Happy New Year to all our readers around the world from the team here in Australia.
First of all, I would like to take this opportunity to update you on our contributors here at Oracle. We would like to thank Barry Matthews and Steve Williamson for their contributions during 2008. Barry and Steve have moved to different roles within the organisation. We do welcome 3 new regular contributors to the Blog though, may I introduce to you...
Sean Boiling - who joins us from the Oracle Sales Consulting team. Sean has been contributing to the Blog for some time now and now becomes a regular contributor. Sean's interests lie in Fusion Middleware covering SOA, Enterprise 2.0, BPM, and the BEA-products we acquired during 2008.
Richard Ward - who joined Oracle Asia-Pacific in November 2008. Prior to this, Richard spent time with Oracle South-Africa - his homeland - and with one of our partners here in Sydney. Richard will focus on SOA with Saul Cunningham.
Marc Caltabiano - who is Oracle's Director of Enterprise Architecture for Australia and New Zealand, based in Melbourne.
Sean, Richard and Marc will be posting to the Red Room and join Carl, Saul and myself as regular contributors for 2009. Gareth Llewellyn, our roving-reporter in waiting, will continue to contribute on a specialist basis as he did during 2008 for the Oracle OpenWorld.
We aim to deliver more content, more regularly during 2009. We reach our 1-year anniversary in February and look forward to celebrating (virtually) with you all at that time. We have some special features coming up this year - starting with a 10-part series around SOA Governance that we know so many people are interested in (from the feedback you give us). We will continue with the Enterprise 2.0 product stack - talkling about our portal offerings and giving some real-world examples of where we have deployed the products for our customers and discussing some of the benefits that have been gained. IDM and Enterprise Architecture will also get some significant coverage this year - driven by some of the current business-challenges faced by organisations trying to support Web2.0 initiatives for example.
Here at the blog, we think that 2009 is going to be an incredibly interesting year around the world considering the current economic environment and the changing drivers for businesses as a whole. There will be a lot of consolidation, merging and acquisition during 2009 and beyond as organisations are challenged to respond to changing conditions and external pressures. This activity will affect our customers, our partners and our competition - the global marketplace for our technologies, products and solutions will change - our challenge is to prepare for this and be in the best position possible when it happens.
The greatest possible challenge for organisations is going to be adapting a business model to the Web2.0 way of doing business. During 2008, it was reported on several occasions that successful businesses were addressing end-user requirements through a collaborative approach. Rather than trying to second-guess what might be popular - these organisations actually listed to what their customers ask for and address these needs. This is based upon the simple principal that if you are selling something that somebody wants at the right price - they will probably buy it!
A Web2.0 approach introduces challenges for an organisation. There is structured and unstructured information to be managed, CRM and ERP systems to be intergrated with, Portals to be deployed and mass-security to manage. Ever-increasing storage requirements need to be met and the IT department is challenged with Green issues. Organisations want a complete solution from a single vendor, it has to be able to be integrated into any legacy system or application and must support an open standards approach to enable ease of development and supportability.
During 2009, we will concentrate on how organisations address these requirements and talk in-depth around Oracle's products and solutions in a non-sales manner. We realise that many of our readers want to learn about our offerings and this approach should provide some context for you all. Of course, if you want us to concentrate on something else - let us know and we welcome any feedback on the blog you want to give us.
We wish you a prosperous New Year
Paul, Carl, Saul, Richard, Gareth, Sean, Marc.
Showing posts with label IDM. Show all posts
Showing posts with label IDM. Show all posts
Thursday, January 1, 2009
Monday, August 18, 2008
Have you ignored PCI
Think about who has your credit card details, when you look at your household dealings they include council, electricity, gas, water, building insurance, car insurance, petrol and it goes on. I am sure all of us have at least 50 relationships with various organisations via consumer spending with credit cards. In fact it would be greater when you factor in frequent purchases like clothing. When you consider the rapid growth of internet espionage, fraud and identity theft what is being done to protect us. PCI is the best example of legislation that is designed to protect the mums and dads.
The PCI Data Security Standard is nothing new; it has been around for a few years and depending on the region it can be front of mind or ignored. In the land of compliance (USA) of course PCI has seen heavy adoption, but in Asia Pacific the adoption has been lagging.
So what is PCI, well to put it simply the card merchants AMEX, Diners, Visa, JCB and Mastercard came up with a set of recommendations or best practices for any organisation that deals with credit card data. For example encrypting card numbers or making sure your systems are patched to the current versions so they are less succeptable to hacking are examples of these recomendations. There are 12 in total, and on reviewing them you have to wonder why they wouldn’t be adopted. It just makes good sense.
