Upload
nalini-sharma
View
218
Download
0
Embed Size (px)
Citation preview
8/9/2019 Identity Management report
1/16
INTRODUCTION
How secure is data in organisations???
Organizations across the world have been increasingly incorporating Information Technology (IT) into
their business processes and with this, use of proper security measures have become a critical issue.
These organizations are under increased pressure to strengthen their security while reducing cost and
streamlining their operations. They also need to maintain agility to adapt to rapidly changing
requirements. This has led to the increased complexity of their IT networks, demanding a solution that
helps manage the growing multiplicity of users who require access to IT resources, while complying with
international regulations.
DEFINITION
Identity Access Management (IAM) encapsulates people, processes and products to identify and
manage the data used in an information system to authenticate users and grant or deny access rights to
data and system resources. The goal of IAM is to provide appropriate access to enterprise resources.
Within the enterprise, an identity management system comprises a system of directories and access
control based on policies. It includes the maintenance of the system (adds, changes, deletes) and
8/9/2019 Identity Management report
2/16
generally offers single sign-on so that the user only has to log in once to gain access to multiple
resources.
OVERVIEW
The ability of an organization to rapidly search, identify and verify who is accessing the systems
is a critical aspect of meeting security and compliance requirements for the organization.
Implementing IAM models for a small business group and incrementally covering every part of
the organization can reap benefits monetarily and security wise.
IAM comprises four main components namely, Authentication, Authorization, User
Management and Central User Repository. Its goal is to provide the right access to the right
people in order to protect information sources.
Authentication
This area covers authentication and session management within user applications.
Userid/password authentication is the most common approach to providing access control and
information privacy to user and enterprise information. Implementing IAM helps manage
different sessions of the users from centralized locations.
Authorization
Authorization determines whether the user has the required permission or access right to a
particular resource. IAM checks the user access request against authorization policies of the
organization. It is at this point that organizations can implement role-based access controls.
Authorization includes user attributes, groups to which the user belongs, access channels, data
resources that can be accessed, and perhaps more complex access criteria, such as time-based
access or complex business rules that determine dynamic permissions granted to the user.
8/9/2019 Identity Management report
3/16
User management activities
IAM defines rules for administrative functions like password resetting, identity creation,
propagation, and user identity and privileges management. This module also manages the
entire user life-cycle right from identity creation to final de-provisioning from accounts
database. It is necessary to install an integrated workflow system that can take care of user
management activities.
Central user repositories
By implementing IAM systems the organization can store and deliver identity information from
a single authoritative source to other IT services and can provide verification on demand. Thismodule presents a logical view of existing identities and their relationships to various other
systems. These repositories can be physical or virtually maintained depending on the growing
volume of identities
TODAYS IT CHALLENGES
8/9/2019 Identity Management report
4/16
With enterprises throwing their networks open to more and more entities, they are faced with
the challenges of
y Creating multiple user accounts with appropriate levels of access to applications andresources.
y Integration associated with users accessing information through multiple channels like web,wireless and mobile.
y Increasing complexity of networks resulting in separate networks dedicated to differentfunctions, making management of users, more difficult.
IDM MARKET SIZE
Worldwide identity and access management (IAM) revenue is $9.9 billion now in 2010, an 8 per
cent increase from 2009 revenue of $9.2 billion, according to Gartner, Inc.
According to Gartner, compliance, audit and analytics requirements continue to be the main
factors influencing investments in IAM, alongside operational efficiency and better integration
across IAM solutions. Although the economic downturn has affected the IAM market, it is
proving to be fairly resilient and, along with other security areas, IAM continues to receive
higher prioritisation compared with other technologies.
Overall, the IAM market is estimated to grow to $11.9 billion by the end of 2013. Mr Contu said
that IAM products will continue to attract interest and investment during the coming years
because it remains a critical technological area for enabling businesses to improve and
automate processes relating to access management.
