Monday, December 6, 2010

Kuppinger Cole Webcast on Access Management Appliance

In case you missed it, Kuppinger Cole hosted a webinar with one of our partners F5 on the value of their Access Management appliance called BigIP. BigIP helps organizations deploy access management solutions faster by reducing the number of agents that have be deployed. This saves time and money when standing up a new access management solution or leveraging an existing solution for more of your applications within the enterprise.

You can watch the webinar here:

European Identity Conference

While you are on the KC site you should think about registering for the European Identity Conference in May. It will be just around the corner and getting international travel approved is never easy. It is a great conference!

Monday, October 18, 2010

University Breach Rasises Questions About Fraud Prevention

There are several news articles in today's press that remind us all of the damage and cost of not having the right security defenses in place. A study by the National Fraud Authority as reported in The Register claims that the UK loses $4.13B to Identity Fraud each year. According to the report the average theft results in $1530 in benefit to the thief. In these tough economic times, this is a dramatic drain on scarce resources and should underline why business should ensure they have the right fraud prevention and access management strategy in place to protect their customers.

The second article has to do with the recent breech at the University of North Florida had a breech which compromised over 100 thousand identities. Universities continue to struggle with identity security with a number of breeches over the last 5 years which have hit the headlines. The University has unique challenges with the number of students/identities that turn-over year quarter or semester. In some cases this is close to 25% per quarter or year. In addition, the students in some computer labs are inquisitive and experimenting with the latest hacks challenging even the toughest security measures. Ask any Network Admin at a major university about application and network security and you will hear some amazing stories. In some cases, way more exciting than corporate network security. However, this is a side-topic for another blog entry sometime.

The key to ensuring that you have the right level of protection is adding an additional layer of security and Oracle Adaptive Access Manager is a great solution for this purpose. Ensuring you have tools that allow for real-time response to rules you define on access helps prevent unauthorized access to applications and network resources. In addition, you can use features like One-Time Password to layer authentication security on key resources to ensure you combine something you know with something you have to improve security. Here is a quick intro to how Oracle Adaptive Access Manager can help.

Friday, October 1, 2010

Zeus Brought Down by Operation Trident Beach

I am finally caught up after a great week last week at Oracle Open World. And it was just in time to read about this great bit of international crime fighting bringing an end to an international cyber-crime ring using the Zeus Trojan to steal allegedly $70M. Details are still coming out but according to this article by The Register the crime ring was able to deploy Zeus and key-log individuals bank accounts and then use "money mules" to access the accounts and make withdrawls illegally. One thing is for sure you have to admire the naming capabilities of the team which came up with "Operation Trident Beach" which shows marketing doesn't have a monopoly on naming talent. Here is a quick paragraph taken from The Register article (full text here):
Trident Beach began in May 2009, when FBI agents in Omaha, Nebraska learned of automated clearing house batch payments to 46 separate bank accounts throughout the US. Agents eventually brought in counterparts from the other involved countries. The payments are a hallmark of Zeus scams, in which hackers break into victim bank accounts and then clean them out using the bank's ACH transfer system.

The thieves targeted small- to medium-sized companies, municipalities, churches, and individuals.

I was talking with Mark Karlstrand, the Product Manager for Oracle Adaptive Access Manager, and he mentioned that the product has two critical features that would have prevented this from happening. According to Mark: "The KeyPad virtual authentication device could have prevented the password theft via key-logger. The use of the passwords from Eastern Europe and other behavior anomalies could have been detected by OAAM real-time risk analytics." As more details come out about the cyber-crime ring and Zeus we will bring you details.

Friday, September 24, 2010

Day 5: Oracle Open World Wrap

I had a great time this week at Oracle Open World. It is quite a show with over 47K attendees spread over 4 city blocks with great sessions and conversations about Identity Management and many other cutting edge technologies. I am definitely in powerpoint overload and would be happy not to see another slide for awhile but the information was great! We have collected some of the photos from the sessions up on our Facebook page here. Here is just one of the pictures from the concert on Treasure Island with the Black Eyed Peas, The Steve Miller Band and Don Henley. I heard someone say "it was the greatest corporate concert ever!"

The presentations were all taped and should be up on the website shortly. Stay tuned for more information as it becomes available. If you followed us on Twitter, please let us know what you think by sending us messages.

The Verizon presentation on Directory Server Enterprise Edition and using Fracational Replication was a highlight for me. It should have been scheduled earlier in the week so that more people could have attended. Verizon has one of the largest directory deployments in the world with 40+ million identities and many partners and LOB's using it as their repository. The Verizon deployment is also a great example of using Fractional Replication to empower LOB's with their own identity repository but allowing the central team to maintain the control over the data. Verizon is also a great example of using SSO to reduce cost and maintain a great User Experience across many different portals. Madhu, thanks for sharing such great information with the identity management community. I will post the presentation once it is available on the website.

