Archive for August, 2010

Customer Stories: Tackling Compliance Challenges with Oracle Identity Analytics

August 23, 2010 Leave a comment

Thinking about where and how to start? Interested in learning from your peers’ successes?

View this on-demand, complimentary webcast here to hear about customer success stories and learn more about:

  • Key challenges organizations face around Identity & Access Governance
  • Scope of identity governance projects
  • Success Results
  • Best practice recommendations based on implementation experience

Learn how Oracle Identity Analytics can help your organization strengthen governance and achieve quick compliance.

Featured Speakers:

Naynesh Patel,
Simeio Solutions
Neil Gandhi,
Principal Product Manager,
Oracle Identity Analytics,
Oracle Corporation

On-Demand Webcast: Maximize Compliance ROI With Oracle Identity Analytics

August 23, 2010 Leave a comment


On-Demand Webcast:
Maximize Compliance ROI With Oracle Identity Analytics

The original event was broadcast on:
Thursday, June 24, 2010
10:00 am PT / 1:00 pm ET

Click here to view it on demand.

Compliance costs still running high? IT & audit processes still too complex, error-prone and disjointed?

Get the know how today! Learn how Oracle Identity Analytics, Oracle’s proven Identity & Access Governance (IAG) solution, is optimized to analyze, review, and govern user access in order to mitigate risk, build transparency, and satisfy compliance mandates quickly and effectively.

oin our technology expert on this complimentary webcast to discover how you can:

  • Automate critical identity-based controls such as attestation and segregation of duties
  • Analyze, mine, and correlate user roles for compliant and efficient user access
  • Build comprehensive reports for audit, compliance, and business purposes
  • Utilize business-friendly compliance dashboards and metrics
  • Give a 360-degree view of user’s access and achieve rapid compliance


Neil Gandhi
Principal Product Manager, Oracle Identity Analytics
Oracle Corporation

Live Webcast – Service-Oriented Security: Blazing a New Trail of Innovation in Application Security

August 9, 2010 Leave a comment
Oracle Corporation
Oracle Security Solutions
We can improve our security and compliance, at the same time we’re cutting costs and complexity.

Live Webcast – Service-Oriented Security: Blazing a New Trail of Innovation in Application Security

Applications today deal with many aspects of security including authentication, fine-grained authorization, user provisioning, federation, and compliance with industry standards and government regulations. As a result, application developers end up implementing various security artifacts inside applications. Developers also need to consider enterprise deployment implications which results in a bolt-on approach when integrating with existing security infrastructure.

Identity Management experts from Oracle will highlight:

  • Key business drivers compelling the need for a service-based approach to enterprise security
  • Cutting-edge technologies to address modern security challenges in cost-effective ways
  • Real world case scenarios that unveil the business benefits of Service-Oriented Security

Register for this complimentary webcast to understand how Service-Oriented Security offers a revolutionary architectural approach to efficiently develop security as discrete reusable services resulting in faster development lifecycles, better IT agility and dramatically lower integration costs.

Brought to you by:

Ziff Davis

August 25, 2010

11:00 a.m. PT
2:00 p.m. ET

Nishant Kaushik

Lead Strategist,
Oracle Identity and Access Management Oracle Corporation

Bharath Shashikumar
Principal Product Director Oracle Corporation

On Glossary Management…

August 2, 2010 Leave a comment

Talking to several customers where there is a strong desire for complete glossary management capabilities for entitlements being managed in their warehouse of user identities, I’ve come to realize that a major problem for them today is that most entitlements, especially around mainframes & target platforms such as Active Directory & Unix, are not clearly understood by the various lines of business when they perform their quarterly attestation reviews. More importantly, there are no tools available in the market today that provide a centralized view for creating (or importing existing glossaries, since most customers especially in the financial sector pay top dollar to create glossary definitions, all maintained in excel spreadsheets) and subsequently managing glossary definitions. The management piece is interesting since it is tied to adding security features that allow multiple owners across different businesses to manage glossary definitions, that can later be leveraged by not just an attestation solution, but also by provisioning solutions and other downstream applications that require end users to thoroughly understand the meaning of cryptic entitlements (such as a concise definition of a RACF group membership or the true meaning of an SAP role), before performing certain tasks.

This solution would truly provide an enterprise wide capability to effectively manage glossary definitions across applications and target systems, at the same time providing a means to attest to the validity of the entitlements themselves. According to another large banking customer, there is an entitlement creep that takes place in an organization across time, and these entitlements are never re-considered and remediated in the target systems. A mechanism to truly understand the meaning and whether the entitlement is indeed needed or not, is called for.

This begs for another question, in addition to regular glossary management capabilities (CRUD), do glossaries need to be audited when they are defined or modified? This would require strong historical reporting capabilities so that any additions/modifications made by designated “glossary owners” to glossaries are recorded in a centralized dashboard. Versioning and revert capabilities should also be provided, allowing glossary owners to switch back and forth between definitions if required. Moreover, glossary owners would then be required to attest glossaries, and most importantly, the  true need for all entitlements pertaining to a target system or application, to provide comprehensive evidence to auditors that unwanted entitlements are actually being revoked and/or consolidated from the target systems on a regular basis.