c

c 

??????????????????????????????????????????????????????????
???

??



?

Organizations across the world have been increasingly incorporating Information Technology (IT) into
their business processes and with this, use of proper security measures have become a critical issue.
These organizations are under increased pressure to strengthen their security while reducing cost and
streamlining their operations. They also need to maintain agility to adapt to rapidly changing
requirements. This has led to the increased complexity of their IT networks, demanding a solution that
helps manage the growing multiplicity of users who require access to IT resources, while complying with
international regulations.

 c c
c 
c
   (IAM) encapsulates people, processes and products to identify and
manage the data used in an information system to authenticate users and grant or deny access rights to
data and system resources. The goal of IAM is to provide appropriate access to enterprise resources.
Within the enterprise, an identity management system comprises a system of directories and access
control based on policies. It includes the maintenance of the system (adds, changes, deletes) and
generally offers single sign-on so that the user only has to log in once to gain access to multiple
resources.

c

The ability of an organization to rapidly search, identify and verify who is accessing the systems
is a critical aspect of meeting security and compliance requirements for the organization.
Implementing IAM models for a small business group and incrementally covering every part of
the organization can reap benefits monetarily and security wise.

IAM comprises four main components namely, Authentication, Authorization, User

Management and Central User Repository. Its goal is to provide the right access to the right
people in order to protect information sources.

   

This area covers authentication and session management within user applications.
Userid/password authentication is the most common approach to providing access control and
information privacy to user and enterprise information. Implementing IAM helps manage
different sessions of the users from centralized locations.

  

Authorization determines whether the user has the required permission or access right to a
particular resource. IAM checks the user access request against authorization policies of the
organization. It is at this point that organizations can implement role-based access controls.
Authorization includes user attributes, groups to which the user belongs, access channels, data
resources that can be accessed, and perhaps more complex access criteria, such as time-based
access or complex business rules that determine dynamic permissions granted to the user.
   

IAM defines rules for administrative functions like password resetting, identity creation,
propagation, and user identity and privileges management. This module also manages the
entire user life-cycle right from identity creation to final de-provisioning from accounts
database. It is necessary to install an integrated workflow system that can take care of user
management activities.

   

By implementing IAM systems the organization can store and deliver identity information from
a single authoritative source to other IT services and can provide verification on demand. This
module presents a logical view of existing identities and their relationships to various other
systems. These repositories can be physical or virtually maintained depending on the growing
volume of identities

!"#c
$%% &#
 With enterprises throwing their networks open to more and more entities, they are faced with
the challenges of

À? Creating multiple user accounts with appropriate levels of access to applications and
resources.

À? Integration associated with users accessing information through multiple channels like web,
wireless and mobile.

À? Increasing complexity of networks resulting in separate networks dedicated to different

functions, making management of users, more difficult.

c'
#c(

Worldwide identity and access management (IAM) revenue is $9.9 billion now in 2010, an 8 per
cent increase from 2009 revenue of $9.2 billion, according to Gartner, Inc.

According to Gartner, compliance, audit and analytics requirements continue to be the main
factors influencing investments in IAM, alongside operational efficiency and better integration
across IAM solutions. Although the economic downturn has affected the IAM market, it is
proving to be fairly resilient and, along with other security areas, IAM continues to receive
higher prioritisation compared with other technologies.

Overall, the IAM market is estimated to grow to $11.9 billion by the end of 2013. Mr Contu said
that IAM products will continue to attract interest and investment during the coming years
because it remains a critical technological area for enabling businesses to improve and
automate processes relating to access management.

However, the evolution of the market has been impacted by a number of internal and external
factors. Internally, merger and acquisition activity has resulted in the consolidation of the
vendor landscape around larger, established players, particularly in key areas such as user
provisioning and web access management. Externally, the impact of the economic downturn
and the consequent tightening of IT budgets, with a related increasing demand for IAM as a
service type of product, have influenced the levels of spending directed on IAM and delivery
models end users are opting for.

'!&
$ 
#

1.? Increasing Use of IT-enabled Applications

2.? Growing Online Frauds
3.? Regulatory Compliance
4.? Improved Quality of Services
5.? Lower Business Cost

The demand for Identity Management suites continues to be dominated by security and cost-
cutting benefits; however, regulatory compliance is becoming equally important, especially for
companies in North America. The deployment of IAM have largely been driven by businesses͛
efforts to comply with the growing number of international regulatory requirements such as
HIPAA, Sarbanes-Oxley and the Payment Card Industry͛s customer identity protection
requirements. These regulations require companies to provide audit trails of all user actions to
government auditors, and oblige top executives to be certain that no users have violated their
access rights or used digital resources inappropriately.

?
?
?
?
?
?

?
 ?
?
·   )*#
??
?
?

??? ??? ?
  & +?
?
?

?
?
??
?



   # 
?
?
?
?
?
?
?
?


,%
& -
 

·* 
?
?????????????????
?
?
?
?
?
?
?
?



#
#

# #





. 


   

 

& 
·*# $ 


%c#c



 c/? ##
%


0. 

1.? Centralized and consistent security across heterogeneous environments

2.? Reduced administration cost
3.? Improved end user experience

 

1.? Web single-sign-on

2.? Common policy management
3.? Multi-level, multi-factor authentication management
4.? Self-service and delegated administration
5.? Workflow engine
6.? Web Services interfaces

%
·c###

0. 