Thursday, September 23, 2010

Day 4: IDM at Oracle Open World

Hope you enjoyed the Black Eyed Peas last night. We have an action packed IDM session on Thursday to finish up the show. Here is a quick run down of the sessions. Etienne and I will be introducing Verizon as we talk about how Replication and Fractional Replication are critical features in a high performance Directory Server deployment.

· Follow us on Twitter @OracleIDM. Use hash tags #oow10idm

Time Title Location
9:00 am – 10:00 am
Middleware s317487 End-t-End Secure Identity Propagation Moscone South Rm 310

Middleware, Applications s316524 Oracle Idenity Management for
Oracle JD Edwards EntrpriseOne

Moscone South Rm 309
10:30 am – 11:30 am Middleware s316991 Database User Management wit Oracle Directry
Services and Actve Directry
Moscone South Rm 310

Middleware s316837 Deploy a Highly Performant Entitlements Solution
wit Oracle Entitlements Server
Moscone South Rm 309

Middleware s317270 Service-Oriented Security: Simplifing Identity
Management for Applications
Moscone West L3, Rm
12:00 pm – 1:00 pm
Middleware s316829 Demystfing IdM: A Custmer’s Guide to a
Practical IdM Deployment Strategy
Moscone South, Rm 309
1:30 pm – 2:30 pm
Middleware S315086 Replication Best Approaches on Directory Server -
Fractional Replication
Moscone South Rm 309

Middleware S316829 Demystifing IdM: A Customer’s Guide t a
Practical IdM Deployment Stategy

3:00pm – 4:00pm
Middleware s314871 Oracle Identity Manager and Oracle BPEL Tools
for Digital Identity Management

3:00pm – 4:00pm
Middleware s314871 Oracle Identity Manager and Oracle BPEL Tools
for Digital Identity Management
Moscone Sout Rm 309
3:30 pm – 4:30 pm Middleware/Oracle Develop S317543 Service Orientd Security 101 Hotel Nikko Mendocino I / II

Tuesday, September 21, 2010

Day 2: Access Management at OOW

Oracle Open World is off to a great start with plenty of good content and demo's for the business owner or technical implementation team. Yesterday I saw two great demos from the OAM team. Mark Karlstrand, pictured to the right was giving a demo on OTP Anywhere to Bob Blakeley. It was impressive as he used his cell phone to provide a stronger authentication method for a bank transfer -demo not real but you get the point.

There are a couple of ways to follow what is going on during the show.

You can follow us on Twitter by using the hash tags #oow10 #idm or follow us directly @OracleIDM.

We also are uploading pictures and video's from the day at our Facebook page at Facebook/OracleIDM here.

Here are the sessions for Tuesday, Sept. 21 at Oracle Open World

Time Title Location
12:30 pm – 1:30 pm Middleware s317146 Securing Web Services: Solutions, Best Practices, Moscone South Rm 309
2:00 pm – 3:00 pm
Middleware s317467 Simplify Identity Management and Support Future Growth with Directory Services
Moscone South Rm 309
3:30 pm – 4:30 pm
Middleware s317064 Oracle Identity Management Administration Best Practices
Moscone South Rm 309
3:30 pm – 4:30 pm
Middleware s317240 Oracle’s Identity Management Strategy (for Sun, Oracle and New Customers Alike)
Moscone South Rm 310
5:00 pm – 6:00 pm
Middleware s317484 Case Study: How Cisco Achieved Large-Scale, Highly Available Access Management
Moscone South Rm 310
5:00 pm – 6:00 pm
Middleware s317244 Enforcing Segregation-of-Duties Controls with Identity Management
Moscone South Rm 309

Growth with Directory Services
3:30 pm – 4:30 pm Middleware s317064 Oracle Identity Management Administration Best Moscone South Rm 309
Middleware s317240 Oracle’s Identity Management Strategy (for Sun, Moscone South Rm 310
Oracle and New Customers Alike)
Middleware s317484 Case Study: How Cisco Achieved Large-Scale, Highly Moscone South, Rm 310
Available Access Management
Middleware s317244 Enforcing Segregation-of-Duties Controls with Identity Moscone South Rm 309

Friday, September 10, 2010

Identity Management at Oracle Open World

Oracle Open World is fast approaching and the time to register is NOW so you don't miss out. This year the show is going to be a blast. I have heard rumors about the band that will be performing one night but you know what they say about rumors. More importantly, the IDM team have a lot of new things to talk about at this years show. First, we released 11g this summer which included exciting new approaches like Service Oriented Security, better user experience and new features for:

  • Oracle Identity Manager
  • Oracle Access Manager
  • Oracle Adaptive Access Manager
  • Oracle Identity Analytics
If you want a comprehensive list of all the sessions so you can follow along. Please visit the Focus On Identity Management document located here. Also, we have five don't miss sessions which you need to attend. Here are the dates and times. Or, you can find them on our Facebook page here.

