IDM Mobile Security Overview

Innovating for a Secure

Mobile Extended Enterprise

Andy Smith

Sr Director Product

Management Feb 2014

2 Oracle Confidential – Do Not Distribute Oracle Confidential – Do Not Distribute

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended

for information purposes only, and may not be incorporated into any contract.

It is not a commitment to deliver any material, code, or functionality, and should

not be relied upon in making purchasing decisions. The development, release,

and timing of any features or functionality described for Oracle’s products

remains at the sole discretion of Oracle.

3 Oracle Confidential – Do Not Distribute

PEOPLE Employees, Contractors Costumers & Partners

THE NETWORK IS NO LONGER THE POINT OF CONTROL

DEVICES Phones, Servers, Laptops, Tablets

DATA Unstructured & Structured

THE NEW PERIMETER


80% 67% 89%

By 2015, mobile app development projects will

outnumber native PC projects by 4-to-1

Use tablets to work remotely

65% use to check email

Mobile devices already connect

to corporate networks

Source: Forbes: Mobile Business Statistics For 2012

Mobile Usage in the Enterprise Driven by IT Consumerization


Mobility Is A Significant Challenge for I.T.

Top Mobility Challenges for CIOs

CIO Insight: Top Challenges of Enterprise Mobility, 2012

41%

31%

28%

Securing corporate

information

Integrating with other systems

Supporting multiple devices

Mobility is Expensive

McKinsey, 2012: Mobility Disruption: A CIO Perspective

41% CIOs cited Mobility is expensive & a critical

challenge

Up to$250 per device/ annually

Includes cost of connectivity, infrastructure and support

Bring Your Own Device (BYOD) Practices in 2011

Forbes: Mobile Business Statistics For 2012

74%

74% Allow some sort of BYOD usage.

Less than 10% “FULLY AWARE”

of the devices accessing their

network

10%


Security leads enterprise buying demand


58% 35% 76%

Building mobile

application stores

Reported lost

or stolen devices

Store credentials

on the device

10% Store Passwords in Plain Text

Source: Partnerpedia

Survey Aug 2011

Source: Information week

Aug 2011 Source: Norton

Cybercrime 2012


Mobile Device Management

Mobile Application

Management

Mobile Security

Mobile Enterprise Application

Platform

Secure Application

Access

DEFINING Mobile Security


Mobile Application

Management:

Create a secure

container that separates

corporate data and apps from

personal

How To Secure Corporate Data In A BYOD World?


Oracle’s

STRATEGY

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 10

APPLICATIONS MOBILE SECURITY

MOBILE PLATFORM

MOBILE SUITE

CRM ERP


For the API Economy

Extend existing IDM infrastructure

• NEW: 2 Factor Auth, Mobile SSO, Oauth

Develop secure consumer facing

bespoke applications

• Web, Native and Hybrid applications

iOS and Android SDKs

Transformation API Management API Monitoring

SSO, OAuth, Federation

Device Security, Strong Auth

Secure REST API’s

Access M

an

ag

em

en

t

Today’s Identity Management – 11gR2 PS2 Secure Mobile APIs, SSO and Web Services

http://www.oracle.com/


Oracle’s

STRATEGY

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. 12

CONTAINER EXPERIENCE CONTROL

Isolate corporate data, support remote wipe, restrict

data transfer

Secure applications & communication, corporate

application store

Role based access, self service request, sign-on, fraud

detection

MOBILE SECURITY SUITE


THE NEW IDENTITY MANAGEMENT

DIRECTORY SERVICES

IDENTITY GOVERNANCE

ACCESS MANAGEMENT

To Handle 100s of Millions of Users

Supporting Mobile, Social and

Cloud

With BYOD Support

OPEN, INTEGRATED, BEST OF BREED


Oracle Mobile Security

• Mobile Security Suite that can extend the Oracle

IDM platform

• Separate personal and corporate apps and

data

• Application centric solution – avoid device

lockdown

• Extend Identity Management platform to manage

the lifecycle of applications and containers

• Extend Access Management platform to mobile

devices and applications

• Oracle/ADF Mobile Apps secure-by-default by

consuming these security services

Addressing Customer Requirements for Mobile Security


Oracle Mobile Solution Secure Mobile Workspace - Separate personal and corporate data

Authentication / SSO

Data at Rest Encryption

Data in Transit Encryption

DLP

Policy

Browser

PIM (email, calendar, contacts,

tasks, notes)

Doc Editor

App Catalog

File Manager

Secure Intranet

Secure Mail

Secure Files

App Distribution

Secure Apps Enterprise

Apps


Native App Protection

• App Containerization adds security layer for bespoke

and COTs apps after development

• Decouple security deployment & app development

• Injection-based approach. No SDK.

• SSO, secure access and DLP enforcement

Delegated security model with app containerization


Secure access with App Tunnel

• Identity and remote access coupled

• Prevent rogue apps

• Access to internal network only for white-listed apps

• Unlike IPSEC, no CPU and network overhead

No VPN Required


Oracle Identity Management Extending the Platform with a Discreet Mobile Security Solution

Identity Governance

Access Request

Approval Workflows

Automated Provisioning

HR Reconciliation

Access Certification and SOD

Role Lifecycle Management

Privileged Account Management

User Management & Self Service

Entitlement Catalogue/App Store

Access Management

Web Single Sign-on

Federation

Social Identity Access

Externalized Authorizations

SOA and API Security

Integrated ESSO

Token Services

Mobile App Access Management

Secure Mobile Gateway

Access Management

LDAP Storage/ Virtual/

Meta Directory

Device Store

Directory Services

System Management and

Monitoring

Management

Device and Container Management

Secure Container

Mobile

Security


Oracle Mobile Security Suite Steady State Architecture

Corporate DMZ Corporate Network

Oracle Access Manager

With Mobile & Social OAM Protected

Resources

HT

TP

/RE

ST

/SO

AP

/OA

UT

H

SOAP/REST and Legacy

Web Services

Oracle Mobile Access

Server

Oracle Identity

Governance with

Mobile Application

Mgmt

Apple/Google

Push Notification

Device & Policy

Registry (OID/OUD)

Oracle API Gateway

App Tunnel

REST/Mobile Security


IDENTITY FOR THE EXTENDED ENTERPRISE A PLATFORM FOR ENTERPRISE, CLOUD & MOBILE

Oracle Confidential

One Identity Platform


• Separating and managing corporate apps/data on Mobile devices

• Seamless SSO for mobile bespoke applications

New: Oracle Identity Management

Mobile Application

Security

• Secure API management

• OAuth 2.0 Server support

• Unstructured Data Protection with OES

Enabling Cloud API

Economy

• Cloud Access Portal

• Core Identity Services Rapidly Available as a Managed Service

• Web services-based Cloud connectors

Cloud Identity

Services

• Modernized access request and certification

• Session recording for shared accounts

• Consistent governance for cloud, mobile and enterprise applications

Enterprise Identity

Services


Questions


Technology

IDM Mobile Security Overview