Forrester & PwC show where Information Security is going

Compelling reasons for focusing on Enterprise Security from independent analysts Forrester & PricewaterhouseCoopers

As illustrated recently in the CIO magazine article “Why Security Matters Now” By Bill Brenner, PwC's CIO Survey illustrates that while IT departments, CFO's, and CEO's are looking carefully for any opportunity to cut costs, they are still reluctant to slow spending increases in Information Security.

So why can't they curb spending growth on IT Security?

With the explosive growth in adoption of Social Networking sites/tools and Cloud Computing Services there is an ever growing threat for security risk and data security leak.

While these are the most compelling, innovative, and revenue driving technologies … they cause the biggest heart burn. Twitter, Facebook and LinkedIn drive collaboration, help organizations connect with customers, partners, etc. … But they also simplify fraud, data & identity theft, or just make it easier to make mistakes.

While leveraging virtualization & cloud services allows organizations to cut costs and simplify their physical IT infrastructure, it also opens up the pandora's box of new security and management issues. Driving your infrastructure towards the cloud has left you vulnerable to attacks and professional hackers have redoubled their endeavors to use these weaknesses against the big names like Google, Yahoo, etc. but also their enterprise customers.

So where is the good news?

Despite the arguably worst economic down turn in decades, organizations are spending more on in-house security solutions. Security budgets are holding steady, and more organizations are employing a chief security officer (CSO) and/or chief information security officer (CISO).

PwC's 7^th annual survey including input from nearly 7,300 executives worldwide across industried including financial services, health care, retail, government, and so on. The result was a clear indication that organizations are investing in data protection and authentication including:

1. Biometrics

2. Web content filters

3. Data leakage prevention

4. Disposable passwords/smart cards/tokens

5. Reduced or single-sign-on software

6. Voice-over-IP security

7. Web 2.0 security

8. Identity management

9. Encryption of removable media

So who are they turning to?

According to Forrester Research and their recently updated Wave Report on IAM, there is a clear preference for Oracle as the leader and innovator in the the space.

Their positioning of Oracle was driven by their leadership in product functionality/depth but also overall depth of the suite. They highlight how Oracle is the only vendor that has adopted an externalized Entitlements Solution and continues to deliver on it through Oracle Entitlements Server (OES), Formerly BEA AquaLogic Enterprise Security (ALES). Also the commitment to Risk-Based Authentication through Oracle Adaptive Access Manager (OAAM) and the integrated solution for Data Security, Oracle Information Rights Management (OIRM).

To see the CIO article

http://www.cio.com/article/504837/Why_Security_Matters_Now

To get the full PwC survery

http://www.pwc.com/gx/en/information-security-survey/index.jhtml

To read the Forrester’s IAM Wave Report

http://www.oracle.com/corporate/analyst/reports/infrastructure/sec/forrester-wave-iam.pdf

What's Up Doc?

Highlights from Oracle's 56th IDM Newsletter "News You Can Use"

Innovation Awards

Awards honor innovative use of Oracle IAM at Cisco and Visa

http://www.oracle.com/us/corporate/press/022542

Oracle Magazine salutes Information Secured

http://www.oracle.com/technology/oramag/oracle/09-sep/o59secure.html

Oracle Identity Federation (OIF) Wins 2009 Iddy Award

Oracle, along with NRI, and NTT have won an IDDY in the POC category for an application that demonstrates the possibility and practicality of achieving policy interoperability between OpenID and SAML. See the press release here for complete details.

Featured Partner

As noted in this blog, Oracle Information Rights Management and Symantec DLP version 10 integration announced, taking data protection to the next level by combining data discovery with policy-based application of Oracle IRM.

