Más contenido relacionado
Similar a Fusion apps security_con8714_pdf_8714_0001 (20)
Fusion apps security_con8714_pdf_8714_0001
- 2. Fusion Applications Secure
Out of the Box
Nigel King, VP Fusion Applications
Functional Architecture
2 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 3. Safe Harbor Statement
"Safe Harbor" Statement: Statements in this press release relating to Oracle's or its Board of Directors’ future plans, intentions
and prospects are "forward-looking statements" and are subject to material risks and uncertainties. Many factors could affect
our current expectations and our actual results, and could cause actual results to differ materially. We presently consider the
following to be among the important factors that could cause actual results to differ materially from expectations: (1)
Economic, political and market conditions, including the recent global economic and financial crisis, could adversely affect our
business, operating results or financial condition, including our revenue growth and profitability, through reductions in
customer IT budgets and expenditures and through the general tightening of access to credit. (2) We may fail to achieve our
financial forecasts due to such factors as delays or size reductions in transactions, fewer large transactions in a particular
quarter, unanticipated fluctuations in currency exchange rates, delays in delivery of new products or releases or a decline in
our renewal rates for software license updates and product support. (3) We cannot assure market acceptance of new products
or services or new versions of existing or acquired products or services. (4) We have an active acquisition program and our
acquisitions may not be successful, may involve unanticipated costs or other integration issues or may disrupt our existing
operations. (5) Our international sales and operations subject us to additional risks that can adversely affect our operating
results, including risks relating to foreign currency gains and losses and risks relating to compliance with international and
U.S. laws that apply to our international operations. (6) Intense competitive forces demand rapid technological advances and
frequent new product introductions and could require us to reduce prices or cause us to lose customers. A detailed discussion
of these factors and other risks that affect our business is contained in our SEC filings, including our most recent reports on
Form 10-K and Form 10-Q, particularly under the heading "Risk Factors." Copies of these filings are available online from the
SEC or by contacting Oracle Corporation's Investor Relations Department at (650) 506-4073 or by clicking on SEC Filings on
Oracle’s Investor Relations website at http://www.oracle.com/investor. All information set forth in this release is current as of
October 7, 2009. Oracle undertakes no duty to update any statement in light of new information or future events.
3 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 4. Program Agenda
• About Fusion Applications Security
• Secure Out of the Box
• Demonstration: Chief Security Officer
• Q&A
4 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 5. Fusion Applications Security
Role-Based Access + Comprehensive & Integrated Process
Who Does What?
Role-Based Access
Reference Implementation
Oracle Identity Management
5 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 6. Fusion Applications
Powered by Fusion Middleware
• Complete
• Open
• Integrated
• Best-in-class
6 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 7. Fusion Security Delivers
Reduced Reduced Increased
Risk Administrative Costs Productivity
o Secure “Out of the Box” o Self service provisioning o Easier to make new
and automated on-boarding employees productive
o Secure across tools and
transformations o Transparent security o Regulatory compliance is
policies easier and cheaper
o Secure across the
information lifecycle o Standards based and o Easier for management to
integrated security model review and approve access
o Integrated SOD Testing
7 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
o Single sign on across apps
- 8. Fusion Applications Security
The model is not so different…
• Yes, we externalized security to Fusion Middleware, LDAP and OPSS
• But we paid a lot of attention to the consistency in Fusion
E-Business Suite PeopleSoft
Job Role Top Level Menu Top Level Menu
Data Role Responsibility Employee ID + Role
Duty Role Sub Menu Role(s)
Privilege Form Function Permission Lists
Permission Executable Executable
8 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 9. Program Agenda
• About Fusion Applications Security
• Secure Out of the Box
• Demonstration : Making a New Hire Productive
• Q&A
9 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 10. Secure Out of the Box
1. Role Based Access
2. Integration with Governance Risk and Compliance
3. Transparent Security Policies
4. Pervasive Privacy Protections
5. Secure Across the Information Lifecycle
6. Automated Workflows for Account and Role Provisioning
7. Enforcement Across Tools and Transformations
8. Comprehensive Reference Implementation
9. Complete Audit of Security Changes
10. Co-existing with your current Security Infrastructure
10 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 11. Role Based Access Vision
Enterprises
You have
Operations in
Vision Germany Vision US
Germany & the US
You need to hire a “Procurement Manager”
for your German Operations…
11 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 12. Job Posting FA Job Def Screen
Job Title Job Role All Duties assigned under Job Role
1
3
2
4 4
1
Line in Job Description Duty 2
3
4
4
12 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 13. Fusion Automatically Creates Business Unit
specific Roles
Data Role = Job + Data Access
Job Role
Procurement Manager Procurement Manager – Germany
Procurement Manager – US
13 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 14. Meet Doris
She applies for the
job…
14 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 15. Doris is hired…
For doing what all employees do
•Expense Reports
• Purchase Requisitioner
For doing the job she was hired for..
