This document discusses securing financial services applications. It notes that 48% of fraud is caused by insiders and 86% of hacking involves compromised credentials. The challenges include fragmented authorization, brittle access controls, and hardcoded security. It proposes an entitlements management approach using an identity platform to define entitlement catalogs, enforce dynamic authorization policies, audit access and risks, and secure application data through techniques like encryption and masking. Using a platform can reduce costs compared to point solutions and help simplify application security.
Axa Assurance Maroc - Insurer Innovation Award 2024
A better waytosecureapps-finalv1
1. <Insert Picture Here>
Better Way to Secure Financial Services Applications
Amit Jasuja
Group Vice President, Identity Management, Oracle
2. This document is for informational purposes. It is not a commitment
to deliver any material, code, or functionality, and should not be relied
upon in making purchasing decisions. The development, release,
and timing of any features or functionality described in this document
remains at the sole discretion of Oracle. This document in any form,
software or printed matter, contains proprietary information that is the
exclusive property of Oracle. This document and information
contained herein may not be disclosed, copied, reproduced or
distributed to anyone outside Oracle without prior written consent of
Oracle. This document is not part of your license agreement nor can
it be incorporated into any contractual agreement with Oracle or its
subsidiaries or affiliates.
3. Agenda
• The Oracle Lens
• Application Security Value Chain
• A Platform Approach
4. Financial Service Applications Risks
48% 86%
Fraud Caused By Of hacking involves
Insiders compromised
credentials
Unauthorized Trading No Policy Visibility Hardcoded Security
Internal Fraud Complex Certification No Role Structure
Limited Forensics Costly Compliance Brittle Access Control
2010 Data Breach Investigations Report
5. Entitlements And Policies
The Rights to Application Data & Transactions
IT VIEW: CAN A TRADER
Entitlement
SUBMIT A TRADE OF A
CERTAIN SIZE AT A SPECIFC
TIME OF DAY
BUSINESS VIEW: WHAT IS
THE AUDIT OBJECTIVE AND
Transaction Data Forms THE ASSOCIATED RISK
Authorization Policy
6. Application Security is Fragmented
Multiple Brittle Hardcoded
Entitlement Catalogs Access Control Authorization
Inflexible authorization increases complexity, reduces agility
7. The Challenge is Scale
Focused on Reducing Risk
• A Few App Administrators
Driven to Reduce Cost
Rolling or Monthly Attestation • Handful of Audit Staff
8. What is Entitlements Management?
Application Security Value Chain
Define Access Enforce
Audit Monitor
Audit Secure
Catalog Request Monitor
Certify Certify
Enforce Data
Entitlements Search Context Risk Encrypt
Policies Provision External Az Remediation Mask
9. Define & Catalog
Enterprise Roles
• Common Data Model
• Catalog Entitlements
Entitlements,
Roles & Policies • Enrich Meta-data
• Define Roles &SoD
10. Enforce and Monitor
Context and Dynamic Authorization
Audit & Risk Custom COTS Application Owners
Apps Apps
Developers
Application Security
Platform
Location Time
Device
11. Audit & Certify
Entitlement • Active Conflict Analysis
Report SOD
Checking
• Simulation
Entitlement
• Risk Aggregation
Auto- Review
Remediate Aggregate
Risk Score
• 360 Degree Visibility
• Closed Loop
Reduce Remediation Time to
Minutes Instead of Days or Weeks
12. Secure Application Data
At The Application In The Database
Authorize Mask
Externalize Encrypt
Centralize Audit
13. Comprehensive Database Security
Control Encrypt Data Audit User Monitor SQL
Privileged Activity
Users Mask Test Block Attacks
Data Compliance
Cloud Enforce SoD Reports
Non-Oracle
Databases
Database Firewall
Auditing
Oracle
Databases Encryption & Masking
Authorization
Authentication
Defense in Depth
14. The Identity Platform
Complete, Innovative and Integrated
Identity
Governance
•User Lifecycle •Risk Analytics
• Access Provisioning • Access Certification
• Delegated Admin • Role Management
Access
Access Directory
•Fraud Detection •Location Data
• Single-Sign On • Centralized Auth
• Mobile, Social Intg • Device & User Data
15. Platform Reduces Cost vs. Point Solutions
Oracle IAM Suite
Benefits
Advantage
• Emergency Access • 11% faster
48%
Increased End-
Cost Savings User Productivity
• End-user Self Service • 30% faster
Reduced Risk • Suspend/revoke/de-provision
• 46% faster
46%
end user access
More
Responsive Enhanced Agility • Integrate a new app faster
with the IAM infrastructure • 64% faster
• Integrate a new end user role • 73% faster
35% Fewer Audit
Deficiencies Enhanced Security
and Compliance
faster into the solution
• Reduces unauthorized access • 14% fewer
• Reduces audit deficiencies • 35% fewer
Reduced Total Cost • Reduces total cost of IAM
• 48% lower
initiatives
Source: Aberdeen “Analyzing point solutions vs. platform” 2011
16. Take a Security Inside Out Approach
• Reduce the risk
• Reduce the cost of application security
• Secure access to the “crown jewels”
• Simplify administration
17. We Can Help Develop a Strategy
Speak with Setup Free
References Workshop
Schedule a Develop an ROI
Demonstration Analysis
Notas del editor
Database security has to evolve as well to become a layered solution with a defense in depth which means multiple overlapping controls Prevent access by non-database users for data at rest, in motion, and storageIncrease database user identity assuranceStrict access control to application data even from privileged usersEnforce multi-factor authorizationAudit database activity, and create reportsMonitor database traffic and prevent threats from reaching the databaseEnsure database production environment is secure and prevent driftMask sensitive data in non-production environments
Mobile device security begins with an Identity Platform.It’s a build slide and for each block we describe what the Block does for Mobile security – perhaps for each block tell a story of a customer applying the technology to a mobile strategyFor Access--- Describe capabilities of OIC and Adaptive accessFor Directory -- Talk high scale auth -- Location services Governance -- Risk analytics & compliance-- Self service and support cost
Link to aberdeen paper.. But most already know the story herehttp://www.oracle.com/go/?&Src=7319991&Act=11&pcode=WWMK11053701MPP015
I want to repeat our offer to assist. The best approach is to get guidance from people who have gone through the process Speak with our customers We invite you to speak with one of our customers who has created a business case and taken a platform approach. Contact a sales rep or reach out to someone here at the event and we can discuss how to help setup a follow on conversation for you.Setup a Free WorkshopOur Sales consultants have created a repeatable workshop to help customers assess their current environment and determine how to get started. Schedule a DemonstrationThe best way to get a feel for how a platform approach works is to setup a demonstration to see all of the components running together. Develop an ROI analysis Over the course of may deployments we have collected data to examine the return on investment customers have received. We have compiled this information into an ROI tool that can be leveraged to provide a baseline . Work with our reps to help develop an ROI analysis for your environment.