However, the evolution of the market has been impacted by a number of internal and external
factors. Internally, merger and acquisition activity has resulted in the consolidation of the
vendor landscape around larger, established players, particularly in key areas such as user
provisioning and web access management. Externally, the impact of the economic downturn
and the consequent tightening of IT budgets, with a related increasing demand for IAM as a
8/9/2019 Identity Management report
5/16
service type of product, have influenced the levels of spending directed on IAM and delivery
models end users are opting for.
KEY GROWTH FACTORS
1. Increasing Use of IT-enabled Applications2. Growing Online Frauds3. Regulatory Compliance4. Improved Quality of Services5. Lower Business Cost
The demand for Identity Management suites continues to be dominated by security and cost-cutting benefits; however, regulatory compliance is becoming equally important, especially for
companies in North America. The deployment of IAM have largely been driven by businesses
efforts to comply with the growing number of international regulatory requirements such as
HIPAA, Sarbanes-Oxley and the Payment Card Industrys customer identity protection
requirements. These regulations require companies to provide audit trails of all user actions to
government auditors, and oblige top executives to be certain that no users have violated their
access rights or used digital resources inappropriately.
MARKET PLAYERS
Portals Application/Web Servers
8/9/2019 Identity Management report
6/16
Applications Groupware
Directories Operating System
Oracle - Leader in Gartner Magic Quadrants
User Provisioning Web Access Management
8/9/2019 Identity Management report
7/16
CUSTOMERS
Financial Services Retail Services
Manufacturing and Transportation Technology and Communication
Government and Public Sector Health Care
8/9/2019 Identity Management report
8/16
ORACLE IDM SUITE
8/9/2019 Identity Management report
9/16
I. ACCESS CONTROL
Benefits
1. Centralized and consistent security across heterogeneous environments2. Reduced administration cost3. Improved end user experience
Features
1. Web single-sign-on2. Common policy management3. Multi-level, multi-factor authentication management4. Self-service and delegated administration5. Workflow engine6. Web Services interfaces
ORACLE ENTERPRISE SSO
Benefits
Eliminates forgotten passwords for Windows desktop and applications
1. Improves security & user experience2. Meet regulatory compliance
8/9/2019 Identity Management report
10/16
Features
1. Sign-on to any Windows, web, host, mainframe or Java application2. Use any combination of tokens, smart cards, biometrics and passwords3. Auto inactive session termination and application shutdown for shared workstation4. Reset Windows password directly from locked workstation
ORACLE IDENTITY FEDERATION
Benefits
1. Secured integration with partners2. Reduced administration cost3. Improved end user experience
Features
1. Seamless SSO and identity sharingy Multi-protocol gateway SAML, Liberty, WS-Federationy Service Provider or Identity Provider
2. Flexible deployment configurationsy Standalone for use with pre-existing web-access management solutiony Protocol SDK for custom applications
ORACLE WEB SERVICES MANAGER
Benefits
1. Quick and simple deployment2. Provide standard (J2EE) policy enforcement points3. Enable SLA definition and monitoring, quality of service reporting.