Date & Time
Title of Presentation
Mon 11am Oracle Identity Management 11g Overview Moscone South 309
Tue 2pm Simplify IDM with Directory Services –
Moscone South 309
Tues 3:30pm Oracle’s IDM Strategy (for Sun, Oracle Customers Alike)
Moscone South 310
Wed 1pm Building a Strong Foundation for Your Cloud with IDM
Moscone South 309
Wed 4:45pm Complete Identity & Access Governance with OIA 11g
Moscone South 309
Tues 5pm How Cisco Achieved Large-Scale, Highly Available Access Management Moscone South 310

The last time the Identity Management team was all together a few photo's were taken and I have included one from that fun event at Burton Catalyst. Hope you will be able to join us!

Thursday, August 26, 2010

Free Webinar Today 10:00amPT: Simplify Access Management with F5 & Oracle

On Thursday, August 26. We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management. Please join us as F5 and Oracle product experts explain this simple solution.

Title: Live Webcast - Streamline Access Management with F5 & Oracle

When: Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Thursday, August 19, 2010

Freed Webinar Aug. 26: Simplify Access Management with F5 & Oracle

On Thursday, August 26. We are hosting a webcast that will take you through the solution and talk about why we believe this will simplify Access Management. Please join us as F5 and Oracle product experts explain this simple and powerful solution.

Title: Live Webcast: Streamline Access Management with F5 & Oracle

When: Thursday, August 26, 2010, 10:00 a.m. PT or 1:00 p.m. ET

Where: Register for this live webcast here: Streamline Access Management with F5 & Oracle

Security is hard! However, the tools that you use to protect your identities should not be.

Security is hard because of a number of specific environmental, economic and business driven reasons. One, the threat vectors are growing at exponential rates. This is driven by the fact that the financial rewards for exploiting data and information are increasing globally. Whether the data is stolen identities, pricing information for the new release of a product. fraud on internal or external purchases or any of the other 1000 different nefarious threat vectors, businesses and consumers need to be protected.

Two, the number of identities, devices and service providers is also increasing. The internet is the way we do business globally. It is the path to which our customers purchase, partners exchange data, and business provide services within their network. And, at the heart of every exchange of data is an identity. This identity has critical attributes about an individual that drive the appropriate access to information and services.

Three, organizations are under increasing regulatory pressure. Whether it is SOX, FERPA, HIPPA, JSOX, etc. there are access management controls that must be in place to ensure the CFO, CTO and CEO can sign the compliance documents necessary to manage risk in their business.

This is a complex environment. Why do the tools that we use to manage access and security within our organization have to be equally complex. This is why F5 and Oracle have been working together to bring a solution which simplifies access management. The Big IP Solution is a great way for organizations to simplify access management. Whether they are integrating multiple Single-Sign-On products with Oracle Access Manager or using this appliance to simplify their IT infrastructure. The result is faster time to market, faster time to deployment and faster time to security.

Tuesday, August 17, 2010

Free Webinar Aug. 18: Quick-Start Compliance with Identity Analytics

Identity compliance projects don't have to be hard! The key to any successful project in IT is delivering value to the business quickly! It is critical to then leverage those early wins into larger wins for the organization. When I used to coach I likened this to walking up a staircase. McKinsey used the analogy to describe the approach successful companies took to manage successful growth. (take a look here)

Oracle Identity Analytics provides a set of tools that can help organizations take the first step up that staircase to Compliance quickly. The approach allows organizations to show value quickly and then build upon those early wins to build better security into the organization. This webcast tomorrow will give insight into how organizations can build in proper segregation of duties, 360 degree review's and proper attestation of roles. One customer of the product used to print out a conference room of paper and had his compliance auditors and business managers review the roles and access rights to meet compliance. Imagine if you had the tools to ensure you could make this process easier. Register today and find out how.

Register Today Here:

Customer Stories: Tackling Compliance Challenges with Oracle Identity Analytics

Date: Wednesday, August 18, 2010
Time: 10:00 am PT / 1:00 pm ET

Featured Speakers:

Naynesh Patel,
Simeio Solutions

Neil Gandhi,
Principal Product Manager,
Oracle Identity Analytics,
Oracle Corporation

Thursday, June 10, 2010

FREE Webinar on Identity Analytics ROI

Is your Identity Compliance project a GIANT Headache? If so, then we have the little blue pill for your compliance headache. The reason why many organizations experience pain in the compliance programs they run is because of the lack of automated tools, impact to productivity and lack of ongoing actionable information. I have seen this first hand. Organizations usually rely upon project managers and excel spreadsheets collect information from business units and project teams. This then leads to massive efforts to fill in information and send them back to the central team for documentation and reporting to the auditors. Ultimately, this information is old before it is collated into the binders and the report is issued. However, the real result is usually a GIANT HEADACHE for everyone involved.