That’s clearly the problem, when does “good sense” make a good business plan. Rarely if at all is my opinion. With the IT industry unable to propose anything it seems unless tied to an ROI, TCO, SLA or some other acronym, simply put compliance especially in Australia is a tough sell. Where is the pain!
Well the pain is coming, credit vendors currently do fine organisations for failing PCI audits, but the organisation may never suffer the fine. Banks can at their discretion choose to absorb the fine and not pass it onto their customer. If the organisation that has failed the audit has significant financial heft, and hence contributes a large revenue stream the bank would for the sake of the relationship simply eat the fine. But these fines are now becoming more frequent and larger. Plus the smaller Level 2 and 3 merchants are coming under closer scrutiny. So now the banks will be forced through the size and frequency of the fines to start passing more of them onto their customers. This of course is great news for consumers like you and me since we deserve a better deal when it comes to privacy and protection of our financial dealings.
With this changing dynamic of banks pasing down the fines, and the continuous IT mantra of “do more with less” IT automation is coming of age across the board. Most organisations have come to terms with automating employee on boarding or provisioning user accounts, offering self service to change your home address, mobile phone number or a password. So why not automate your compliance regime.
The following deck outlines the 12 guiding principles of PCI and shows how oracle IDM and Database Security solutions can overlay these requirements.
If you would like more information on PCI, and how to start. Give us a call.
Monday, July 28, 2008
Oracle Role Management Seminar with Deloittes
Last week we completed two successful seminars in Sydney and Melbourne on Role Management for the Enterprise. The two events had strong representation from all of Oracle's major customer segments including manufacturing, government, and especially the financial services industries or FSI. A lot of the organisation's that attended have already began or completed Identity Management projects and are now looking at how to harness that existing infrastructure better into the business. IDM projects offer great productivity gains with users gaining from technologies like self service for password resets and single sign on for simplified logins. The IT organisation benefits from IDM due to the automation that provisioning offers in account creation and the reporting that can be produced when compliance comes knocking. Role Management can integrate with any IDM system today including Oracle, SUN, IBM or Novell.
What IDM doesn't offer is the ability to reflect how an organisation actually functions. Since IDM uses LDAP as its primary data store organisations are mapped in a hierarchy map that mirrors fixed org reporting structures or geographic alignment. We all know that informal, formal and dotted line reports all make up the matrix or reporting structures that is the modern enterprise. IDM up to now couldn't cope well with these structures. Role Management overcomes these obstacles by allowing management of roles and fluid business units. Empowering the business owner to decide who should have access to a system by granting a role access as apposed to granting entitlements in a database or application. This allows business to become more agile by empowering the business unit to make access decisions to systems that are required for a project or on a permanent basis.
Role Management removes a lot of complexities also. I talked about a case study of a USA retailer that had over 10,000 entitlements or manage. Think of an entitlement as an type or access grant to any system - LDAP, Mainframe, WEB or traditional business applications like CRM and ERP. By implementing Role Management the business could now manage 15 roles which sounds a lot simpler than 10,000 entitlements.
I would like to thank Deloittes, their presentation which covered Role Base Access and how to build a business case was very well received.
If you have any further questions please contact Oracle or myself. And if you attended thank you for your time last week and hope to see you at another event in the future.
Here is the full podcasts of both sessions.
Cheers
Carl
What IDM doesn't offer is the ability to reflect how an organisation actually functions. Since IDM uses LDAP as its primary data store organisations are mapped in a hierarchy map that mirrors fixed org reporting structures or geographic alignment. We all know that informal, formal and dotted line reports all make up the matrix or reporting structures that is the modern enterprise. IDM up to now couldn't cope well with these structures. Role Management overcomes these obstacles by allowing management of roles and fluid business units. Empowering the business owner to decide who should have access to a system by granting a role access as apposed to granting entitlements in a database or application. This allows business to become more agile by empowering the business unit to make access decisions to systems that are required for a project or on a permanent basis.
Role Management removes a lot of complexities also. I talked about a case study of a USA retailer that had over 10,000 entitlements or manage. Think of an entitlement as an type or access grant to any system - LDAP, Mainframe, WEB or traditional business applications like CRM and ERP. By implementing Role Management the business could now manage 15 roles which sounds a lot simpler than 10,000 entitlements.