Procurement Procurement
Data Roles Manager - Manager -
US Germany
Abstract Employee
Job Procurement Role
Roles Manager
Duty Enter
Duty Buyer Mgt PO Changes Roles
Enter Expenses
Requisitions
Roles Duty Duty
15 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 16. What can Doris do and view ?
Duties
Roles Provide
Provide
Access to data
Access to
behind the
Screens,
screens
Reports,
Dashboards Via Data
Via Security
Privileges
16 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 17. Doris Starts Using Fusion Apps
She starts work…
Sees only the Tasks she is entitled to.
Sees only data for Vision Germany.
17 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 18. Menu Items
18 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 19. Tasks
19 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 20. Buttons, Regions and Actions
Controls access to work areas, dashboards, task flows, reports, services
20 Copyright © 2011, Oracle and/or its affiliates. All rights 20
reserved.
- 21. Secure OOTB: Integration with GRC
Segregation of Duties
(SOD)
respected during role
provisioning
you choose enforcement
21 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 23. Secure OOTB: Pervasive Privacy Protections
• Fusion Applications always protect personally identifiable
information (PII)
• PII = any piece of information which can potentially be used
to uniquely identify, contact, or locate a single person.
– Social Security Number (SSN)
– Driver’s license number
– State or National Identifier (Identification Card number)
– Passport Number
– Account number, credit card number (CCN) or debit card number
– Home or Physical address (e.g street address)
– Email address
– Telephone number
23 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 24. Secure OOTB: Secure Across Info Lifecycle
• Sensitive data in file system and backups (data-at-
rest) protected using Transparent Data Encryption
• Sensitive data in cloned, non-production
databases protected using Oracle Data Masking
• Sensitive data protected from database
administrators and other privileged users using
Oracle Database Vault
24 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 25. Secure OOTB: Account & Role Provisioning
Oracle Identity Manager
GRANT
REVOKE
Governance Risk
GRANT
REVOKE
GRANT
REVOKE Compliance
Employee Provisioning Fusion GRC
Fusion Approval Workflows Controls Applications
Joins / Leaves
HR System
• Lower Risks
• Lower Costs
• Greater Productivity
25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.
- 26. Secure OOTB: Enforcement Across Tools
Common Security Services
• Defined Once. Used Everywhere.
• Same policies used across technologies
– ADF
– Enterprise Search
– Business Intelligence
– Reporting
– Mobile
– Web Services
26 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 27. Secure OOTB: Reference Implementation
OOTB
roles you will recognize
as jobs
hierarchy of duties
data security policies APM
SOD Policies to extend
Provisioning Events Authorization Policy Manager
new jobs
new duties
27 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 28. Secure OOTB: Audit of Security Changes
Manage Audit Policies
• Who made what
changes, when
Oracle Platform Security Services
28 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 29. Secure OOTB: Co-existing with your current
Security Infrastructure
Allows a user to log in once & access all Existing
applications…
Identity
authentication
Management
Infrastructure
Identity Provider
Service access
Custom
Applications
OID
Federation
Enabled
Service Providers
Applications
Unlimited
29 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 30. Secure Out of the Box
1. Role Based Access
2. Integration with Governance Risk and Compliance
3. Transparent Security Policies
4. Pervasive Privacy Protections
5. Secure Across the Information Lifecycle
6. Automated Workflows for Account and Role Provisioning
7. Enforcement Across Tools and Transformations
8. Comprehensive Reference Implementation
9. Complete Audit of Security Changes
10. Co-existing with your current Security Infrastructure
30 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 31. Program Agenda
• About Fusion Applications Security
• Secure Out of the Box
• Demonstration: Making a New Hire Productive
• Q&A
31 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 32. Demonstration
32 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 33. Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
33 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 34. 34 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 35. 35 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 36. 36 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 37. 37 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 38. 38 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 39. 39 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 40. 40 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 41. 41 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 42. 42 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 43. 43 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 44. 44 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 45. Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
45 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 46. 46 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 47. 47 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 48. 48 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 49. 49 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 50. 50 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 51. 51 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 52. 52 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 53. 53 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 54. 54 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 55. 55 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 56. 56 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 57. 57 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 58. 58 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 59. 59 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 60. 60 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 61. 61 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 62. 62 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 63. 63 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 64. 64 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 65. 65 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 66. 66 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 67. 67 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 68. 68 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 69. 69 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 70. 70 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 71. 71 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 72. Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
72 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 73. 73 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 74. 74 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 75. 75 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 76. Security Flow
• Set up security profile
• Create data role
• Create role provisioning rule
• Create Employee
76 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 77. 77 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 78. 78 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 79. 79 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 80. 80 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 81. 81 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 82. 82 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 83. 83 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 84. 84 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 85. 85 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 86. 86 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 87. 87 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 88. 88 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 89. Fusion Security Delivers
Reduced Reduced Increased
Risk Administrative Costs Productivity
89 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 90. Q&A
90 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 91. 91 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 92. 92 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.
- 93. 93 Copyright © 2011, Oracle and/or its affiliates. All rights
reserved.