As Identity theft outpaces any other theft and security challenges for organizations, the problem needs a more efficient solution with better processes and better tools. Business leaders will believe in investment when they can see better utilization of key resources, better on-going information, proven segregation of duties, and ultimately better security.

Niel Gandhi, has the "Advil" for your compliance headache with Oracle Identity Analytics. Register here for the FREE webinar on the ROI of using Identity Analytics. He is has years of experience solving these problems for organizations around the world. Additionally, he has extensive experience as Principal Product Manager, Identity Analytics. Here are a couple of the topics that he will cover in the event:

  • Automate critical identity-based controls such as attestation and
    segregation of duties
  • Analyze, mine, and correlate user roles for compliant and efficient
    user access
  • Build comprehensive reports for audit, compliance, and business
  • Utilize business-friendly compliance dashboards and metrics
  • Give a 360-degree view of user’s access and achieve rapid compliance

However, the ultimate goal of his presentation is to make sure you have concrete ways to help you solve your Compliance Headache without breaking the bank. Hope to see you there!

Live Webcast: Maximize Compliance ROI With Oracle Identity Analytics
Register Here
Thursday, June 24, 2010
Time: 10:00 am PT / 1:00 pm ET

Thursday, April 29, 2010

Webinar Registration: Deliver Federation Projects with Virtual Directories

In some studies, enterprises are spending up to 60% of their IT budgets on operational costs thus impacting the available budget to spend on innovation. The challenge we all face in the identity and IT departments is how to get the most out of our existing licenses and reduce cost where possible in delivering IT projects. One of the costly areas of projects is getting at identity data when it lives in legacy applications. This is especially true when you look at Federation projects.

If you are running a Federation project and have to access identity data in legacy or disparate data sources, this webcast is for you! Virtual directories provide a critical tool for Federation projects as they allow you to expose identity attributes without changing code in legacy applications. Additionally, you have control over how the data is accessed allowing you to manage sensitive service level agreements which can cause difficult political battles in organizations when discussing access.

Register here for this webinar and we will look at ways virtual directories can help you deliver that Federation project and make you an Identity Hero!

Tuesday, April 27, 2010

Iron Man 2, Identity Security and Access Management in the Cloud

If you are a security expert and you have not been to the new Oracle Iron Man 2 website you have to take a look at the cool demo site listed under "Stark Expo". The intro has a great security questionnaire on Security in the cloud in an cutting edge interface. If you read yesterday's blog, and went to the Iron-Clad Cloud: Secure Cloud Computing article in the new Security Newsletter, you were able to get an insight into way's Oracle can help secure the cloud. You will also do well on the questionnaire at "Stark Expo".

Go Check it out!

In Iron Man 2, Oracle is a proud sponsor of
Stark Expo, a world-class tradeshow that depends on a cloud computing
architecture to ensure that all systems are free from overload. And
that’s where you come in: by becoming a Master Cloud Operative, you’ll
help keep Stark Expo up and running. Complete your training, test your
troubleshooting skills, and get certified in the Oracle Pavilion.

Monday, April 26, 2010

Iron-Clad Cloud: Secure Cloud Computing with Oracle Identity Management 11g

As organizations continue to leverage the cloud for essential business applications and services the provisioning and security of identity data becomes an essential compliance requirement. Oracle's new Security Newsletter has an article that provides information on critical approaches to security in the cloud.

One solution to the security problem with cloud services can be overcome using Service Oriented Security. The Oracle approach to using Service Oriented Security allows developers to pull from a centralized, authoritative source of identity services. This allows developers to build security into every application from the inside-out. This is critical to ensuring this is done in a standardized manner and most importantly it allows developers to develop without being security experts.

The "Iron-Clad Cloud: Secure Cloud Computing" article in this quarter's Security Newsletter is a great place to start when looking for information on how to use these tools to improve the security for your organizations cloud services. You will also find articles on database security and other bloggers who are sharing data about the security industry and Oracle's thought-leadership.

Friday, April 23, 2010

New Oracle Security Newsletter

Oracle Identity and Database Security Teams have created a new Security Newsletter. The Newsletter launches this week and will be distributed to customer's who have signed up for the Newsletter via

In each edition, you'll find news, blog posts, events, webcasts, and much more covering Oracle's Security Solutions. Whether your focus is on identity management or database security, each issue will be filled with the information you need to secure your database, middleware, and applications, and meet IT compliance requirements.

In this inaugural version of the newsletter you will find content on:You can see the entire newsletter here

Register for future versions of the newsletter by following the directions here. You can also see samples of all the different newsletter content that is available to stay current and aware of the latest leading news from Oracle.