Oracle Identity Management 11g

Oracle was pleased to announce the release of the first phase of Oracle Identity Management 11g this past summer, including enhancements to Oracle Identity Federation, Oracle Internet Directory, and Oracle Virtual Directory:

http://www.oracle.com/us/corporate/press/020724

Oracle Identity Federation 11g

OIF 11g introduces the flexibility, performance and manageability enterprises require from federation solutions. Building on the FMW frameworks for audit, logging, monitoring and credential storage, OIF puts Oracle's first-class compliance, diagnostic and security tools at the administrator's fingertips.

Oracle Virtual Directory and Identity Publisher

OVD allows Identity Publisher feature for PeopleSoft HR, Siebel and Oracle Customer Hubs to make it possible to access identity information stored in these Oracle applications easily, in real-time without any additional synchronization.

Oracle Enterprise Single Sign-On Anywhere

ESSO Anywhere is the first comprehensive offering from a major vendor that lets enterprises host single tenant ESSO in a private cloud to provide users with secure access to heterogeneous enterprise resources from anywhere, anytime.

http://www.oracle.com/us/corporate/press/035509

F5 BIG-IP access solutions to be integrated with Oracle Access Manager

As noted on this Blog, solution will enable customers to centralize and unify application access control services across diverse network environments.

Qualcomm Discusses The Next-Generation Identity Management Solutions

Oracle Identity Management 11g provides the next level of cohesive management and deployment within a common console by allowing administrators to manage multiple parts of the stack. Watch the video to see more about how Qualcomm is using Oracle Identity Management.

http://www.oracle.com/us/products/middleware/identity-management/index.htm?section=VO&uid=8103894&refid=id_VO_8103894

State Of Delaware Goes "Green" By Implementing Oracle Identity Management

The State of Delaware provides online services to their citizens and employees. They selected Oracle Identity Management based on flexibility, security, and auditing capabilities. Please visit the link below to see the State of Delaware video.

http://www.oracle.com/us/products/middleware/identity-management/index.htm?section=VO&uid=8103899&refid=id_VO_8103899

Marc Chanliau discusses Security as a Service

Director Product Management, Marc Chanliau, discusses how “Oracle Fusion Middleware is highly predicated on service-oriented architecture (SOA) environments.”

To get the full details of the newsletter

• In PDF format

• In DOC format

Provisioning Cloud Services like Google Apps

“You must not blame me if I do talk to the clouds.”

Henry David Thoreau

While SaaS/Cloud/SOA services … pick your buzz word, are great alternatives for small to medium size organizations (SMB), using them requires Provisioning & Federated Security which are challenges even for large Info Sec departments in Fortune 100 organizations.

In particular Google Apps™ provide small businesses, universities, schools, and other organizations the option to outsource collaboration tools, etc. for low- or no-cost. But the issue of managing user access to those applications is still the responsibility of the organization.

So what is the solution?

• The Aegis Provisioning Appliance for Google Apps delivers the tools needed to automatically add, modify, and delete accounts by expanding organizations existing directory services and provisioning infrastructure.

• The appliance provides a full set of account management tools through real-time secure interfaces to Google Apps.

How does it work?

• Automates the creation, update, deleting of accounts based on actions in an organizations existing directory service (e.g. Microsoft Active Directory or LDAP)

• Provides delegated administration for defined users to add, update, delete accounts

• Creates predefines web-based workflows including approval chains

• Supports future expiration dates or renewal approvals

• Simplifies the use of contractor or guest accounts with access registration/sponsorship forms

What is the compliance impact?

• The Aegis Appliance ensures that account creation, updates, deletes are done in line with the organization’s policy.

• Rules can be easily applied (and demonstrated) so a contractor needing access to Gmail for one week and then automatically disabled.

• Allows organizations to start with Google Apps and scale into a full enterprise IAM deployment from Oracle

So how do I deal with the security issues?

• The Aegis Provisioning Appliance can be combined with the either Aegis Password Management Appliance or the Aegis SSO Appliance

• This provides users with a seamless login experience to their new Google accounts through either synchronization of passwords to Google, or web-based SSO.

