<Insert Picture Here>

Amit JasujaGroup Vice President, Identity Management, Oracle

Better Way to Secure Financial Services Applications

This document is for informational purposes.  It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.  The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.  This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle.  This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle.   This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

Agenda

• The Oracle Lens

• Application Security Value Chain

• A Platform Approach

Hardcoded Security

No Role Structure

Brittle Access Control

No Policy Visibility

Complex Certification

Costly Compliance

Financial Service Applications Risks

Unauthorized Trading

Internal Fraud

Limited Forensics

48%Fraud Caused By Insiders

86%Of hacking involves compromised credentials

2010 Data Breach Investigations Report

Authorization Policy

Entitlements And Policies The Rights to Application Data & Transactions

Entitlement

Transaction Data Forms

IT VIEW: CAN A TRADER SUBMIT A TRADE OF A CERTAIN SIZE AT A SPECIFC TIME OF DAY

BUSINESS VIEW: WHAT IS THE AUDIT OBJECTIVE AND THE ASSOCIATED RISK

Inflexible authorization increases complexity, reduces agility

Application Security is Fragmented

MultipleEntitlement Catalogs

Brittle Access Control

Hardcoded Authorization

The Challenge is Scale

MillionsOf

Entitlements

100’s of Thousands

of Users

10’sThousands

of Apps

Focused on Reducing Risk

Driven to Reduce Cost

Rolling or Monthly Attestation

Thousands of

Systems

• A Few App Administrators

• Handful of Audit Staff

Encrypt Mask

Risk Remediation

Context External Az

Search Provision

Entitlements Policies

What is Entitlements Management?Application Security Value Chain

DefineCatalog

AccessRequest

Audit Certify

Monitor Enforce

SecureData

DefineCatalog

AccessRequest

EnforceMonitor

AuditCertify

SecureData

Define & Catalog

Entitlements, Roles & Policies

• Common Data Model

• Catalog Entitlements

• Enrich Meta-data

• Define Roles & SoD

Enterprise Roles

Enforce and MonitorContext and Dynamic Authorization

Audit & Risk Application OwnersDevelopers

Application Security Platform

Time Location Device

CustomApps

COTSApps

Audit & Certify

Reduce Remediation Time to Minutes Instead of Days or Weeks

Entitlement

Review Auto-Remediate

Entitlement

Report• Active Conflict Analysis

• Simulation

• Risk Aggregation

• 360 Degree Visibility

• Closed Loop

SOD Checking

Aggregate

Risk Score

Secure Application Data

At The Application In The Database

Mask Encrypt Audit

Authorize Externalize Centralize

Monitor SQL

Block Attacks

Audit User Activity

Compliance Reports

Encrypt Data

Mask Test Data

Control Privileged

Users

Enforce SoD

Oracle Databases

Non-Oracle Databases

Cloud

Defense in Depth

Authentication

Authorization

Encryption & Masking

Auditing

Database Firewall

Comprehensive Database Security

Access

The Identity PlatformComplete, Innovative and Integrated

Directory

• Location Data • Centralized Auth• Device & User Data

Access• Fraud Detection• Single-Sign On• Mobile, Social Intg

Identity Governance

• User Lifecycle• Access Provisioning• Delegated Admin

• Risk Analytics• Access Certification• Role Management

Platform Reduces Cost vs. Point Solutions

46%

Cost Savings

Source: Aberdeen “Analyzing point solutions vs. platform” 2011

BenefitsOracle IAM Suite

Advantage

Increased End-User Productivity

• Emergency Access

• End-user Self Service

• 11% faster

• 30% faster

Reduced Risk • Suspend/revoke/de-provision end user access

• 46% faster

Enhanced Agility • Integrate a new app faster with the IAM infrastructure

• Integrate a new end user role faster into the solution

• 64% faster

• 73% faster

Enhanced Security and Compliance

• Reduces unauthorized access

• Reduces audit deficiencies

• 14% fewer

• 35% fewer

Reduced Total Cost • Reduces total cost of IAM initiatives

• 48% lower

48%More Responsive

35% Fewer Audit Deficiencies

Take a Security Inside Out Approach

• Reduce the risk

• Reduce the cost of application security

• Secure access to the “crown jewels”

• Simplify administration

We Can Help Develop a Strategy

Setup Free Workshop

Schedule aDemonstration

Develop an ROIAnalysis

Speak with References