight  Transparent to applications  Easy to implement

Oracle Advanced Security
Transparent Data Encryption

Benefits  Strong encryption for data at rest  No application changes required  Efficient encryption of all application data

Oracle Information Rights Management

Benefits  Secure unstructured data / documents  Prevent data leakage from ad hoc distribution  Centrally enforce entitlements  Audit document access and usage  Digitally “shred” documents

Oracle Secure Backup

Benefits  Secure data archival  Easy to administer key management  Fastest Oracle Database tape backups

Oracle Database Vault

Benefits  DBA separation of duties  Securely consolidate databases  Enforce whom, how, where, and when
Finance DBA

 No application changes required

?

What product controls documents outside the firewall?
1. Data Vault 2. Secure Backup 3. Information Rights Management 4. mySQL

And the winner is…

?

Do You Want More Information On?
1. Data Protection 2. Backup Protection 3. Uptime Protection

2

Comprehensive Identity and Access Management

2

Comprehensive Identity & Access Management

1. Store & Virtualise Identities 2. Provision Identities & Roles 3. Manage Access to Systems 4. Federate Identities

Oracle Identity Management Solutions
Oracle Directory Services
LDAP Directory Virtual Directory

Oracle Access Manager / Enterprise SSO
Web Access Control Single Sign-On

Oracle Identity Manager
Identity Administration

Oracle Adaptive Access Manager
Consumer Authentication

Oracle Role Manager
Business Role Management

Oracle Identity Federation
Secure Cross-Domain Authentication

Oracle Directory Services
Portal and J2EE Applications Enterprise Applications Custom Applications

Benefits  Centralized, secured identity data  Real-time integrated view of disparate data stores
Virtual Directory

 Oracle Database scalability & reliability  Rapid application deployment

Oracle LDAP

Active Directory iPlanet, X500

Databases

Mainframe

Oracle Identity Manager
Benefits  Automated user on-boarding and off-boarding  Sustainable cost-efficient compliance  Improved security and policy management
Email

Marketing

Forecasts

Employee Lifecycle
Benefits

Expenses

Oracle Role Manager
Business Roles Provisioning Workflow

IT Roles Business Process Workflow

System Privileges Business Operation Context

Benefits  Single authoritative source for business roles  Rapid role mining and modeling  Reduced identity administration costs

Oracle Access Manager Oracle Enterprise Single Sign-On
UN/Password Kerberos Biometric Smart Card

Web Access and Single Sign-On

e-mail / Outlook

Mainframe

Benefits  Centralized authentication and SSO  Consistent policy enforcement  Improved end user experience

Oracle Adaptive Access Manager

Secure Mutual Authentication

Device & Geo-location Forensics

• • • •

Real time analytics Pattern and anomaly detection Risk Scoring Step up authentication

Benefits  Proactive, real-time fraud prevention  Contextual authentication/authorization  Web-based software only – easy to deploy

Oracle Identity Federation
Benefits  Secured integration with partners  Reduced administration cost  Improved end user experience

3

Comprehensive Controls Enforcement

3

Comprehensive Controls Enforcement

1. Define Operational Controls 2. Detect Policy Violations 3. Audit Policy Violations

Oracle GRC Solutions
Oracle GRC Manager
Policy documentation

Oracle GRC Intelligence
Reporting and dashboard

Oracle GRC Controls Suite
Segregation of Duties

Oracle Audit Vault
Audit data consolidation

Oracle GRC Manager & GRC Intelligence
Benefits  Manage multiple global compliance mandates with one system  Align policies and processes with best practice risk and control frameworks (COSO, COBIT, ITIL, etc.).  Remediate exceptions from both manual and automated control tests

Why?
Mandate
PCI SOX 404 FFIEC CASB 1386 EU Privacy Directive HIPAA FDA

What?
Business Process

How?
Control Policy

Risk
Impact Likelihood

Application

Framework
ISO | COSO | COBIT | ITIL

Oracle GRC Controls Suite
User: John Doe Role: Shipping Clerk Function: Tracking POs

Benefits
Role: Shipping Supervisor

Function: Purchase Orders Form: Receiving

 Enforce segregation of duty controls in enterprise applications  Apply best practice application setups and reduce "drift"  Detect and prevent erroneous and fraudulent transactions

Tab: Review PO

Correlate Events and Detect Policy Violation

Action: Submit PO

Transaction: Order 123 Action: Signature Receipt

Vendor: Acme

?

Do You Produce Audit Reports

1. Yes 2. No

Oracle Audit Vault
Alert Alert Alert

Audit Framework

Benefits  Securely consolidate audit data  Simplify compliance reporting  Detect suspicious activity

Custom Apps Data

HR Data

CRM Data

ERP Data

Oracle Databases

?

What does PCI stand for?
1. Public Control Information 2. Personal Computer Interface 3. Payment Card Industry 4. Public Confidence Index

And the winner is…

4

Legislative Pressures

4

Legislative Pressures

1. Records Archiving 2. Records Destruction 3. Privacy 4. Index & Searching

Oracle’s Storey = Simplification + Savings
Number of Controls Tested (2006)
>10k Controls Tested = 5%

Spending on SOX Compliance (2006)

5,001 – 10,000 Controls Tested = 20%
$6.3 M

1,001 – 5,000 Controls Tested = 50% 500 – 1,000 Controls Tested = 5% 0-500 Controls Tested = 5%
$3.2 M

398 Controls Tested
Oracle

Companies with $5B-$20B Revenue*

Oracle

Companies with $5B-$20B Revenue*

Standardized Systems, Processes = Stronger Controls, Fewer Tests = Lower Costs

*Source: Controller’s Leadership Roundtable, 2006

Everybody Knows It Makes Sense
“We should adopt a consistent approach or methodology for similar activities in governance, risk and compliance”

90%
Agree or Strongly Agree
Source: 2007 OCEG Benchmark Series: GRC strategy Study

Yet Few Are Doing It
“How would you characterise the degree of integration between and among your governance, risk and compliance practices? ”

Only 16%
Are Fully Integrated
Source: 2007 OCEG Benchmark Series: GRC strategy Study

New Legislation

Oracle Universal Online Archive
eDiscovery Content

eMail

Financials

HRMS

CRM

ERP

Open API

Records Management Auto-Classification De-Duplication

Unparalleled Scalability

Unparalleled Performance

eDiscovery

1 2 3
Records Management Auto-Classification De-Duplication

API

4

6

5 7

?

When does eDiscovery legislation take effect?
1. 1st July 2008 2. 1st July 2009 3. 1st January 2009 4. 30th June 2008

And the winner is…

?

Do You Want More Information On?
1. eDiscovery 2. Universal Archive 3. Both

?

Do You Want More Information On?

1. Greening The Data Center

Summary

Datacenters need to change
– –

Comprehensive Data Protection Consolidate Audit Information
Ask Once, Test Once and Reuse Many

Questions?

EVALUATION

Evaluation - Session 1

How did you rate the Content that was presented?
1
Poor

5
Excellent

Evaluation - Session 1

How did you rate the Delivery of the presentation?
1
Poor

5
Excellent

Evaluation - Session 1

How did you rate the value of this presentation for your organisation?
1
Poor

5
Excellent

Sign up to vote on this title
UsefulNot useful