Why are appliances beneficial to SMB's?

• AegisUSA Appliances are a revolutionary approach to IAM, providing enterprise-level functionality in an appliance form factor

• The 80/20 rule - This reduces cost through simplicity, removing the complexity by focusing on the most common use cases

• Higher time-to-value for an identity solution through lower implementation costs

• Provides a fully configured HW/SW environment, leveraging enterprise-class components

This is part of a broader evolution of IAM as SMB's are becoming a growing consumer of IAM technology which is the driver behind the AegisUSA strategy.

After all there are only more Cloud based services to come. As Judy Garland put it "Behind every cloud is another cloud.”

To learn more visit Aegis USA

Bridging Physical and Logical Security

OK, so I secured the applications but who walked into the building???

Why do I care?

• Same old reasons Audit & Compliance – Difficult to obtain

• Legal mandates (FDA, DEA, SOX, SAS70 etc..)

• Cardholder Access Rights and Global visit records

• duplicate records, not accepted by auditors - Multiple records in multiple Physical Access Control Systems (PACS)

• Ghost & Orphan accounts

• Managing “PACS & Access Changes” is Complex & Costly

• High Operational Cost - multiple manual processes

• Card Issue, Card De-activation, Lost or Stolen card

• Temporary cards, Visitor management

• New Hire, Termination, Changes in Role, Title, Department, Location, etc…

• Time & Attendance, Asset Check in/Check-out, etc.

• Multiple Silos of Physical Access Control Systems (PACS)

• Configurations in PACS are all different

• Different Door names, Access Privileges, Clearances,

• Concept of Global “Role or Groups” missing across PACS

• No Self-Service Console, No Global Administration

• Manually Driven & Error Prone process increases Cost

Not convinced yet? Here are the metrics...

• ROI Calculator Based on a large multinational organization

  • Current system cost: > $25yr per person on maintenance

  • Porting cost for acquisitions: > $35/yr per person

• Result: Over $20MM in savings, ROI in under 1 year!
  

But that is just on the physical security. Complexity costs, simplicity saves!

To learn more about this solution please check out their site:

http://www.quantumsecure.com/

Infinite Identities

What's with the title, "Infinite Identities"?



Ok, so mostly it was selected because it was available and sounded catchy. But the Network World article today, "Drowning in Passwords", really speaks to the origin of the name and the key challenges we all face as individuals and organizations trying to manage our seemingly infinite number of identities.

While we mostly talk about security and compliance, IAM is truly a management problem. Both in the real world and in the virtual one we all play many roles:

• Father, husband, brother, son, grandson, friend, son-in-law
• Litter Box cleaner, leaf raker, toilet plunger, bug-killer
• Surfing-buddy, lunch-meeting-friend

With matrixed organizations, overlapping projects, evolving priorities, and dynamic timeslines we equally have a complex identity in the office:

• Manager, employee, co-worker, partner, customer
• Internally as a client of HR, procurement, legal, expenses
• Externally as a client of the healthcare provider, 401k, gym, etc.
• Selling to customers, selling with/to partners or partners selling to you
• The lead on a FY planning project, contributor on a new product strategy, listener on a new marketing program

Each one of these roles has a unique identity, not just by itself but also in all their interactions. This makes the number of not only accounts and password endless, but truly makes our entitlements infinite.

The challenge is only further complicated when you layer in social networking, from blogs to Facebook and Twitter, our 1:1 interactions in one role gets mixed with our identities in another. For example many have learned to keep their work "friends" on linkedin and their personal "friends" on Facebook, and their family ... on email.

This increasing web of complexity fuels the continous need for new innovations, solutions, and ultimately integrations to address it.

With this Blog, Infinite Identities, we will look to highlight and promote the best practices and best solutions being driven by innovative partnerships in IAM.


Thanks for reading!
Brian

Identity Proofing with IDology and Oracle Adaptive Access Manager (OAAM)

Do you know who I am?

