Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
2.
3.
4.
5.
6.
7.
8.
9.
10.
Page 2
at the center. For people to interact, collaborate, and transact business they must be
able to identify who they are dealing with in a secure and reliable manner.
The concept of verifying identity is simple. We are familiar with this notion from
everyday life. A drivers license or passport is commonly used as a form of
identification. It is a trusted way to store and provide attributes about an individual
such as name, address, and age and to validate that persons access to certain
locations, services or privileges. However, when this simple concept is applied to
the electronic world, one used for conducing business across corporate boundaries,
it quickly becomes complex.
A key success factor for e-Business initiatives is to treat identities as a fundamental
piece of the infrastructure exposed and consumed by multiple applications or
systems, rather than focusing on identities on a per-application basis. The
investment made in building this part of the infrastructure, typically yields
sustainable returns in the long run.
2. Borders dont matter.
Nothing stays the same. There will always be new software, platforms and
applications, mergers and acquisitions that marry companies with different IT
environments, and regulatory legislation that will continue to evolve. Companies
need a flexible, interoperable solution that can serve as a foundation for a broad
Identity and Access Management infrastructure moving forward.
Solutions that do not offer the integration and interoperability required, or that do
not support open standards, and that require customers to lock-in to a technology
thats often not best of breed, will likely fail at addressing the long-term needs of
the organization.
Therefore, when selecting vendors to address Identity and Access Management
needs, Companies need to carefully weigh in not only the current standards being
supported, but also the commitment of the vendor to continue embracing and
Page 3
supporting evolving standards. In the long run this strategy will maximize the
return on the overall IT infrastructure investment.
4. Its about security of inclusion.
The "old" security model was based on constructing a firewall to keep "outsiders"
out. In todays e-Business environment, a new model offers precise, authorized
entry to partners or individuals with different needs, roles, and levels of
responsibility. Differentiation comes from providing the right level of access to the
right user, which is often referred to as security of inclusion.
The key is to create, for each authorized user, an individualized access control
scheme that:
Can confidently track and audit the operations and events that relate to a
specific identity, which in most cases enables Companies to achieve
regulatory compliance needs.
Page 4
Furthermore, the compliance requirements that most companies face, call for a
flexible security infrastructure that can audit each and every event at a granular
level, preserving the identity of the end user; and likewise can provide reporting and
mining tools that can analyze this audit data warehouse and produce business level
reports that can satisfy the needs of auditors or business stakeholders.
6. Consistent business rules are applied across the enterprise.
The issue of business rules is very important. A robust Identity and Access
Management solution will apply the same business rules and practices to its online
business that it applies to business conducted offline, providing the flexibility to
manage, evaluate and enforce access decisions to various applications via
enforcement points
Business rules are the core of your organizations operation, and should not change
as a result of technology limitations. Oracles best practice is to adopt a business
level, role-based security model that is abstracted from individual applications or
systems, and through well-defined rules of inclusion, exclusion and exception can
map to specific entitlements or rights within specific applications. The Identity and
Access Management solution should provide the framework to consistently manage
and apply these rules as a part of an enterprise wide infrastructure rather than as a
vertical security "silo." Identity and Access Management cannot be an add-on or
down the line decision when a company realizes that managing user identities could
spin out of control.
7. Centralized security lowers costs.
The first and foremost benefit of implementing the correct Identity and Access
Management solution is cost reduction. How do companies achieve cost reduction?
Cost reduction is generated primarily as a result of creating the Identity and Access
Management infrastructure. In this model companies centralize Identity
Management and Access Control for all Web-based applications. This means that
rather than each application using its own individual infrastructure to manage users,
roles and control access, it creates a single, centralized Identity and Access
Management infrastructure across the company, as well as the extended enterprise.
Once the Identity and Access Management infrastructure is in place it is much
quicker and less expensive to turn on and deploy new applications. The new
application can tie into a centralized architecture creating a cost-effective way to
ensure compliance. Furthermore, the same infrastructure can be leverage as a
collection of services in a Service-Oriented Architecture (SOA), where applications
can consume identity information or enforce access control rules by invoking
services of the Identity and Access Management infrastructure.
In addition, it is important to understand the cost savings of single sign-on. Single
sign-on across multiple domains allows users access to an entire suite of
applications after signing on only once. Single sign-on can be applied across portal
networks so the user can access any number of applications through a portal.
Page 5
And even the ability to assign temporary responsibilities while personnel are
out of the office
Page 6
branded portals and applications, while following a consistent user and access
management process.
10. Infrastructure services can be re-used
Oracle customers have seen clear and tangible cost reduction after deploying
Oracles Identity and Access Management solution. For example, CUNA Mutual
provides a variety of financial services to 97% of the credit unions in the United
States. After they implemented Oracle Access Manager, they were able to reduce
annual costs $500,000 to support the identity administration needs of their 2000
employees. Perhaps more significantly, by leveraging the self-service and automated
aspects of Access Manager for managing the user rights of their client credit unions
and their consumers, they were able to save roughly $3-4 million in annual help
desk support calls.
Earlier we discussed a large aerospace manufacturer that is saving close to $4
million per month, consolidating 7 passwords down to one and providing single
sign-on to Web applications for worldwide employees.
Similarly, Southwest Airlines is seeing cost reductions in two very important ways.
First, the airline estimates a cost savings of nearly $1.2 million per month for
reduced password and identity administration costs for their employees. Next, they
have driven cost and achieved competitive advantage by allowing their mechanics
to have seamless access to plane maintenance information on their aircraft suppliers
Web portal by leveraging Oracle Identity Federation. Southwests IT administrators
do not have to duplicate the management of mechanics identities and access rights
at both Southwest and the aircraft supplier. This information can be managed and
Page 7
stored once, at Southwest and then through an online trust relationship, facilitated
by Oracle Identity Federation, mechanics now have immediate access to
maintenance information, without having to sign in separately to the suppliers
portal.
With compelling evidence gained from customers success and a portfolio of bestin-class products, proven in the marketplace, Oracle Identity and Access
Management solution brings demonstrable results to companies looking to increase
security while reducing overall cost in running their e-Business environment.
Page 8