oracle 4월 20일
Post on 14-Jan-2015
509 Views
Preview:
DESCRIPTION
TRANSCRIPT
<Insert Picture Here>
Protecting Cloud Applications with
Enterprise Single Sign On
임기성, Principal Sales Consultant
Enterprise Application Goals
Fast, Secure Access To Systems and Applications is
Critical To Accomplishing Your Business Objectives
Operational Efficiency
Operating Costs
Security & Compliance
Risk
• Bad password management reduces security• Weak passwords are easy to guess or hack
• Strong passwords get written down and our vulnerable
• Password synchronization results in “Keys to the Kingdom”
• Employees Lose Productivity managing passwords• Complex userid’s and passwords are hard to remember
• Employees get locked out of applications resulting in helpdesk calls
• Assure GRC Policies are Met (Compliance)• HIPAA 164, PCI, SOX 404, HSPD – 12
• All Compliance initiatives are driven around
• Assuring only the appropriate people have access to applications
• Auditing when and by whom that application was accessed
The Business Problem
• Users have too many ID’s &
passwords
• Need Access from anywhere
• Hard to know who has
access to what
• Secure delivery of
application credentials
to end users
• Users forget Windows
passwords
• Strong authentication
is too complex and
expensive to deploy
Sign-on
Enterprise Access Challenges
• More services being offered in a hosted manner
– CRM
– Personal Productivity Products
– Business Intelligence
• Provide many benefits to the organization
– No need to procure large and complex infrastructure
– No deployment or maintenance costs associated
– Provides easy access to information from anywhere
Cloud applications are proliferating
• Add another set of credentials for users to maintain
• Securing access to those applications
• Controlling access to only those who need it
– Changing roles
– Termination
• Auditing access to the application
Drawbacks of cloud applications
• Established track record– Passlogix Founded in 1996
– Proven history of success as Oracle
OEM provider since 2006
– Oracle Acquires Passlogix in Oct 2010
• Market-leading– 20 million+ licenses sold
– 1,500+ enterprise customers
– 10,000’s of applications
– Customers with millions of employees
• Patented technology– Provides fast deployment, quick ROI
– 2 US patents and 7 foreign, additional
pending
Cumulative # of Licenses Sold
Oracle ESSO: Solves Access Challenges
“The company goes around a problem .... It is far different from thinking out of the box. It's refusing to acknowledge that the box exists in the first place.”
“Passlogix has been very successful early on in the
IAM market with its Enterprise SSO. Passlogix
[has] a solid reputation and name recognition not
typically realized by a company of its size.”
“Passlogix provides an excellent, lightweight, low
maintenance SSO solution, suitable for deployments
of any scale … and it is seen as a “best of breed”
enterprise SSO product – the general good opinion in
which it is held …”
“Passlogix has some highly functional ESSO
technology … they often pioneer in the
market…”
100% of customers would buy it again
100% of customers would recommend it to a peer
100% of customers said Passlogix keeps all promises
71% ranked Passlogix as their Best or 2nd Best Vendor
Recognized Leadership
FinancialLicenses: 1.6 million +
Healthcare / PharmaceuticalsLicenses: 600,000+
EnergyLicenses: 500,000+
GovernmentLicenses: 700,000+
Deployed by Leading Customers
Complex Compliance Environment
Assure GRC
Policies
Avoid Fines, Litigation, Loss of
Revenue
Helpdesk Nightmare
80% Call Volume
Reduction
Strong Auth to Ensure Identity
Reduced Employee
Productivity
Quicker Application
Access
No Downtime with Acct Lockouts
Growing Security
Risks
Simplified Secure Access
Enforce Strong Policies
Oracle ESSO Value Proposition
ESSO Authentication Manager
ESSO Provisioning Gateway
ESSO Logon Manager
ESSO Password Reset
Sign-On ESSO Kiosk ManagerESSO Anywhere
ESSO Logon Manager
Sign-on
Oracle ESSO Suite Plus
ESSO Logon Manager Overview
User’s Desktop
ESSO Admin Console
ESSO Logon Manager
Directory, Domain, Database
Application Sign-OnUser Authentication
Synch
Token/ Smart card
PKI
Password
Credential& Profile
Store
Audit, Reporting
ES
SO
AM
API
Windows
Web Sites
Extranet & Portal
Mainframes (OS390, AS400)
JavaBiometrics
ESSO Logon Manager (ESSO-LM)
• Enforces strong password policies
• Optionally can generate random passwords not known by users
Manage Passwords
• Leverage corporate strong authentication deployment
• Challenge for re-authentication prior to providing credentials to the application
Integrate Strong Auth
• All logon events are audited and associated to an enterprise user name
• Track all password change events to comply with security
Ensure Compliance
ESSO LM Provides Efficient Security
Sample Report
Randomly Generated Password look like this:
ESSO creates Strong Passwords
• More challenging then conventional applications
– Hosted applications can be accessed from anywhere
– Disabling network ID does not terminate application access
• ESSO LM does not allow user’s to reveal passwords
• This allows easy removal of access
– Disable windows account
– Remove SSO password through ESSO Provisioning Gateway
Controlling User’s Access
Cloud Application
Access the cloud anytime, from anywhere
Remote
PC ESSO-LM
Agent
Cloud Applications
ESSO from Anywhere
1. User logs on to portal with SSL VPN
5. User launches application (e.g. SAAS CRM)
automatically signed on by ESSO-LM
4. ESSO-LM retrieves credentials
2. ESSO-LM downloads, runs
3. ESSO-LM authenticates to corporate directory
Corporate Directory
6. User signs off, credentials and ESSO-LM deleted
ESSO-LM
ESSO-LM
ESSO-LM
How It Works
User’s Desktop
Directory, Domain, Database
Application Sign-OnUser Auth
Biometrics
Token/ Smart card
PKI
Password
Windows
Web Sites
Extranet & Portal
Mainframes (OS390, AS400)
Java
ESSO Logon Manger
Server
Connectors
SPML
Provisioning Sources
Applications & Custom Programs Data file and Manual Entry
Provisioning Instructions
Credentials
Oracle Identity Manager
Oracle ESSO PG
ESSO Provisioning Gateway
Sign-off
Windows
Web, Extranet, Portal
Mainframes (OS390, AS400)
Java
Session Actions
initiate, suspend, screen saver, terminate
Events Monitor
- time out
- card removal
- tap out
App. Shutdown
- keystroke xmit
- closure request
- process terminate
LDAP Logon
Retrieves policies and settings
AD, LDAP, SQL
eSSO
Admin Console
Define kiosk policies and settings
ESSO-KM Architecture
Domain
ESSO PR Console
Admin
Audit, Reporting
Windows Logon
ResetESSO Reset
Server
ESSO Password Reset Architecture
Key Innovations
• Simplicity over security
• Natively designed for all methods
• Client-side architecture
• No proprietary databaseActive Directory
•Card serial #, PIN
•User Windows id, password
•Policies (e.g. PIN length)
•Settings (e.g. force user enrollment)
ESSO-UAM
ESSO-LM
Admin Console
User enrollment
Actual authentication
PIN reset
Cache - disconnected use
Card serial #
PIN
ESSO-UAM General Architecture
oracle.com/identity
search.oracle.com
or
Identity management
For More Information
• Simplify access to cloud applications through ESSO
• Increase security by maintaining user’s password for
them
• Audit all access to the application for Regulatory
Compliance
• Enforce all policies from any computer with internet
access
Summary
top related