You may think so, but what if someone has hijacked my account, my identity, my computer, my web browser, my session, etc. With high impact/value transactions, this “What if?” can have major consequences.

Richard M. Nixon famously said “I know you believe you understand what you think I said, but I am not sure you realize that what you heard is not what I meant.”

The point here being, even when you believe you know the user you may not? In an era where accounts, machines, and identities are taken hostage there is a need for a technology that can verify that you are who you say you are.

When do I need this?

• Someone is trying to open a new bank or credit card account - stolen identities can be translated into thousands of dollars in lost merchandise, hurt your brand, and increase insurance or credit card rates.

• Bank Transfers – Hijacked accounts from malware/viruses can leverage existing legitimate sessions to transfer money out of customer accounts.

• Car Lease/purchase – Imagine someone walks off the lot with a car, but under a false identity. The retailers is unlikely to ever see the vehicle again.

• Cell Phone – Using stolen identities or credit cards, thieves can rack up thousands in international phone bills

• Medical Records – Employers could leverage inside information on potential employees to make hiring decisions based on potential health insurance cost from pre-existing conditions

• Customer Data – Sales person walks away from their desk and a soon-to-be-leaving employee downloads current pipeline information or customer data to bring to their future employer.

The list of examples is endless and applies across all types of organizations, from public sector to higher education, from Fortune 500 enterprises to financial services and health care.

So how does this work?

• Based on policy, type of transaction, or probability of Fraud calculated by OAAM's risk scoring engine in real time, users can be promoted to join an “Authentication Session”.

• Users will be asked a series of questions such as “Which one of these is a street you grew up on?” or “What is the make/model of your first car?

• Unlike traditional Knowledge Based Authentication (KBA) with IDology questions and answers are generated dynamically based on a combination of public/private data sources. This is called Dynamic KBA.

• Based on the users answers IDology creates a fraud score, and OAAM determines, based on the organizations defined policy, if it will allow the user to continue with the transaction.

• OAAM can also used other context information such as Geo Location data, or require secondary or step-up authentication from something like StrikeForce SMS, ActivIdentity, or Verisign VIP.

You want to see it in action:

Demo

Oracle / ArcSight – Providing Real Time Oversight of User Behavior

When IT infrastructure generates millions of events/logs daily, how do you do you know if there is an issue and who is causing it?

Traditionally SIEM (System Information & Event Management) products track events by what resources are employed, when, by whom and for what result. Unfortunately the “who” part changes in real time based on the process being used and for what purpose. But with IdentityView, ArcSight transfers identity and role information from Oracle Identity Manager into its Enterprise Security Manager so that it can correlate all the identity markers and privileges of a specific user.

Armed with this proverbial identity matrix, ArcSight ESM can then associate events with a specific person, independent of the various identities that he or she employs.

So why do we need this?

• To automate the correlation of compliance and policy violations with specific users

• To understand how your key users (admins to accountants) are using IT infrastructure

• Increase accuracy/productivity of your role engineering and provisioning process

• Respond to security and compliance issues before they damage the organization

• Provide business owners with information about policy and security violations in terms that they understand and can act on

• Provide visibility and assurance to C-level executives that policies are being enforced to conform with compliance regulations such as Sarbanes-Oxley, PCI, HIPAA, etc.

What are the benefits?

• Leverages the investment in OIM by linking users and roles to security problems, compliance violations, etc.

• Faster identification of security and compliance issues resulting in more rapid response and remediation

• Control/monitor access rights & IT usage (services, apps, data, etc.) requires correlating millions of real time alerts and logs with specific user activity

• Provide auditors with proof that controls are in place and effective

• Visibility into violations of corporate policies covering customer, employee and business-sensitive data

• Improved productivity via automation of required reports, summaries and auditor requests for information

So why now?