I would like to thank Deloittes, their presentation which covered Role Base Access and how to build a business case was very well received.
If you have any further questions please contact Oracle or myself. And if you attended thank you for your time last week and hope to see you at another event in the future.
Here is the full podcasts of both sessions.
Cheers
Carl
Monday, July 14, 2008
Customer Service
I was in Canberra last week to attend a Governance, Risk and Compliance workshop - interesting stuff I know and little to do with customer service so I will get on with it.
Without a doubt I experienced my most disappointing stay in a hotel, and I have stayed in a lot of hotels across. It was zero degrees outside so I decided to order room service at approx 6:30 and was told it would be in my room within 45mins. No problem until 1 hour later i realised stomach growling that my dinner wasn't in the room. A polite call from the kitchen then informed me that it would be 10mins. I appreciated the call however 20 mins after that call hunger pains had grown and the mini bar chips look appealing. I tried room service but couldn't get through so i called reception. The gentleman on the phone kindly informed me that the kitchen was busy and my meal would come. This wasn't reassuring in any way and I requested he contact the kitchen and follow up on my meal. He didn't want to follow up what i thought was a reasonable request so then I demanded he follow up. I was informed that I could receive a call back straightaway. Unless Canberra runs on a different time (which I probably does) I waited about an additional 20 mins. Once My Name Is Earl finished I realised it was 8:30 and I had enough so I rugged up and left my room informing the reception on the way out that I won’t be needing my meal if it was even getting prepared. On top of this my wireless internet didn't work in the morning and the reception with the same 101 of how not to treat a customer stated it often doesn't work and you need to ring the carrier. I found this unacceptable since the hotel offered to empathy and simply handed the problem back to me. So when i checked out i politely told the duty manager that the hotel needs to review its customer service and that i would refrain from staying at this hotel chain ever again. It’s poor when a hotel targeting business can't feed you and can't provide broadband to get email or check my facebook page :-).
So what’s this got to do with IT, let alone anything else? Well the next morning at a very informative workshop on Governance, Risk and Compliance - (don’t yawn) the issue of customers came up time and time again. I gained some interesting insight into what we as IT solution providers need to look at and how we are slowing adoption of these technologies due to poor execution especially around the end customer. Take for instance Identity Management or IDM. IDM has tremendous benefits for an organisation, and most security vendors can rattle of numerous reasons why an enterprise needs to lock down data, lock down access ect. But what we fail to tell you is that by doing this - i.e. locking down access, providing single sign on or reduced sign on we are reducing the risk for the enterprise no doubt but we are in fact pushing more risk for no reward to the customer of that enterprise. For instance take Internet banking, we all do it and the banks encourage us to do this. It’s relatively simple and thanks to the EFT legislation the banks assume the risk if something goes wrong. However what happens if Grandma Simpson (real name changed to protect the identity) isn't aware she has a key logger on her PC, and the bank can prove through negligence that she is at fault for the fraudulent transactions. I am not stating today this scenario would occur but it could in the future. Where you may be responsible for ensuring your connection, identity, access control and data is secure and encrypted. This would of course benefit the banks but not you since the onus would be on you to keep everything up to data and functioning. What this means is that when we are talking to an Enterprise about security, yes it’s important to mitigate risk but we need to look at if we have simply shifted the risk profile. If so what benefit does the consumer get if they are assuming the risks? The benefit could be better portability of information or maybe reduced fees.
The other interesting topic covered involved those clever Swedes. In this Nordic world most enterprises are adopting technology that mirrors banking security and banking access methods. Most of us leverage these technologies and are familiar with how to use their multifactor authentication, so why not adopt these same or similar technologies so you can have the same look and feel for access to all social, business and government sites that exists. It without doubt adds to the customer satisfaction. And again is food for thought when designing complex multifactor login systems to look at what already exists, is familiar.
If only i could get that hotel I won’t name to look at customer service.
Thank you for listening to my rant.
Carl Terrantroy
Thursday, March 6, 2008
What is Role Management
In today's regulatory compliance environment, organisations need a holistic view of their business users, job functions, and associated entitlements. Attempting this manually often results in chaos, frustration, and failed projects.
Role Management enables enterprises role lifecycle management capabilities, helping strengthen regulatory compliance, and alleviating associated costs. It can act as the authoritative source for the relationships between business users, organisations, and entitlements, thus enabling automation of role based provisioning and access control across the IT infrastructure.
