Archive for the ‘Role Governance’ Category

Live Panel Discussion: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics

November 22, 2011 Leave a comment
Oracle Corporation
Oracle Security Solutions
Live Panel Discussion: - Managing Risk and Enforcing Compliance in Healthcare with Identity Analytic
Live Panel Discussion: Managing Risk and Enforcing Compliance in Healthcare with Identity Analytics
Featuring experts from Kaiser Permanente, PricewaterhouseCoopers and Oracle

Electronic healthcare initiatives promise consumer empowerment and improved information exchange between providers, healthcare professionals, caregivers, and patients, with the ultimate goal of driving down costs. However, issues around patient privacy and unauthorized access to sensitive medical records (including VIP cases) continue to deter wider adoption of electronic healthcare initiatives.

Hear first-hand from a healthcare organization how metrics-driven identity analytics and closed-loop remediation offer actionable insight that empowers organizations to implement first-class security and compliance programs in health care’s emerging electronic age.

Join us for this complimentary webcast and listen to industry experts discuss:

  • Key security and regulatory requirements in healthcare establishments

  • The effective role of identity analytics solution in measuring and managing risk and enforcing regulatory compliance in healthcare organizations
  • Real world use cases and deployment scenarios

Register now for this Webcast

Brought to you by:


Healthcare IT News


November 29, 2011
10:00 a.m. PT / 1:00 p.m. ET


Jason W. Zellmer
Director, Identity and Access Management
Kaiser Permanente Information Security

Rex Thexton
Advisory Services

Viresh Garg
Director, Product Management

Mike Miliard
Managing Editor
Healthcare IT News

Hardware and Software, Engineered to Work Together
Oracle Fusion Middleware 11g
Copyright © 2011, Oracle. All rights reserved. Contact Us | Legal Notices and Terms of Use | Privacy Statement


Do You Need To Reduce Your Audit Exposure?

August 31, 2011 Leave a comment

Today, managers are overwhelmed by the sheer volume of certification reviews and are just certifying users without the appropriate level of attention or analytics. Without proper visibility into user access, managers are unable to perform accurate certification reviews and the result can have negative financial and security consequences. In addition, this results in organizations not being able to sustain a periodic attestation cycle to review user access rights across a wide range of business applications and platforms, thus failing audits. And yes folks, the “Audit Eye” is real! Check it out:

Dazed Manager

Find out how Oracle can help you keep up with audit requirements.

Webcast, April 12: Automating User Provisioning, A User’s Perspective

Premieres: Apr 12, 2011, 14:00 EDT (18:00 GMT)
Click here to register.

User provisioning solutions offer tangible, often quantifiable, benefits. A Forrester Study* based on data from 4 customers concluded an ROI of over 200% and net cost savings of over $8M over 3 years post implementation of Oracle Identity Manager, Oracle’s user provisioning solution.  Additional benefits seen were around improved security and a tremendous boost in user productivity.

Join this FREE webcast to find out how Educational Testing Service (ETS), a private nonprofit organization devoted to educational measurement and research, is leveraging Oracle Identity Manager to meet its user administration needs. Hear first-hand from your peer how you can improve security and user productivity in your organization while reducing IT administration, helpdesk and other overhead costs at the same time.

Speaker: Jim Moran
Executive Director, IT, and CISO at Educational Testing Service (ETS)

Jim Moran is an Executive Director, IT, and CISO at Educational Testing Service (ETS).  His responsibilities include leadership of Enterprise Architecture, Information Risk, and Information Security for the company.  Jim has a long history of conceiving and leading large scale programs and projects, and translating technology trends and strategies into tangible business outcomes.

*Webcast registrants will receive a complimentary copy of: Forrester Study: The Total Economic Impact of Oracle Identity Manager, a commissioned study on behalf of Oracle Corporation


Forrester Study: The Total Economic Impact of Oracle Identity Analytics

January 10, 2011 Leave a comment

Your Guide to Computing Cost Savings with Automated Compliance

Walk through detailed return-on-investment calculations based on real customers’ data. Learn how Oracle’s Identity and Access Governance solution, Oracle Identity Analytics, may cut your compliance costs, quicken results and improve overall access governance.