You already have this covered

• Many organizations have invested in home-grown event monitoring solutions, but the challenge is that problem continues to get bigger, with every new system (applications, devices, Cloud/SaaS solutions) added to the environment.

• ArcSight cleanly replaces those solutions and delivers more functionality at a lower cost.

  You can't face this now, maybe in the future

• SIEM solutions are now considered standard “due care” for auditors concerned with SOX compliance.

• PCI DSS #10 explicitly requires monitoring of the relevant IT infrastructure.

  You don't have the resources

• Budgeting for security and compliance is difficult but by combining ArcSight with Oracle Identity Manager, organizations can “double up” on their return on investment based on the synergy between the products.

• SIEM alone provides multiple solutions for the security group, compliance group, risk management, etc.

To learn more:

http://www.arcsight.com/products/products-identity/

Vordel Launches Cloud Service Broker

With the Cloud Service Broker, Vordel pledges to bring trust and reliability to Cloud Computing

So what does this mean?

• The solution aggregates multi-domain services across their enterprise, partners and 3^rd party cloud services such as Amazon EC2 and Google Apps

• Through bringing the services together, the Broker enables organisations to consistently define and manage policy across these services and report on them

• Through the Broker, composite applications can be built seamless while offering full visibility, trust and control".

So why do we need this?

• Organizations using Cloud services in conjunction with their own on-premises SOA face major issues related to reliability and trustworthiness.

• Very difficult to bring together services from across domains (i.e. on-premises, Public and Private Clouds, and B2B) into coherent composite services and applying policies to them.

Vordel CEO, Vic Morris, said "Many organizations see the value of incorporating Cloud Services into their IT infrastructure, but they also have concerns about the reliability and performance of these services outside their domain of control. The Vordel Cloud Service Broker addresses these issues by providing a trustworthy “

So how does it work?

• The Broker solves this problem by registering services from all three domains into a single repository, enabling monitoring, management and policy enforcement.

• Plus the Vordel Cloud Service Broker offers value added services like caching, acceleration, and transformation, delivering enterprises savings in time and money.

What is under the covers?

• Multi-Domain Registry Repository (MDRR) – This is where the Broker registers aggregated services across domains. This one-stop-shopping for compliance to Service Level Agreements, privacy and security mandates.

• Analytics – Providing the visibility through an independent audit trail including raw usage information, service quality, patterns of usage over time, and identity of users.

• Content Analysis – Content is analyzed to enable Data Loss Prevention (DLP), content-level threats, and application-level attacks at the API and payload level.

• Caching – Protecting against latency from the Cloud service, saving money by allowing some requests to be serviced by the broker itself.

• Composition – Allowing developers to link together local apps with Cloud-hosted apps via Web Services interfaces, database, or message schemes like MQ or JMS.

• Content transformation – Accelerated transformation for mediation between different applications or between REST API interfaces and SOAP, JMS, COBOL, etc.

• SLA Monitoring - Comprehensive monitoring of response time of Cloud services, and the entire transaction throughput time.

• Traffic Throttling – Vordel refers to this as the “surge protector”, protecting against apps making a high number of calls to a Cloud service by deflecting a portion to a back-up service, newly provisioned for this purpose.

• Event Alerting – Notification of events like Cloud outages so that remedial measures can be put into place.

• Extensibility to 3rd Party Valued Added Services – Traditionally very difficult/costly with non standard API's from competing solutions, but is made easy & pluggable here.

For more information:

View the PDF

Product Page

Company

Press Release

One More Time! Oracle Tops Gartners Provisioning List

Oracle Announced this morning that they were again named the leader in Gartner's "Magic Quadrant for User Provisioning".

The Gartner Magic Quadrant ranks vendors based on their completeness of vision and their ability to execute on that vision. This is indicative of a dramatic evolution in the Identity & Access Management Market over the nearly 5 years since CA announced their acquisition of Netegrity.

