Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decision. The
development, release, and timing of any features or
functionality described for Oracle's products remains
at the sole discretion of Oracle.
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Strategies for Managing Risk and Thriving in a
Dynamic Environment
Gail Coury CISA, CISSP, CISM
Vice President, Risk Management, Global IT
Oracle Corporation
*Source: http://www.oracle.com/corporate/information-powers-profitability.pdfCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Information Technology @ OracleFOUR MAJOR FUNCTIONS
TRADITIONAL
ON DEMAND
DEVELOPMENT
ORACLE UNIVERSITY
Supporting 85K internal users and
1.2M+ external users in 145 countries
– 6.5K Internet facing hosts
– 137K+ Desktops / laptops managed
with nearly 1M client pushes/year
– 70M+ Security events collected /day
– 1.8M+ OS patches /year
Supporting 21K developers building
over 3K products globally
– 33K servers and 7PB of storage
– Over 2K servers run 52K hours of
regression testing
– Product builds as frequently as hourly
Supporting over 4.5M users
– World’s largest Linux application grid
– 3.5K environments
– 5K servers
– 17K patches analyzed & installed
– 24K CEMLI promotions
Supporting 320K students annually
– ~ 700 classes per week in 56 countries
& 2 dozen languages
– Course catalog of nearly 3K titles
– Auto-provision complete 1200-1400
virtual environments weekly on ~200
servers
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Business Expectations for IT
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Business Expectations for IT
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Business Expectations for ITSAME PRIORITIES GLOBALLY – PUBLIC & PRIVATE SECTOR
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Organization
Self Service
Processes
Network
Data Center
Collaboration
Applications
Shared Services
Consolidation & Standardization
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Improving Margins
15%
25%
35%
45%
1998 1999 2000 2001 2002
Operating Margin %
Fiscal Year
15%
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Consolidation& Standardization
TailoredOfferings
Operational ExcellenceLower Cost
SpeedCustomer Intimacy
Changing the Paradigm
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Over 50 Acquisitions in 4+ Years
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Expanding Markets & CustomersWHERE IT IS A KEY ENABLER
Oracle On Demand for Siebel CRM
Oracle CRM On Demand PeopleSoft Enterprise On Demand
Oracle E-Business Suite On Demand
Oracle Technology On Demand
JD Edwards World On Demand
Oracle Hyperion On Demand
On Demand Partner Solutions
On Demand for Fast-Growing Companies
On Demand for Healthcare
On Demand for Business Intelligence
Oracle SaaS
Oracle Social CRM
Oracle Beehive On Demand
On Demand for U.S. Federal Government
Oracle Sales Library
Oracle Self-Service E-Billing On Demand
Oracle CRM On Demand Single Tenant Standard Edition
Oracle CRM On Demand Deal Management
And More…
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Enabling Revenue Growth
$0.0
$10.0
$20.0
$30.0
2004 2005 2006 2007 2008 2009
Revenue ($Billions)
Fiscal Year
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Business Expectations for IT
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
1. Creating new projects or services (innovation)
2. Improving business processes
3. Attracting and retaining new customers
4. Expanding into new markets or geographies
5. Creating new sources of competitive advantage
6. Improving enterprise workforce effectiveness
7. Reducing enterprise costs
8. Increasing the use of information/analytics
9. Targeting customers and markets more effectively
10. Expanding current customer relationships
11. Managing change initiatives
12. Consolidating business operations
13. Supporting regulation, reporting and compliance
2012
CIO Strategies
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
CIO StrategiesFOCUS ON COST REDUCTION
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Oracle IT as a % of Total Revenue
3.1%
1.6%
0.00%
1.00%
2.00%
3.00%
4.00%
Q1
06
Q2
06
Q3
06
Q4
06
Q1
07
Q2
07
Q3
07
Q4
07
Q1
08
Q2
08
Q3
08
Q4
08
Q1
09
Q2
09
Q3
09
Q4
09
Fiscal Year
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
CIO StrategiesFOCUS ON IT GOVERNANCE
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved.
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved.
CIO StrategiesIT GOVERNANCE ENABLES CIO STRATEGIES
ITIL v3 - The Vehicle
ITIL v3 - An approach to IT based on
standards and practices set out in
the third version of the Information
Technology Infrastructure Library
(ITIL v3).
IT Service Management (ITSM) - A
set of best practices focused on
providing IT services that are built
around customers’ business needs
and end with results that provide real
business value to the customers.