Enjoy a complimentary copy of this study conducted by Forrester Consulting, on behalf of Oracle, and learn how a composite organization, built using actual implementation data from four Oracle customers, was able to realize a risk-adjusted ROI of over 60%. Leverage the ROI model, provided within this study, to do your calculations and design an implementation plan that meets your cost and compliance goals.

Click now to access your complimentary copy of the: “Forrester Study: The Total Economic Impact of Oracle Identity Analytics.

Click here to register for a live webcast by Andras Cser, Sr. Analyst with Forrester Research, who will be walking us through the detailed calculations from this TEI Study on Jan 26th, 12pm PST/3pm EST.


Oracle Identity Analytics 11g…all systems go!

Yesterday was a momentous day for the Oracle Identity Management team. With over 750 man months of development and 1300 man months of QA in this release, Oracle Identity Management 11g is a huge milestone! And Oracle Identity Analytics 11g is our first official release with Oracle post the Sun acquisition and the smooth migration of the highly successful Sun Role Manager product…and we are proud to have this strategic product moving forth in the Identity and Access Governance marketplace. I will take the time to discuss some of the great architectural innovations we have performed with this release and granted that primary work was done to assimilate Oracle Identity Analytics into Oracle Identity Management portfolio, our product engineering team was still able to fit in some great new features in here, which I will address.

Oracle Identity Analytics provides enterprise the ability to engineer and manage roles, automate critical identity-based controls and truly amalgamates Business Intelligence and enterprise security and access governance for cross product identity analytics. The various components of the products include:

1. Identity Warehouse

Identity Warehouse

Identity Warehouse

Identity Warehouse is the central repository that contains identity, access and audit data, optimized for complex analytical queries and simulations. This data is imported from one or more databases within your organization on a scheduled basis. The Oracle Identity Analytics import engine supports complex entitlement feeds saved as either text files or XML. A glossary entry, defined as a business friendly term for typically cryptic IT entitlements, can also be captured during the import process enabling business users to view and analyze user’s access rights in a business-friendly way. Oracle Identity Analytics provides strong and robust integration capabilities with the provisioning products including Oracle Identity Manager and Oracle Waveset.

2. Attestation of Access Rights with Cert 360

Identity Certification

Oracle Identity Analytics reduces operational risk exposure by providing a 360-degree view of users’ access – not just “who has access to what”, but whether access was appropriately assigned and how it is being used. Oracle Identity Analytics securely automates existing manual re-certification or attestation processes for certifying the user access rights by business managers and application owners. This significantly reduces costs associated with existing manual controls and enhances audit effectiveness, resulting in enforcement of “least privilege” across the enterprise. A significant amount of effort has gone into developing the next gen user interface of the attestation UI, focusing on the overall usability as well as the time to load a large amount of attestation data to the end user. Concepts such as paging, improved batching and lazy-loading allow for a much quicker sign-off experience for the end user and advanced searching, sorting and filtering capabilities enable the end user (or access reviewer) to view the data that matters to them the most and certify it with a single click.

3. IT Audit Policy Monitoring

Segregation of duties (SoD) enforcement prevents users from intentionally or inadvertently breaching security policy by having a conflicting combination of roles or entitlements. IT Audit Policy enforcement directly impacts an organization¹s ability to comply with explicit requirements of the Sarbanes-Oxley Act and multiple other regulatory mandates aimed at ensuring the integrity of enterprise financial operations.