Features
1. Declarative policy (no coding)2. Rich library of pre-built policies3. Centralized policy management with local enforcement4. Supports WS-Security
8/9/2019 Identity Management report
11/16
II. IDENTITY ADMINISTRATION
ORACLE IDENTITY MANAGER
Benefits
1. Reduced administration cost2. Cost effective regulatory compliance3. Improved security4. Improved service level
Features
1. Identity life-cycle management for the heterogeneous enterprise2. Approval and provisioning workflows3. Role based access control4. Complete integration solutions: OOTB connectors & Adapter Factory5. Deep integration to ERP and HRMS6. Audit and compliance reporting and process automation
8/9/2019 Identity Management report
12/16
III. DIRECTORY SERVICES
ORACLE VIRTUAL DIRECTORY
Benefits
1. Rapid application deployment2. Tighter controls on identity data3. Real-time identity information access
Features
1. Modern Java & Web Services technology2. Virtualization, proxy, join & routing capabilities3. Superior extensibility4. Scalable multi-site administration5. Direct data access
8/9/2019 Identity Management report
13/16
IV. IDENTITY AUDIT & COMPLIANCE
Benefits
1. Cost effective compliance2. Enhance data integrity and auditability3. Real time and consistent enforcements4. Enable compliance to SOX, GLB, HIPAA, J-SOX
Features
1. Comprehensive historical and temporal audit data2. Comprehensive operational and historical reports3. Attestation of entitlements4. Segregation of duties via denial policies5. Comprehensive system and exception logging6. Integration with Audit Vault, ICM, and 3rd party compliance products
8/9/2019 Identity Management report
14/16
V. MANAGEMENT
ORACLE ENTERPRISE MANAGER FOR IDENTITY MANAGEMENT
Benefits
1. Actively manage IdM service levels2. Rigorous management of IdM technology stack3. Simplified deployment, patching, and upgrade
Features
1. Automated modeling of IAM components and infrastructure2. Define SLA, monitor and report3. Response time, throughput, usage metrics, 4. Server, application, and user level metrics5. Automated discovery of IAM components and infrastructure6. Discover & track configuration attributes / values7. Installing, Patching, Upgrading, Cloning
8/9/2019 Identity Management report
15/16
Oracle IDM Suite Benefits
1. Faster deployments With Oracle Identity and Access Management Suite, you cannow deploy applications faster, apply the most granular protection to enterprise
resources, automatically eliminate latent access privileges, and much more. Enterprisescan leverage Identity and Access Management Suite in its entirety or deploy individual
components of the suite to meet your unique needs given the comprehensive, hot
pluggable and application- centric features
2. Enhanced user experience Seamless switching between applications improvesproductivity for users across a wide range of applications.
3. Improved security Pre integrated, best-in-class solutions work together as a singlesolution. Identity management solutions can not only aid security but also makes it
easier to assign privileges to different user groups to manage them more effectively.
Oracles Identity Management features the industry's most complete suite of best-in-
class identity management solutions all your user security needs.
4. Lower TCO a single solution cuts the time spent integrating disparate components,and provides a single point of contact for support, a single license contract, and the
backing of the world's largest enterprise software company.
Oracle Identity Management 11g enables customers to efficiently comply with regulatory
requirements, secure critical applications and sensitive data, and lower operational costs. Using
the most complete and best-in-class suite of identity management solutions available,
enterprises can manage the entire user identity life cycle across all enterprise resourcesboth
within and beyond the firewall.
8/9/2019 Identity Management report
16/16
CONCLUSION
The identity management market is one that we watch closely. And while it has yet to fully
explode into the mainstream, 2010 is seeing it steadily gaining momentum. Identity is so
compelling because it's far more than just a security technology. Authentication, fine-grained
access control, and SSO (single sign-on) are all advantageous, but they only represent the tip of
the iceberg of what an identity suite can accomplish.
Ultimately identity will serve as the foundation for managing distributed webs of application
services, paving the way for smoother, SOA-based business integration. But, of course, that's a
long way off. In the meantime, most enterprises will embrace it for its ability to automate
provisioning and deprovisioning of user accounts, as well as for its centralized authenticationlogging and auditing capabilities, both of which can play a crucial role in regulatory compliance
measures. For many companies, however, setting up an identity infrastructure remains a
daunting task. Not only is the technology complex, but it also inevitably touches countless areas
of an enterprise and its business processes. Reducing the perceived barriers to entry will
definitely be Job No. 1 for identity vendors.
Over the long term, SOA may prove to be the ultimate driver of identity technologies, as
identity management and service orchestration dovetail into a single infrastructure
management discipline. For now, however, sustained growth will be the theme. Identity
management is still in its early phases, but it's never too soon to get on board, because big
things are ahead.