security readiness assessment

Copyright © 2015 Oracle and/or its affiliates. All rights reserved.

Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

SaaS PaaS IaaS

Cloud Era Requires Identity-Centric Security

Mobile

Social Internet of Things

Cloud

Big Data

IDENTITY

2 Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Public

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |

Unified Threat Intelligence

Oracle Public 3

SIEM UEBA CASB

Security Firewall, IDS, IPS, WebProxy, VPN, AV, DLP, DAM, WAF, VA Scanners

Networking Router, Switch, DHCP, DNS, Load Balancer

Host Windows, Linux, Unix

Infrastructure EMM, Middleware, Database, Web Server, Hypervisor

Cloud SaaS, PaaS, IaaS

Applications 3rd Party Apps, Oracle Apps, Custom Workloads

IDM

Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 4

Production Data

Archive Data

Dev & Test Data

Database Security: Attack Vectors

SQL Attack

Data at Rest Attack

Insider Threat

App User Snooping

APT or Malware

Attack

Dev Team Snooping

DBA Permission Abuse

Accidental Exposure

Lost or Stolen Device

Lost Disk or Tapes

Numerous attack vectors call for a layered, Defense-in-Depth

security strategy

Exposed Keys

Oracle Confidential. Authorized [customer]


Security Readiness Assessment

Executive level, strategic engagement focused on aligning an organization’s enterprise security architecture with business objectives

A successful engagement will:

• Document an organization’s current security and compliance posture

• Identify existing key risks and challenges

• Outline a desired future state architecture

• Recommend actionable steps on a strategic roadmap for achieving the future state

• Show how the recommended initiatives can deliver business value


Security Readiness Assessment – Focus Areas User Lifecycle Management

Authentication and Authorization

Identity Repositories

Cloud Services

Database Security

Operational Manageability

• Identity Lifecycle Management

•Role & Relationship Management

•Access Request, Approval and Fulfillment

• Password Management

•Auditing and Reporting

•Attestation/Certification

• Privileged Account Management

•Authentication & SSO

•Risk-based Authentication and Authorization

• Fraud Detection

• Fine Grained Authorization

• Federation

• Social Sign-On

• Cloud and API Security

•Directories and databases containing Identity data

•Directory Virtualization

•Directory Synchronization

•Application Authentication

•Database Authentication

•Operating System Authentication

• Public cloud services employed and planned (SaaS, PaaS,IaaS)

•Deployment options (Public, Private, Hybrid)

• IAM for Cloud services (provisioning, audit, authentication, authorization, federation)

• Encryption

•Data Redaction

•Data Masking

•Access Discovery and Control

•Multi-Factor Authentication

•Data Classification

• SQL Injection Protection

•Audit and Compliance

• Centralized Authentication and Authorization

(Optional area)

• Security Governance

• Configuration Controls

• Patch Management

•Diagnostics

• SLA Management

• Performance Tuning


Security Readiness Assessment Engagement Plan

Executive

Invitation

Planning &

Preparation

Onsite

Discovery

Deliverable

Preparation

Executive

Presentation

1 2 3 4 5


SRA Customer Benefits Objective: Elevate Security Posture

• Focus on most important risks and challenges

• Support proactive planning for the future

• Prioritize needed improvements to reach a desired future state

• Facilitate cooperation on security initiatives


What Investment is Required?

• Strong executive support

• Strong tactical leadership

• Time, attention and candid participation

security readiness assessment

Documents