Eliminates forgotten passwords for Windows desktop and applications

1.? Improves security & user experience

2.? Meet regulatory compliance


  

1.? Sign-on to any Windows, web, host, mainframe or Java application

2.? Use any combination of tokens, smart cards, biometrics and passwords
3.? Auto inactive session termination and application shutdown for shared workstation
4.? Reset Windows password directly from locked workstation

%c
c
! 
c 

0. 

1.? Secured integration with partners

2.? Reduced administration cost
3.? Improved end user experience

 

1.? Seamless SSO and identity sharing

À? Multi-protocol gateway ʹ SAML, Liberty, WS-Federation
À? Service Provider or Identity Provider
2.? Flexible deployment configurations
À? Standalone for use with pre-existing web-access management solution
À? Protocol SDK for custom applications

%0#c# &

0. 

1.? Quick and simple deployment

2.? Provide standard (J2EE) policy enforcement points
-/? Enable SLA definition and monitoring, quality of service reporting/

 

1.? Declarative policy (no coding)

2.? Rich library of pre-built policies
3.? Centralized policy management with local enforcement
4.? Supports WS-Security
 cc/? c
c
!c c#

c




%c
c
! &

0. 

1.? Reduced administration cost

2.? Cost effective regulatory compliance
3.? Improved security
4.? Improved service level

 

1.? Identity life-cycle management for the heterogeneous enterprise

2.? Approval and provisioning workflows
3.? Role based access control
4.? Complete integration solutions: OOTB connectors & Adapter Factory
5.? Deep integration to ERP and HRMS
6.? Audit and compliance reporting and process automation


 ccc/? c
!#c#


%c
%c
!

0. 

1.? Rapid application deployment

2.? Tighter controls on identity data
3.? Real-time identity information access

 

1.? Modern Java & Web Services technology

2.? Virtualization, proxy, join & routing capabilities
3.? Superior extensibility
4.? Scalable multi-site administration
5.? Direct data access


 c/? c
c
!c
1·%c 

0. 

1.? Cost effective compliance

2.? Enhance data integrity and auditability
3.? Real time and consistent enforcements
4.? Enable compliance to SOX, GLB, HIPAA, J-SOX

 

1.? Comprehensive historical and temporal audit data

2.? Comprehensive operational and historical reports
3.? Attestation of entitlements
4.? Segregation of duties via denial policies
5.? Comprehensive system and exception logging
6.? Integration with Audit Vault, ICM, and 3rd party compliance products


 /?  &

%
·c# & c
c
! &


0. 

1.? Actively manage IdM service levels

2.? Rigorous management of IdM technology stack
3.? Simplified deployment, patching, and upgrade

 

1.? Automated modeling of IAM components and infrastructure

2.? Define SLA, monitor and report
3.? Response time, throughput, usage metrics, ͙
4.? Server, application, and user level metrics
5.? Automated discovery of IAM components and infrastructure
6.? Discover & track configuration attributes / values
7.? Installing, Patching, Upgrading, Cloning


c# 0. 

1.?  
   Ͷ With Oracle Identity and Access Management Suite, you can
now deploy applications faster, apply the most granular protection to enterprise
resources, automatically eliminate latent access privileges, and much more. Enterprises
can leverage Identity and Access Management Suite in its entirety or deploy individual
components of the suite to meet your unique needs given the comprehensive, hot
pluggable and application- centric features
2.? 
2  Ͷ Seamless switching between applications improves
productivity for users across a wide range of applications.
3.? c 
  Ͷ Pre integrated, best-in-class solutions work together as a single
solution. Identity management solutions can not only aid security but also makes it
easier to assign privileges to different user groups to manage them more effectively.
Oracle͛s Identity Management features the industry's most complete suite of best-in-
class identity management solutions all your user security needs.
4.? %+
 Ͷ a single solution cuts the time spent integrating disparate components,
and provides a single point of contact for support, a single license contract, and the
backing of the world's largest enterprise software company.

Oracle Identity Management 11@ enables customers to efficiently comply with regulatory
requirements, secure critical applications and sensitive data, and lower operational costs. Using
the most complete and best-in-class suite of identity management solutions available,
enterprises can manage the entire user identity life cycle across all enterprise resourcesͶboth
within and beyond the firewall.



 %#c 

The identity management market is one that we watch closely. And while it has yet to fully
explode into the mainstream, 2010 is seeing it steadily gaining momentum. Identity is so
compelling because it's far more than just a security technology. Authentication, fine-grained
access control, and SSO (single sign-on) are all advantageous, but they only represent the tip of
the iceberg of what an identity suite can accomplish.

Ultimately identity will serve as the foundation for managing distributed webs of application
services, paving the way for smoother, SOA-based business integration. But, of course, that's a
long way off. In the meantime, most enterprises will embrace it for its ability to automate
provisioning and deprovisioning of user accounts, as well as for its centralized authentication
logging and auditing capabilities, both of which can play a crucial role in regulatory compliance
measures. For many companies, however, setting up an identity infrastructure remains a
daunting task. Not only is the technology complex, but it also inevitably touches countless areas
of an enterprise and its business processes. Ê  ?? ?
?
???
??
?
??
? ?
?

Over the long term, SOA may prove to be the ultimate driver of identity technologies, as
identity management and service orchestration dovetail into a single infrastructure
management discipline. For now, however, sustained growth will be the theme. Identity
management is still in its early phases, but it's never too soon to get on board, because big
things are ahead.