The move sparked a shift from focusing on Web Single Sign-On to end-to-end suites for Identity and Access Management and lead to the spending spree at Oracle which put together this leading suite of products and market vision. In total, Oracle brought together technology from 9 IAM innovators to develop this market leading technology suite:

• Phaos - Now Oracle Identity Federation (OIF)
• Oblix - Now Oracle Access Manager (OAM)
• Confluent - Now Oracle Web Services Manager (OWSM)
• Thor - Now Oracle Identity Manager (OIM)
• Bridgestream - Now Oracle Role Manager (ORM)
• Bharosa - Now Oracle Adaptive Access Manager (OAAM)
• PassLogix OEM - Now Oracle Enterprise SSO (OESSO)
• BEA ALES - Now Oracle Entitlements Server (OES)
• BEA WebLogic Security Services - Now OPSS

One of the pioneers in this evolution had this comment on the announcement;

"With roles, rules and policies continually evolving within the enterprise, organizations need strong user provisioning solutions to streamline security, achieve increasing levels of automation and efficiency and ensure sustainable compliances," said Amit Jasuja, vice president, Oracle Identity Management. "We are pleased to be recognized as a leader in Gartner's Magic Quadrant for User Provisioning, and remain committed to delivering the most secure, comprehensive and scalable solutions to customers."

Looking at the full Magic Quadrant for User Provisioning it is interesting to note that with Sun in the top 3 as well it is clear that this market is heading for further evolution but more importantly innovation that will directly benefit customers and technology providers leveraging an increasingly mature, standardized, IAM suite across each layer of the application stack regardless of the deployment model.

Here is the link to the
press release.

Persistent helps organizations say Bye-Bye to CA SiteMinder

Persistent Systems delivers a packaged solution for migrating from CA SiteMinder to Oracle Access Manager (OAM)

So why do we need a solution for this?

· Accelerated – Save time (i.e. $ on implementation)

· Lower Risk – Repeatable solution reduces project risk

· Proven – Well laid path by existing reference customers

· Turnkey – OOTB solution

Why do organizations want to migrate?

· CA SiteMinder has a very large & dissatisfied install base because of

o Poor investment in Dev and Support – There are substantially less engineers building/supporting SiteMinder then when it was part of Netegrity, while Oracle has increased the dev team on OAM

o Costly Support – CA support pricing model creates painfully high pricing (disproportionate with the rest of the market) in the mind of many organizations.

· Stack Limitations:

o As a stack, the Oracle IdM suite has dramatically out paced CA in completing the picture and innovating towards the future.

So who should consider this?

· SiteMinder users with Oracle products (DB, EBS, Apps, IdM…….) – i.e. those that will benefit from the Oracle IAM Suite and the broader Oracle Suite

· Customers who use both SiteMinder and OAM for different applications or business units – i.e. those hungry for actual SSO

· Customers who have SiteMinder environments through acquisitions – i.e. cost savings

· Anyone with a SiteMinder deployment

So why now? Why was this not done already?

· Legacy – SSO environments constitute several years of work/investment

· Perception – Migrations are seen as long, effort-intensive, expensive and risky

· Time – Typically ROI is too far away, but not in this case

Persistent Systems' SM2OAM solution addresses all these challenges!

Case in Point – At a large public technology provider (not ORCL), the migration time from SM to OAM was brought down from 24 months to 6 months!

OK, so how do we do this?

· Option 1 - Fully outsourced

o Turnkey Persistent solution includes ‘acceleration plus services’

o All phases delivered by Persistent

o Direct, subcontract and fixed fee options available

· Option 2 - Joint solution

o Persistent provides ‘acceleration’ for existing services team

o Phases in blue delivered by partner, rest delivered jointly by Persistent

o Fixed fee, markup and shared revenue options available

So who is Persistent Systems?

