<Insert Picture Here>

Building a Comprehensive Identity Roadmap

This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

Agenda

•  Getting Started

•  Roadmap Complexity

•  Quick Wins

•  Increasing Maturity

•  The Cloud

Building a Roadmap is Complicated It’s Task of Prioritization and Opportunity Overlap

Business vs. Application

Owners

Compliance vs.

Risk

Multiple Priorities

Timeline &

Deliverables

Assess The Business Opportunity Compliance, Risk and Economic Opportunities

3X

Scale Efficiency Security

  User Productivity   Operational Cost   Opportunity Cost

  New Customers   Quality of Service

  Regulatory Compliance   Internal Governance   Security Risk

Look at Top Regulatory Audit Exposures

•  Users who have separated still have accounts

Orphaned Accounts

•  Aggregation of access privileges beyond job role

Excessive Access

•  Enforcing strong passwords regular user password reset

Password Aging

•  Review regulated application access and attestation

Access Certification

•  Conflicting privileges and business firewall

Separation of Duties

•  8 out of 10 customers tackle the orphaned account issue first

•  Look at role management and analytics to address certification

• Role based provisioning to address excessive access

Assess Existing Infrastructure Gap of Current Capability vs. Desired Capability

Administration Authentication Authorization Audit

•  On-boarding

•  Off-boarding

•  Self-service

•  Privileged access

•  Delegated admin

•  Sign-on

•  Password aging

•  Web-SSO

•  Password management

•  Declarative security

•  Fine-grained entitlements

•  Federated access

•  Entitlement review

•  Role lifecycle •  Access

remediation

Complexity LOW HIGH

Con

trol

Master User Index Central Authentication

Single-Sign On Password Management

User Lifecycle User Self Service

Risk Analytics Role Management Adaptive Access

Roadmap Capabilities to Maturity Prioritize on Complexity and Control

External Auth SOA Security

Start with Figuring out Who’s Who Corporate Directories are Low Hanging Fruit

Look for Convergence Opportunities

•  Reduce number of separate identity silos •  Expansion Shared Services vs. LOB IT

•  Compliance and Security Requirements

Corporate LDAP

Extranet LDAP

Customer LDAP

LOB

Employees/Partners/Customers

Business Affiliates/Subsidiaries

“Convergence drives Unification”

•  Lower TCO •  Lower Administration Effort

•  Improved User Experience

Virtual

Synch Storage

Passwords Provide Quick Win Quick ROI on Compliance and Reduce Risk

86% Of Hacking Involve Lost, Stolen or Weak Credentials

Verizon Data Breach Report , 2010

50% Of Help Desk Calls are Password Related

$40 Average Cost of Every Call to Help Desk Change Password

140% ROI

12 months Payback period

Source: ESSO Buyer’s Guide:, Sep 2011 Link: http://bit.ly/OperantConditioning

• Accountability for access

• Measuring effectiveness & risk

• Prevent audit violations

• Sustainable audit process

• Coverage across systems

User Provisioning

Certification Review

Address Internal Governance Administration and Risk Analytics

Declarative Security & External Authorization Secure SOA, Portals, Data and Home Grown Apps

•  • 

•  • 

•  •  A

pp

App

App

• Protect Your Data

• Secure Transactions

• Central Audit Control

• SoD Checking

• Role Based Access

Managers

Roles, Entitlements,

Apps Catalog

Cart

Users

•  User Satisfaction

•  Reduce Helpdesk Cost

•  Audit Trail

•  Track Access Privilege

•  Standardize Workflow

•  Simplify New Service Rollout

Administration: Connect it All Shopping Cart Convenience

Become Context Aware Prevent and Detect Anomalous Behavior

89%

Reducing Surface Area of Attacks

Preventable Breaches

Source: “Adaptive Access Management: An ROI Study” a commissioned study conducted by IDC on behalf of Oracle, 2010

ROI Payback period Total benefits Total costs Net benefits

106% 12.1 months $6,007,641 ($2,912,513) $3,095,129

Dimensions of Cloud Identity Management

Identity as a Bridge to Cloud

c c Are you using cloud apps?

Are you building cloud apps?

Do you need IdM but don’t want to maintain it?

Identity as a Foundation for Cloud

Identity Hosted as a Cloud Service

Identity Management Bridges the Gap

Identity

Administration Audit

Risk Management

AuthN and AuthZ

Adaptive Access •  Context / Risk Aware •  Anomaly Detection •  Fraud Detection

Access •  Single-sign on •  Password policy •  Authorization policy •  Entitlements

Scalable Repository •  Identity Synch •  Identity Virtualization •  Reporting

Tools Point Solutions Platform Intelligence

Private In-House Cloud

Private Hosted Cloud

Public Cloud

Administration •  Role Mgmt •  Provisioning •  Identity Analytics •  Certification

Summary

•  Prioritize Based on Complexity

•  Assess Existing Infrastructure

•  Look For Quick Wins

•  Plan For Cloud

www.facebook.com/OracleIDM www.twitter.com/OracleIDM

blogs.oracle.com/OracleIDM

www.oracle.com/Identity