4. Comprehensive Role Governance

Role Mining

Oracle Identity Analytics’ role mining feature allows customers to conduct role mining based on organization, user and entitlement attributes to clean up and organize existing entitlements towards a role-based setup.  The Identity Warehouse is used to capture the necessary information about users, entitlements and their relationships – allowing OIA to perform both top-down and bottom-up role mining.  The role-mining feature also provides rule discovery to correlate rules between approved roles and attributes for use in role assignment.  Once the roles are defined, role change management ensures approval workflow for any role creation and role definition changes along with version tracking to monitor the history of these controls. Comprehensive reports and dashboards to drill down and tweak role content are also provided with the solution. Roles defined across an enterprise are subject to evolve over time, and require a robust administration and governance process. Oracle Identity Analytics provides role approvals upon detection of associated entitlement updates and performs real time impact analysis for role consolidation before changes are applied in a live environment. The role change approval process combined with role versioning, role change “what if” simulations, and rollback features, provides a complete role administration solution. Oracle Identity Analytics also fully audits all the changes made to role definitions including role assignment rules and entitlement mapping policies.

5. Compliance Command Console

Compliance Command Console

Compliance Command Console

Oracle Identity Analytics provides comprehensive actionable dashboards and advanced analytics capabilities based on user identity, access and audit data residing in the Identity Warehouse. Oracle Identity Analytics provides various compliance and operational dashboards for a quick review of compliance and operational status in context of roles, segregation of duty policies, audit policies and other controls. While compliance dashboards are typically used for executive level compliance monitoring, detailed out of box reports enables IT staff, business users and auditors to structurally analyze the warehouse data. The dashboards can further be customized for business users, compliance and audit officers and other end users on need basis. While Oracle Identity Analytics provides close to 50 out of box reports, its data dictionary is published to allow customers to extend these reports and build custom reports.

For more information on Oracle Identity Analytics 11g, please visit us at the Oracle Technology Network.

Benefits of Roles to enable Identity Governance

RolesWhy is it so important for organizations to move towards Role Based Access Control as a means for managing user identities? This mechanism of providing, managing and auditing IT access is starting to be widely accepted, though might not be a the most loved, due to various reasons. Instead of focusing on some of the challenges that may make implementing RBAC somewhat of a pain, I would like to talk about the benefits that organizations gain over time, implementing this model for day to day access governance. Lets start jotting it down:

1. Since roles in an organization are relatively persistent with respect to user turnover and task re-assignment, RBAC provides a powerful mechanism for reducing the complexity, cost, and potential for error of assigning users permissions within the organization.

2. Roles support Role Hierarchies, a parent-child relationship, whereby all parent role permissions are inherited by the child role, which is typically more of a specialized role. This prevents role explosion and encourages re-usability in the RBAC model.

3. Roles map naturally to any given line of business and the organizational structure of an enterprise, allowing for a more streamlined and understandable security policy definition and enforcement. This is in contrast to the more conventional and less intuitive process of attempting to administer lower level access control mechanisms directly.

4. RBAC is policy-neutral which enables it to support different security policies. RBAC also directly supports three well-known security principles: least privilege, separation of duties, and data abstraction.

5. RBAC provides superior administrative capabilities with regards to Role content or privilege updates to users. Instead of re-assigning privileges to a large population of users, updating the Role content automatically updates the Role assignment, saving time and resources.

6. RBAC, coupled with provisioning solutions that support RBAC, provides a strong one-two punch for centralized access control in an organization. RBAC truly simplifies the definition, development and maintenance of provisioning processes.

7. Roles bridge the communication gap between business and IT regarding complex access definitions.

8. Roles allow employees to request access more easily and naturally move them towards the concept of least privilege, prohibiting access collectors over time.

9. RBAC allows more efficient reviews of access through Role Vs. Actual assessments, extremely valuable to audit teams in an organization.

These may be just few of the advantages of implementing Role based access control, but they are definitely worth the time and effort of implementing an RBAC solution. Next, I want to talk about the fundamentals of RBAC (without all the technical hoopla!) and then talk about best practices of implementing this model in your organization (with minimal time and effort), so stay tuned.