· Over a decade working on the backend doing OAM engineering

· Over 140 person years of engineering experience with Oracle IAM stack

· Ongoing implementation efforts – 20+ marquee customers

· Winner of Oracle's partner ‘Challenge’ – OID 2 billion benchmark, ‘last-mile’ solutions

· 20 years old, profitable, 5K people, hundreds of customers, Thousands of product releases

· Global presence – North America, Europe, UK and Asia

To get started contact:

Muneer Taskar

muneer_taskar@persistentsys.com

StrikeForce Technologies ProtectID® provides step-up two factor “Out-of-Band” authentication to OAAM

Using OAAM and ProtectID® together, companies can defend against the latest online threats, including account takeover schemes and man-in-the-middle attacks to restore trust in Internet transactions. The combined offering utilizes advanced authentication and fraud prevention to evaluate risk and alert organizations in real-time to potential fraud threats. In addition, the OAAM/ProtectID® solution enables companies to employ a range of security options, including “Out-of-Band” phone authentication, to meet diverse user requirements or upgrade to higher levels of protection as threats increase without reinvesting in infrastructure. Enterprise Security Officers prefer two-factor authentication all the time. Consumers are happy with simple ID/Password authentication, thereby finding a workable solution has been a challenge for companies.

The Oracle Adaptive Access Manager (OAAM) combined with StrikeForce’s ProtectID®, meets this challenge. Heightened regulatory requirements (e.g. FFIEC and The Red Flags) recommend adopting strong two-factor authentication for the higher risk transactions. Gartner recommends “Out-of-Band” authentication as a necessary layer to prevent Identity Theft. The regulations explicitly discuss the use of One Time Passwords (OTP) delivered via phones or similar devices in addition to utilizing “Out-of-Band” strong authentication. The ProtectID® strong authentication platform provides these services (which is the reason the partnership with StrikeForce was developed). Many of these enterprises also want two-factor authentication for their employees (which OAAM and ProtectID® also solves in combination and separately).

The ProtectID® platform is an implementation or “Cloud Service” of the OOB Authentication methodology providing strong authentication via a number of different authentication technologies. Currently the platform supports the following strong authentication methodologies:

“Out-of-Band” methodologies:

• Entering a fixed PIN in a phone
• Entering One Time Password (OTP) in a phone
• Sending an OTP to a phone via SMS
• Sending an OTP to a phone via text to speech
• Sending an OTP via email
  

Token methodologies:

• Hard Token OTP (key fob that displays OTP when a button is pressed)
• Soft Token OTP (OATH compliant software) that can reside on a PC or a Black Berry or PDA or J2ME compliant cell phone.
  
  

Value of ProtectID® to OAAM

A ProtectID® and OAAM combined solution delivers an advanced security proposition to combat the growing threat of consumer identity theft and fraud on the Internet. The combination of OAAM’s real-time fraud prevention and ProtectID’s real-time two-factor “Out-of-Band” authentication platform, provides financial institutions, online retailers, health care companies and other businesses with a robust arsenal of security tools for protecting consumers from fraud, for accurate identification of employee access, and all while complying with industry security guidance’s and regulations.

Therefore, with the combination of OAAM and ProtectID®, the client benefits from a Return On Investment (ROI) and compliancy with regulatory requirements (FFIEC, Red Flags and others), with minimal inconvenience to the most important person, the end user. The majority of transactions authenticated should pass the OAAM fraud prevention process. For those transactions that are detected and flagged as potentially fraudulent, OAAM would then automatically invoke ProtectID® to perform a two-factor strong authentication for the consumer, which minimizes the expensive help desk process and thereby provides greater satisfaction and cost savings. This total fraud prevention solution is a win/win for the company and its clients. ProtectID® could also be used for password resets, high dollar value online transactions, remote log on, etc.

Interfacing ProtectID® with OAAM

ProtectID® appears as a web service to a web site that implements both OAAM and ProtectID® and allows for step-up or other requests for strong 2-factor “Out-of-Band” authentication based on the risk level determined by the Company and or OAAM.