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
CU
ST
OM
ER
IN
TE
RA
CT
ION
SD
ES
IGN
&
OP
ER
AT
ION
SP
RO
JE
CT
M
AN
AG
EM
EN
TS
ER
VIC
E
ST
RA
TE
GY
RIS
K
MG
MT
ON
DE
MA
ND
OR
AC
LE
UN
IVE
RS
ITY
INT
ER
NA
L C
US
TO
ME
RS
AU
ST
IN D
ATA
CE
NT
ER
RO
CK
Y M
OU
NTA
IN D
ATA
CE
NT
ER
SE
CU
RIT
Y
HE
LP
DE
SK
FIE
LD
SE
RV
ICE
S
AP
PL
ICA
TIO
NS
NE
TW
OR
K
Where We Started
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
Where We StartedFUNCTION BASED ORGANIZATION
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
POCKETS OF EXCELLENCE | MANY DOORS | REACTIVE
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
Where We AreSERVICE BASED ORGANIZATION
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
RT
RA
NS
ITIO
N T
O
PR
OD
UC
TIO
NO
PE
RA
TE
&
SU
PP
OR
T
EN
GA
GE
WIT
H
ST
AK
EH
OL
DE
RS
AR
CH
ITE
CT
&
EN
GIN
EE
R
TR
AN
SIT
ION
TO
P
RO
DU
CT
ION
OP
ER
AT
E &
S
UP
PO
RT
Highly Leveraged
Consistent Delivery
Immensely Scalable
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Transformation Journey
ITSM Improvement Program
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
ITILv3
LIFT Objectives & Success Criteria
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
ProblemManagement
Incident Management
Request Management
Access Management
Service Asset & Configuration Mngmt
Service Design
Capacity Mngmt
Availability Mngmt
Service Transition
Supplier Mngmt
Change Management
Event Management
Service Operations &
Support
LOB Demand Mngmt
Bus. Relationship
Mngmt
Service Opportunity Identification
Project Request Eval. Process (PREP)
Project Mngmt
ITSM
LIFT Processes by Group
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
LIFT ProgramSERVICE INTEGRATION PROCESS (SIP)
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
IT Audits IT Controls
SOX ~18
SAS 70 ~108
PCI ~202
FISMA ~245
… …
LIFT Program – COBIT Mapping
COBIT:210 Control Objectives
LIFT: 25 Processes
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
CIO StrategiesIT GOVERNANCE ENABLES CIO STRATEGIES
INFORMATION TECHNOLOGY PRACTICE
INFORMATION RISK EXECUTIVE COUNCIL
In response, Information Security leaders in 2010 plan to:
• restructure security governance to account for new, distributed risks
• restructure metrics to focus on risk reduction rather than security operations activities
Source: Information Risk Executive Council: Top 2010 PrioritiesCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Global CRM
Copyright ©2009, Oracle. All rights reserved.
Risk ManagementA CRITICAL PART OF IT GOVERNANCE
My Oracle Support
Oracle On Demand
Customer Record Lifecycle
Accounts
New Orders
Sales Contacts
Service Requests
Technical Contacts
Accounts
Products
Employees
Contacts
Entitlements
Service Lines
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Global CRM ImplementationOPTIMIZING OUR GO-TO-MARKET
Objective
• Global, consistent, streamlined, and scalable campaign to opportunity to quote processes
Approach
• Go Native – Go Fast
• Consolidation/Centralization
• Start Clean, Stay Clean
• Standards based Integration
• Drive value with BI
Planned
• Master Data Management
• Social CRM, Mobility
Sales
Marketing
Alliances
Partners
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Next Generation Support
• Embedded Configuration Management
• Extensive Knowledge Base &
Communities
• Personalized & Proactive Service
Outcome: Customer Success
• 25% problems avoided
• 40% faster problem resolution
• 30% faster service request creation
• 97% of problems resolved quicker with
targeted knowledge
Webstar Service Excellence Award
2003 through 2007
My Oracle SupportNEXT GENERATION CUSTOMER SUPPORT
SSPA
Best Embedded Product Support
2008
+
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
2006
•
Agent• Oracle Diag. Methodology• Collaboration• Product Line Alignment• Defect Integration
Knowledge Management• KM communities• Customer Feedback
Portal• Custom Home Page• Patch Downloads• Implementation Projects
• Service Oriented Architecture• Siebel CRM 8.0• Siebel Analytics• Apps Dev Framework• Oracle PL/SQL, JAVA
• Oracle 10g Database• Oracle 10g Apps Server• Oracle Enterprise Mgr • Oracle Secure Enterprise
Search
• Single Sign On• Oracle Identity
Management• Account Provisioning
• Linux OS• Oracle RAC• Oracle Grid• Oracle VM
• Informatica• Disaster Recover y• High Availability• Global Call Center
(telephony)
My Oracle Support
Hyperion Migration
Portal• SR language• Multi-lingual survey support
Agent• SR vulnerability
Siebel Migration
PeopleSoft, JD Edwards Migration
Portal• SR Viewer• Certify Re-Write
Agent• Defect Integration
Portal• Unified product support• Enhanced ticketing
Agent• ITIL compliance• Task-based UI• Automated Ticket Routing
Knowledge Management• Call Center Integration• Portal Integration• Create & Edit solutions
CRM On Demand Migration
Infrastructure
Portal
• Internal/External
• Forums/Certify
• OnDemand
Oracle & BEA Migration
Agent
• Engineer Workspace
• Partner/Service Packs
• Telephony integration
• BugDB integration
• Univ prioritizationKnowledgeManagement
• Feedback
2007 2008 2009 2010
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
1.2 MILLION USERS
75 APPLICATIONS INTEGRATED
Change Management
Patch Management
Regular Scanning & Remediation
MaintainDesign
Corporate Security Architecture Review
Board
Security Technical Review
