Identity Management report

8/9/2019 Identity Management report

1/16

INTRODUCTION

How secure is data in organisations???

Organizations across the world have been increasingly incorporating Information Technology (IT) into

their business processes and with this, use of proper security measures have become a critical issue.

These organizations are under increased pressure to strengthen their security while reducing cost and

streamlining their operations. They also need to maintain agility to adapt to rapidly changing

requirements. This has led to the increased complexity of their IT networks, demanding a solution that

helps manage the growing multiplicity of users who require access to IT resources, while complying with

international regulations.

DEFINITION

Identity Access Management (IAM) encapsulates people, processes and products to identify and

manage the data used in an information system to authenticate users and grant or deny access rights to

data and system resources. The goal of IAM is to provide appropriate access to enterprise resources.

Within the enterprise, an identity management system comprises a system of directories and access

control based on policies. It includes the maintenance of the system (adds, changes, deletes) and


2/16

generally offers single sign-on so that the user only has to log in once to gain access to multiple

resources.

OVERVIEW

The ability of an organization to rapidly search, identify and verify who is accessing the systems

is a critical aspect of meeting security and compliance requirements for the organization.

Implementing IAM models for a small business group and incrementally covering every part of

the organization can reap benefits monetarily and security wise.

IAM comprises four main components namely, Authentication, Authorization, User

Management and Central User Repository. Its goal is to provide the right access to the right

people in order to protect information sources.

Authentication

This area covers authentication and session management within user applications.

Userid/password authentication is the most common approach to providing access control and

information privacy to user and enterprise information. Implementing IAM helps manage

different sessions of the users from centralized locations.

Authorization

Authorization determines whether the user has the required permission or access right to a

particular resource. IAM checks the user access request against authorization policies of the

organization. It is at this point that organizations can implement role-based access controls.

Authorization includes user attributes, groups to which the user belongs, access channels, data

resources that can be accessed, and perhaps more complex access criteria, such as time-based

access or complex business rules that determine dynamic permissions granted to the user.


3/16

User management activities

IAM defines rules for administrative functions like password resetting, identity creation,

propagation, and user identity and privileges management. This module also manages the

entire user life-cycle right from identity creation to final de-provisioning from accounts

database. It is necessary to install an integrated workflow system that can take care of user

management activities.

Central user repositories

By implementing IAM systems the organization can store and deliver identity information from

a single authoritative source to other IT services and can provide verification on demand. Thismodule presents a logical view of existing identities and their relationships to various other

systems. These repositories can be physical or virtually maintained depending on the growing

volume of identities

TODAYS IT CHALLENGES


4/16

With enterprises throwing their networks open to more and more entities, they are faced with

the challenges of

y Creating multiple user accounts with appropriate levels of access to applications andresources.

y Integration associated with users accessing information through multiple channels like web,wireless and mobile.

y Increasing complexity of networks resulting in separate networks dedicated to differentfunctions, making management of users, more difficult.

IDM MARKET SIZE

Worldwide identity and access management (IAM) revenue is $9.9 billion now in 2010, an 8 per

cent increase from 2009 revenue of $9.2 billion, according to Gartner, Inc.

According to Gartner, compliance, audit and analytics requirements continue to be the main

factors influencing investments in IAM, alongside operational efficiency and better integration

across IAM solutions. Although the economic downturn has affected the IAM market, it is

proving to be fairly resilient and, along with other security areas, IAM continues to receive

higher prioritisation compared with other technologies.

Overall, the IAM market is estimated to grow to $11.9 billion by the end of 2013. Mr Contu said

that IAM products will continue to attract interest and investment during the coming years

because it remains a critical technological area for enabling businesses to improve and

automate processes relating to access management.

However, the evolution of the market has been impacted by a number of internal and external

factors. Internally, merger and acquisition activity has resulted in the consolidation of the

vendor landscape around larger, established players, particularly in key areas such as user

provisioning and web access management. Externally, the impact of the economic downturn

and the consequent tightening of IT budgets, with a related increasing demand for IAM as a


5/16

service type of product, have influenced the levels of spending directed on IAM and delivery

models end users are opting for.

KEY GROWTH FACTORS

1. Increasing Use of IT-enabled Applications2. Growing Online Frauds3. Regulatory Compliance4. Improved Quality of Services5. Lower Business Cost

The demand for Identity Management suites continues to be dominated by security and cost-cutting benefits; however, regulatory compliance is becoming equally important, especially for

companies in North America. The deployment of IAM have largely been driven by businesses

efforts to comply with the growing number of international regulatory requirements such as

HIPAA, Sarbanes-Oxley and the Payment Card Industrys customer identity protection

requirements. These regulations require companies to provide audit trails of all user actions to

government auditors, and oblige top executives to be certain that no users have violated their

access rights or used digital resources inappropriately.