OAAM only employs step-up authentication when it’s truly needed so end users are not being inconvenienced.

Following is a link to allow you to test “Big Bank” showing an example of how ProtectID® can be integrated with OAAM for the best all around total solution (fraud mitigation with 2-factor “Out-of-Band authentication) with options and flexibility. Just sign on with a user name and it will ask you to register and allow you to test the Best complete compliant authentication solution available and all from Oracle:

http://d.oobauth.com:8888/sample/

For more information please contact:

Mark L. Kay, CEO
StrikeForce Technologies, Inc.
marklkay@strikeforcetech.com
www.strikeforcetech.com
(o) 732-661-9641

No More Tokens!!!

Juniper says "Good Bye Tokens" with Oracle Adaptive Access Manager (OAAM)

As the #1 SSL VPN provider with 92% of Fortune 100 and 8 of top 10 commercial banks plus 47 of 50 US State Governments, odds are you have used a Juniper SSL VPN to connect to your employer, partner, or service provider … and odds are you had to use a hardware security token.

While tokens like RSA BSAFE provide an accepted alternative to passwords, they are clunky, costly, and not secure from many potential attacks like man-in-the-middle or man-in-the-browser.

Looking to help customers overcome these challenges, Juniper partnered with Oracle to integrate the Oracle Adaptive Access Manager (OAAM) which not only provides a software alternative to tokens, greatly improving the user experience and dramatically lowering TCO, it also saves hard dollars and protects the organization’s reputation with real-time fraud detection.

More specifically OAAM provides:

• Strong, multi-factor authentication for secure access control
• Seamless interoperability with hetergenous App Servers (IBM, BEA, SAP, etc.)
• Enforces access at the protected resources thru web plug-ins
• Delegates authentication and authorization decisions to a central authority
  

Which compliments the existing features and security of Juniper SA SSL VPN such as:

• Provides secure, encrypted communication channel for all remote users from anywhere and from any device
• Enforces Oracle’s policy based authentication and authorization policies at perimeter
• Provide 3 different levels of connectivity, going beyond just web support, including Layer 3 VPN connectivity for fat clients, VoIP, streaming, FTP, and more
• Performs comprehensive “Host-Checking” to ensure end-point integrity
• Enables coordinated identity based threat response and prevention with other products
  

The benefits include:

• Lower cost and complexity of authenticating users
• Eliminates non-user friendly, expensive gadgets, tokens or proprietary software downloads
• Host checker + real-time fraud prevention provides greatest overall access security
• Low-cost, flexible way for enteprises to extend strong authentication to partners, suppliers, contractors, and non-employees accessing critical applications
• Native integration eliminates need for OAAM’s UIO option
  
  

How does this really save me money? - Good question! Here is how it works:

Lower Hardware Costs

• Mitigates need to provide SSL on each Web / App Server; fewer servers
• Single appliance scales to thousands of simultaneous users
• Carrier-class reliability and HA features

Lower Management Costs

• Seamlessly leverage and instantly extend I&AM policies to remote users
• Eliminate need to duplicate policies across servers and networks
• Plug ‘n play integration – deployment guides and Oracle reference architectures
• Leverage combined audit and log data for compliance

Lower Business Risk

• Moves OAM policy enforcement point out to network perimeter, increasing security
• Coordinated identity-based threat response to attacks
• Comprehensive identity based access logs

To download the data sheet:
http://www.juniper.net/us/en/local/pdf/solutionbriefs/3510251-en.pdf

For more information on the Juniper Oracle Partnership:
http://www.juniper.net/solutions/information_technology_topics/accelerating_oracle_business/index.html

To learn more about OAAM:
http://www.oracle.com/technology/products/id_mgmt/oaam/index.html

Don’t believe me, ask Juniper:
David Colodny
dcolodny@juniper.net