| |
|
|
| |
|
|
| |
Security and User Account Management: Oracle’s Pair of Aces
Ty Kirk, Infrastructure and Security Services Manager
In a hand of poker, two aces are better than one, which is how you can think about Oracle’s powerful duo of Oracle Access Manager (OAM) and Oracle Adaptive Access Manager (OAAM). When combined, OAM and OAAM provide an improved user experience with robust fraud detection. Get better security AND give your users a better experience as you comply with corporate and governmental information security policies and regulations (e.g. SOX, HIPPA, etc.).
Ace #1 – Oracle Access Manager
OAM consists of two components, the Access System and the Identity System. The Access System secures applications by providing centralized authentication, authorization and auditing to enable single sign-on and secure access control across web applications. The Identity System controls user, group and organization information. It enables delegated administration of users, self-registration, and approval and other workflows. These systems integrate seamlessly and may be deployed together or individually.
OAM is an ace because it allows for:
• One set of credentials (login name and password), so no security breaches from post-it notes on the desk to remind the user of his various sets of credentials
• Only logging into one system once, and then having access to other systems granted without entering additional credentials
• Centralized, policy-based controls
• Standardized and centralized auditing
• Centrally controlled authorization
• Centralized user and group management
• User self-service and self –registration capabilities
• Complex user, group, and organization workflows possible out of the box
Ace #2 – Oracle Adaptive Access Manager
OAAM is a top of the line fraud detection and strong authentication product. It’s this second ace that beats the hackers. OAAM has two main components, Adaptive Strong Authenticator (ASA) and Adaptive Risk Manager (ARM). ASA is a hardware- and software-independent product which end-users can invoke for authentication from any browser, over any network (public, private, Wi-Fi, and kiosk). ASA provides users the ability to choose how to enter their credentials during session initiation or during in-session transactions. Users who wish to use a keyboard for additional privacy may choose a keyboard widget, as opposed to a number pad widget that requires mouse clicks to enter credential information. These “widgets,” shown below, may look simple, but they help prevent phishing, key loggers, over-the-shoulder surfing, etc.
  
ARM provides a strong second- and third-factor of security for a business. It can serve as a standalone solution that offers increased security, with no change to the user experience or it can be used in combination with ASA. ARM verifies each user's computer and location ("something you have"). It also verifies a user's behavior patterns to confirm identity ("something you are"). These additional levels of verification are added to existing enterprise requirements for login/password credentials and additional knowledge-based authentication ("something you know").
ARM uses dozens of “tentacles”, including proprietary one-time use secure cookies, Flash objects, and other patent-pending technologies, to recognize and fingerprint the device (i.e., computer, laptop, kiosk, etc.) that you typically log in from. In this way, ARM makes a personal computer the second factor-without requiring any change in a user’s behavior. ARM can evaluate different parts of a session, whether pre-, post-, or in-session transactions.
So, not only do users need to provide login, password, and answers to any other secret questions, but ARM is also registering their computer, IP address, etc. , adding another level of complexity for authentication. Thus, you get multi-factor, strong authentication.
OAAM is an ace because it allows for:
• A technology, platform and browser agnostic solution
• Stronger, multi-factor authentication (more than a login and password)
• Compliance with regulations, such as PCI, NIST, SOX, etc.
• Fraud prevention against phishing, key and mouse loggers, etc.
• Flexible administration GUIs for easy configuration and security-policy targeting
• “Learns” normal behavior enabling real-time fraud detection
• Adapts to the user population behavior changes without manual intervention
Additional security measures must be implemented when exposing applications with sensitive data, transactions and business processes over the web. You can enhance your security position with the pair of aces, OAM and OAAM. Not only will your organization benefit from compliant strong security, but your employees will be more productive with single sign-on and user self-service functionality.
To further understand how Oracle’s security duo of OAM and OAAM can be applied to solve your organization’s specific security needs, contact Zirous today.
|
|
| |
|
| |
|
| |
|
|
|
