audit and assurance software watch day - iiabel · 50+ reports compliance dashboards compliance...

Frederic.Brusselmans@oracle.com

Antonio.Mata.Gomez@oracle.com

Audit and Assurance Software

Watch Day

SECURITY. SOFTWARE. COMPLETE.

Layered security Protecting confidential business Information

Access

Management

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Layered security Protecting confidential business Information

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Joiners, Movers and Leavers Targets ….

Privileged Accounts ?

• Root

• Administrators

• Sys, Sysadmin

• Application Accounts

SECURITY. SOFTWARE. COMPLETE.

Explosion of Scale

• Few Administrators

• Handful of Audit Staff

• Too many privileged accounts

Oracle Identity Governance Governance Platform

Grant User Access Monitor User Access

Provision De-Provision

Connectors

Access

Request

Privileged

Account

Request

Role

Lifecycle

Management

Check-in/

Checkout Identity

Certifications IT Audit

Monitoring Rogue

Detection &

Reconciliation

Reporting &

Privileged

Access

Monitoring

Access Catalog IT Ownership

Business

Attributes

Accounts

Roles

Glossaries

Entitlements

Oracle Identity Governance Suite Governance Platform

ERP, DB

and Mainframes Fusion

Applications

Cloud

Applications

Oracle Identity Manager

Reconciliation

Provisioning

Access Request

Identity Administration

Oracle Identity Analytics

Access Certification

Role Mgmt. Monitoring Dashboards

Segregation of Duties

Oracle Privileged

Account Manager

Policy Management

Password Check-in/ Check-out

Catalog enrichment

Catalog definition

Harvesting

Oracle Identity Governance Access Catalog

Oracle Identity Governance Shopping Cart Simplicity

Compare &

Select Track Receipt

Confirmation

Browse

Privileged Account Management Complete Lifecycle Management of High Risk Accounts

Audit

Logging

Password

Vault

Checkin

Checkout

Policy

Control

Account

Lifecycle

Reduce

Risk

Improve

Compliance

• Role Change Approvals

• Role Versioning

• Rollbacks & Comparison

• Role Change Impact Analysis

• Rule Management

Change Mgmt

• Role –Entitlement Mapping

History

• Role Membership History

• Approvals History

• Role Ownership History

Role Audit

• Role Definition Attestation

• Role Membership Attestation

• Role Consolidation

• Role Mining

Governance

Top-Down Approach

Bottom-Up Approach

Role Audit, Analytics

Role Mining

Role Modeling

Role Definition Role Governance

Oracle Identity Governance Role Lifecycle Management

SECURITY. SOFTWARE. COMPLETE.

A Smarter Approach to Identity Compliance

Aggregating Information & Building a

Catalog

Prioritizing & Automating Certification Closed-Loop Feedback & Remediation

Reduce Cost, Time & Risk

Identity

Warehouse

Simplified User Experience & Reporting

$

Across Entitlements & Roles

Within Application or Cross-

Applications

Preventative & Detective

Remediation

IT Audit Policies

Roles Vs. Actuals

Entitlements Outside Roles

Mitigating Controls

Manager Signoff for Audit

Exceptions

Role Exceptions

50+ Reports

Compliance Dashboards

Compliance Metrics Monitoring

Historical Trend Analysis

Remediation Tracking

Monitoring

Oracle Identity Governance IT Audit Monitoring

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Layered security Protecting confidential business Information

Oracle Audit Vault and Database Firewall Detective/Preventive Control for Oracle and Non-Oracle Databases

OS, Directory Services, File

system & Custom Audit Logs

Firewall Events

Users

Applications

Database Firewall Allow

Log

Alert

Substitute

Block

Audit Data

Audit Vault

Reports

! Alerts

Policies

Auditor

Security

Manager

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Layered security Protecting confidential business Information

• Limit DBA access to app data

• Multi-factor authorization

• Enforce enterprise data governance, least privilege

• Realms create protective zones

• Out-of-the-box application policies

Database Vault

Privileged User Controls Preventive Control for Oracle Databases

Procurement

HR

Finance

select * from finance.customers

Application

DBA

Applications

Security

DBA

DBA

Oracle Label Security

Label Based Access Control Preventive Control for Oracle Databases

Sensitive

Transactions

Report Data

Reports

Confidential

Sensitive

Confidential

Public

• Virtual information partitioning

• Apply labels to users and data

• Flexible classification labels

• Automatically enforced row level

access control

• Transparent to applications

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Layered security Protecting confidential business Information

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Production

Access

Management

Dev/Test/Acceptance/…

Layered security Protecting confidential business Information

• Replace sensitive app data

• Referential integrity preserved

• Extensible template library

• Automated masking policies

• Support for non-Oracle databases

Oracle Data Masking

Masking Data for Non-Production Use Preventive Control for Oracle Databases

LAST_NAME SSN SALARY

ANSKEKSL 323—23-1111 60,000

BKJHHEIEDK 252-34-1345 40,000

LAST_NAME SSN SALARY

AGUILAR 203-33-3234 40,000

BENSON 323-22-2943 60,000

Production

Non-Production

Dev

Test

Production

Data Redaction ?

SECURITY. SOFTWARE. COMPLETE.

Access

Management

Layered security Protecting confidential business Information

Why Oracle ? One Company, One Solution, One Stack

Proven vendor

• Acquire and retain best of breed technology and talent

• Battle-tested for large, mission-critical applications

• Referenceable, award-winning customer deployments

• Gartner, Kuppinger, The Forrester Wave, Forrester, Burton

Group, ...

Most complete and integrated best-of-breed portfolio

• Service-Oriented Security

• Interoperable components

Future proof investment

• Standards-based and hot pluggable for easy integration

• Established deployment best practices

• Large implementation ecosystem

24 SECURITY. SOFTWARE. COMPLETE. SECURITY. SOFTWARE. COMPLETE.