MARKET PLAYERS

Portals Application/Web Servers


6/16

Applications Groupware

Directories Operating System

Oracle - Leader in Gartner Magic Quadrants

User Provisioning Web Access Management


7/16

CUSTOMERS

Financial Services Retail Services

Manufacturing and Transportation Technology and Communication

Government and Public Sector Health Care


8/16

ORACLE IDM SUITE


9/16

I. ACCESS CONTROL

Benefits

1. Centralized and consistent security across heterogeneous environments2. Reduced administration cost3. Improved end user experience

Features

1. Web single-sign-on2. Common policy management3. Multi-level, multi-factor authentication management4. Self-service and delegated administration5. Workflow engine6. Web Services interfaces

ORACLE ENTERPRISE SSO

Benefits

Eliminates forgotten passwords for Windows desktop and applications

1. Improves security & user experience2. Meet regulatory compliance


10/16

Features

1. Sign-on to any Windows, web, host, mainframe or Java application2. Use any combination of tokens, smart cards, biometrics and passwords3. Auto inactive session termination and application shutdown for shared workstation4. Reset Windows password directly from locked workstation

ORACLE IDENTITY FEDERATION

Benefits

1. Secured integration with partners2. Reduced administration cost3. Improved end user experience

Features

1. Seamless SSO and identity sharingy Multi-protocol gateway SAML, Liberty, WS-Federationy Service Provider or Identity Provider

2. Flexible deployment configurationsy Standalone for use with pre-existing web-access management solutiony Protocol SDK for custom applications

ORACLE WEB SERVICES MANAGER

Benefits

1. Quick and simple deployment2. Provide standard (J2EE) policy enforcement points3. Enable SLA definition and monitoring, quality of service reporting.

Features

1. Declarative policy (no coding)2. Rich library of pre-built policies3. Centralized policy management with local enforcement4. Supports WS-Security


11/16

II. IDENTITY ADMINISTRATION

ORACLE IDENTITY MANAGER

Benefits

1. Reduced administration cost2. Cost effective regulatory compliance3. Improved security4. Improved service level

Features

1. Identity life-cycle management for the heterogeneous enterprise2. Approval and provisioning workflows3. Role based access control4. Complete integration solutions: OOTB connectors & Adapter Factory5. Deep integration to ERP and HRMS6. Audit and compliance reporting and process automation


12/16

III. DIRECTORY SERVICES

ORACLE VIRTUAL DIRECTORY

Benefits

1. Rapid application deployment2. Tighter controls on identity data3. Real-time identity information access

Features

1. Modern Java & Web Services technology2. Virtualization, proxy, join & routing capabilities3. Superior extensibility4. Scalable multi-site administration5. Direct data access


13/16

IV. IDENTITY AUDIT & COMPLIANCE

Benefits

1. Cost effective compliance2. Enhance data integrity and auditability3. Real time and consistent enforcements4. Enable compliance to SOX, GLB, HIPAA, J-SOX

Features

1. Comprehensive historical and temporal audit data2. Comprehensive operational and historical reports3. Attestation of entitlements4. Segregation of duties via denial policies5. Comprehensive system and exception logging6. Integration with Audit Vault, ICM, and 3rd party compliance products


14/16

V. MANAGEMENT

ORACLE ENTERPRISE MANAGER FOR IDENTITY MANAGEMENT

Benefits

1. Actively manage IdM service levels2. Rigorous management of IdM technology stack3. Simplified deployment, patching, and upgrade

Features

1. Automated modeling of IAM components and infrastructure2. Define SLA, monitor and report3. Response time, throughput, usage metrics, 4. Server, application, and user level metrics5. Automated discovery of IAM components and infrastructure6. Discover & track configuration attributes / values7. Installing, Patching, Upgrading, Cloning


15/16

Oracle IDM Suite Benefits

1. Faster deployments With Oracle Identity and Access Management Suite, you cannow deploy applications faster, apply the most granular protection to enterprise

resources, automatically eliminate latent access privileges, and much more. Enterprisescan leverage Identity and Access Management Suite in its entirety or deploy individual

components of the suite to meet your unique needs given the comprehensive, hot

pluggable and application- centric features

2. Enhanced user experience Seamless switching between applications improvesproductivity for users across a wide range of applications.

3. Improved security Pre integrated, best-in-class solutions work together as a singlesolution. Identity management solutions can not only aid security but also makes it

easier to assign privileges to different user groups to manage them more effectively.

Oracles Identity Management features the industry's most complete suite of best-in-

class identity management solutions all your user security needs.

4. Lower TCO a single solution cuts the time spent integrating disparate components,and provides a single point of contact for support, a single license contract, and the

backing of the world's largest enterprise software company.

Oracle Identity Management 11g enables customers to efficiently comply with regulatory

requirements, secure critical applications and sensitive data, and lower operational costs. Using

the most complete and best-in-class suite of identity management solutions available,

enterprises can manage the entire user identity life cycle across all enterprise resourcesboth

within and beyond the firewall.


16/16

CONCLUSION

The identity management market is one that we watch closely. And while it has yet to fully

explode into the mainstream, 2010 is seeing it steadily gaining momentum. Identity is so

compelling because it's far more than just a security technology. Authentication, fine-grained

access control, and SSO (single sign-on) are all advantageous, but they only represent the tip of

the iceberg of what an identity suite can accomplish.

Ultimately identity will serve as the foundation for managing distributed webs of application

services, paving the way for smoother, SOA-based business integration. But, of course, that's a

long way off. In the meantime, most enterprises will embrace it for its ability to automate

provisioning and deprovisioning of user accounts, as well as for its centralized authenticationlogging and auditing capabilities, both of which can play a crucial role in regulatory compliance

measures. For many companies, however, setting up an identity infrastructure remains a

daunting task. Not only is the technology complex, but it also inevitably touches countless areas

of an enterprise and its business processes. Reducing the perceived barriers to entry will

definitely be Job No. 1 for identity vendors.

Over the long term, SOA may prove to be the ultimate driver of identity technologies, as

identity management and service orchestration dovetail into a single infrastructure

management discipline. For now, however, sustained growth will be the theme. Identity

management is still in its early phases, but it's never too soon to get on board, because big

things are ahead.

Documents

Identity Management report