Design Revision & Validation
Build and Test
Security Development Process
Documentation and Code Review
Technical Security Assessment
Penetration Testing
Remediation
Validation
Access Control Testing
Oracle Security Policy, Technical Standards, and Training
GOALApproved Service
Design
GOALRollout of Secure
Systems
GOALRisk Levels within
Tolerance
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Oracle On DemandHELPING CUSTOMERS DO MORE WITH LESS
• Pay-per-Use
• At Oracle or Customer
• Oracle Scheduled maintenance
Multi-tenant SaaS
• Pay-per-Use
• At Oracle
• Customer Scheduled maintenance
• Licensed
• At Oracle
• Customer Scheduled maintenance
• Licensed
• At Customer or Partner
• Customer Scheduled Maintenance
Single-tenant SaaS
Hosted & Managed
Remote Management
• Over 4.5 million users
• 89% of customers on most current releases
• World’s largest Linux application grid
• Oracle Solution Showcase
– 3,500 environments
– 5,000 servers
– 17,000 patches analyzed & installed
– 24,000 CEMLIpromotions
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Oracle On DemandORACLE EXPERTS MANAGE THE ENTIRE STACK
@Oracle - @Customer - @Partner
Operating System
Database
Middleware
Applications
Infrastructure
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Industry Awards:
• Black Book #2 Best Managed Outsourcing Vendors 2009
• Best Embedded Product Support 2008
Advanced Services:
• Federal On Demand
• Disaster Recovery Services
• PCI Compliance – Base & Advanced
• Migration Services
• Functional Help Desk Services
Oracle On DemandEnterprise Grade SAAS Applications
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
ISO
270002
SAS 70
(Public
Firms)
HIPAA
(Health
Care)
PCI DSS
(FSI,
Retail)
NIST
(Federal
Agencies)
21 CFR 11
(Life
Sciences)
Policy Development & Maintenance
Asset Management
Access Control & Mgmt
HR Security Controls
Change Control Procedures
Segregation of Duties
Cryptographic Controls
Backup and Recovery
Media Handling
Monitoring, Auditing, & Logging
Standards/ Regs
Process ControlsIndustry
Common Controls Fulfill Multiple Requirements
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Governance, Risk & ComplianceORACLE GRC APPLICATIONS
MANDATES
ISO 27002
SAS 70
21 CFR Part 11
HIPAA
PCI DSS
NIST
BUSINESS PROCESS
FRAMEWORK
ISO | COSO | COBIT | ITIL
RISK
Impact
Likelihood
SYSTEM
Identify Requirements
Establish Objectives
Remediate Issues
Evaluate Controls
PROCESS
Report & Respond
Review & Improve
Assess Risk
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Governance, Risk, and Compliance BEST PRACTICES
R1 R2 R3
C1 C2 C3
C5 C6 C7
C9 C10 C11
Business Process
Controls
ISO 27002 HIPAASAS 70
Consolidate multiple standards and regulations
onto a single platform
Manage risk in a disciplined & consistent
fashion
Embed automated controls into standard business
processes
Context & Types
Identify & Associate
Analyze & Evaluate
Respond & Manage
Enterprise Risks
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
GRC: Derived Value and Results To DateEfficiencies Gained
• Automated trend analysis saves up to 40 hours of effort previously required to manually compile data each month for ISO 27001 control assessments
• Over 300 risk and compliance metrics on a consolidated, near real-time dashboard for multiple Lines-of-business
• Automated workflow also drives efficiencies in large document management workflow initiatives saving .5 hours for every 8 hours spent on each audit in reduced coordination, data management, and issue tracking functions
• Dynamic performance visualization with drill down capabilities and flexible data access and search functionality
Process Improvements
• Enabled full document lifecycle management to meet regulatory requirements and legal discovery needs
• Increased security and reliability from storing all approved project data in a single repository
• Safeguarded critical risk data with fine-grained security permissions and access control policies
• Enforced content management and record retention policies scalable to meet increasing volume of documents, test data and exhibits
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
“In the future, policy makers and regulators will probably demand that IT systems capture more and better data in order to gain greater insight into and control over how banks manage risk, pharma companies manage drugs, and industrial companies affect the environment.
Successful CIOs should enhance their relationships with internal legal and corporate-affairs teams and be prepared to engage productively with regulators. They will need to seek solutions that meet government mandates at manageable cost and with minimal disruption.”
- Mckinsey, 5 Trends that will Shape Business Technology in 2009
Regulators Demand More from IT
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Meeting the Challenge
Source: Gartner - Meeting the Challenge: The 2009 CIO AgendaCopyright ©2009, Oracle. All rights reserved. Oracle Confidential
Looking Ahead
IT as a business
Services-oriented automation
Elastic capacity
Fungible technologies
“Change at the
speed of business”
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential
Final Thoughts
• Set your compass
• Commit to the direction
• Chart your journey
• Course-correct
Copyright ©2009, Oracle. All rights reserved. Oracle Confidential