Imagine when you add a new employee to the accounts payable department, instead of creating access for all your application, and then hoping you have aligned users roles with access privileges role management can make this easier with the definition of an accounts payable role being aligned not only to applications access rights, but also the security levels the user needs to complete their role.
Another benefit of Role Management is doing role mining, with role mining it can be usually completed from either a top down or bottom up. The benefit of role mining you organisation is that it will show how you may have not only duplicate roles with similar responsibilities that can result in business process issues but also perhaps security holes.
This also provides enterprise applications rich role information enabling automation of business transactions for approval and routing.
Cheers
Friday, February 22, 2008
Can your HR system be your central source of truth
If you have had any involvement managing employee's within IT, either in a File System, Database or a Human Resource Management Systems (HRMS) then no doubt the issue creating and deleting users has raised its head.I have seen organisations that have such complex and manually intensive processes to bring on new employee's and grant access that it can take 6 weeks before that employee has access to all the relevant systems to simply be productive. Now you have the scenario of a new employee, eager to make his or her mark on the world. Wanting to show they mean business, only to be hamstrung by inefficient process's that stop them simply working. Let alone being productive.
The inverse of this is much worse, what happens if you fail to remove access to employee's when they leave an organisation. Could they still get access to critical systems, receive email, check the current accounts or download the latest marketing plan. If you think this is urban myth its not, in my career working for IT vendors i have personally experienced this. Of course i wont name the vendors but both are very established and have security credentials. Vendor A failed to remove me from a system of employee's that received Qantas Club Membership and kindly continued to pay for this membership after i left the vendor. Vendor B actually started paying me again after leaving the company for nearly a year, the outcome here was that my details didn't get removed from all systems involved with payroll. An upgrade on these systems resulted in Vendor B generously adding me to the payroll again. If only all past employee's had such generosity. These accounts that are not cleaned up when an employee leaves are often referred to as orphan accounts.
I am amazed time and time again when going into organisations how this problem isn't addressed. It is either deemed not an issue, to expensive to fix or more than likely they don't event know the problem exists. From experience i find that if an organisation has X employee's and that is in the several thousand. More than likely the number of orphan accounts is in the realm of 3 times X.
So what can you do to fix this ?, several options include
- Review your manual process's
- Implement a provisioning system - often referred also as Identity Management
- Install an audit tool that will periodically review the accounts and identify the suspect accounts
One of the most elegant ways to rectify this is within HR. After all what department has a better grasp of who is employed and who isn't. HR employee's however don't have the admin skills to manage users within all the various systems. But it is possible to make HR the single source of truth. Then point your Provisioning system to the HR employee table. Once someone leaves an organisation and is deleted from the HRMS system then a automated workflow can be commenced that will trigger the provisioning system to start deleting all instances of this user.
The inverse of this can occur with employee's commencing, once they are identified within the HRMS system as commencing employment. The automated workflow can be kicked off, the provisioning system can identify what type of role the employee has and create the basic set of accounts so that person can be fully productive from day one.
Let me know your horror stories, or indeed if you have tried to set the HRMS system up as lead for provisioning and de provisioning.
Cheers - its 5pm on a Friday and "beer oh clock"
About the ANZ regional GTMi team
Hi welcome to the ANZ GTMi page,
As regional lead for the ANZ GTMi team i though it would be useful to explain what our focus is and how you can leverage the team.
Regional GTMi's support Oracles Technology and Fusion Middleware business by offering strategic direction around demand generation activities, thought leadership services to Oracle PR and being domain experts. Let me now introduce the team and our respective fields of expertise.
Barry Matthews - SAP on Oracle, RAC and Oracle Infrastructure
Carl Terrantroy - Database Security and Identity Management
Paul Ricketts - Enterprise Content Management
Saul Cunningham - Service Orientated Architecture (SOA) and Business Process Management (BPM)
Steve Williamson - Database Options
The team will strive to keep you abreast of our strategic directions within the Oracle Database world and Oracle Fusion Middleware. The best way for you to find out more is keep an eye out for upcoming events we will be running. All the events will be posted on this blog and you can come back and request more information on these events from the experts that will be running the actual event. Or if your curious about a concept we are discussing perhaps we can shed more light on it for you.
If you would like to know more about the ANZ GTMi team please email Carl Terrantroy .
I hope you find the content informative, and i look forward to your comments on this blog.
Cheers
Carl Terrantroy
Director GTMi Technologies ANZ
Subscribe to:
Posts (Atom)
