fusion apps security_con8714_pdf_8714_0001

1 Copyright © 2011, Oracle and/or its affiliates. All rights

reserved.

Graphic Section Divider


reserved.

Fusion Applications Secure

Out of the Box

Nigel King, VP Fusion Applications

Functional Architecture


reserved.

Safe Harbor Statement

"Safe Harbor" Statement: Statements in this press release relating to Oracle's or its Board of Directors’ future plans, intentions

and prospects are "forward-looking statements" and are subject to material risks and uncertainties. Many factors could affect

our current expectations and our actual results, and could cause actual results to differ materially. We presently consider the

following to be among the important factors that could cause actual results to differ materially from expectations: (1)

Economic, political and market conditions, including the recent global economic and financial crisis, could adversely affect our

business, operating results or financial condition, including our revenue growth and profitability, through reductions in

customer IT budgets and expenditures and through the general tightening of access to credit. (2) We may fail to achieve our

financial forecasts due to such factors as delays or size reductions in transactions, fewer large transactions in a particular

quarter, unanticipated fluctuations in currency exchange rates, delays in delivery of new products or releases or a decline in

our renewal rates for software license updates and product support. (3) We cannot assure market acceptance of new products

or services or new versions of existing or acquired products or services. (4) We have an active acquisition program and our

acquisitions may not be successful, may involve unanticipated costs or other integration issues or may disrupt our existing

operations. (5) Our international sales and operations subject us to additional risks that can adversely affect our operating

results, including risks relating to foreign currency gains and losses and risks relating to compliance with international and

U.S. laws that apply to our international operations. (6) Intense competitive forces demand rapid technological advances and

frequent new product introductions and could require us to reduce prices or cause us to lose customers. A detailed discussion

of these factors and other risks that affect our business is contained in our SEC filings, including our most recent reports on

Form 10-K and Form 10-Q, particularly under the heading "Risk Factors." Copies of these filings are available online from the

SEC or by contacting Oracle Corporation's Investor Relations Department at (650) 506-4073 or by clicking on SEC Filings on

Oracle’s Investor Relations website at http://www.oracle.com/investor. All information set forth in this release is current as of

October 7, 2009. Oracle undertakes no duty to update any statement in light of new information or future events.


reserved.

Program Agenda

• About Fusion Applications Security

• Secure Out of the Box

• Demonstration: Chief Security Officer

• Q&A


reserved.

Fusion Applications Security

Who Does What?

Role-Based Access

Reference Implementation

Oracle Identity Management

Role-Based Access + Comprehensive & Integrated Process


reserved.

Fusion Applications

• Complete

• Open

• Integrated

• Best-in-class

Powered by Fusion Middleware


reserved.

Fusion Security Delivers

Reduced

Risk

Reduced

Administrative Costs

Increased

Productivity

o Secure “Out of the Box” o Secure across tools and

transformations

o Secure across the

information lifecycle

o Integrated SOD Testing

o Self service provisioning

and automated on-boarding

o Transparent security

policies

o Standards based and

integrated security model

o Easier to make new

employees productive

o Regulatory compliance is

easier and cheaper

o Easier for management to

review and approve access

o Single sign on across apps


reserved.

Fusion Applications Security The model is not so different…

• Yes, we externalized security to Fusion Middleware, LDAP and OPSS

• But we paid a lot of attention to the consistency in Fusion

E-Business Suite

Job Role

Data Role

Duty Role

Privilege

Permission

PeopleSoft

Top Level Menu

Employee ID + Role

Role(s)

Permission Lists

Executable

Top Level Menu

Responsibility

Sub Menu

Form Function

Executable


reserved.

Program Agenda



• Demonstration : Making a New Hire Productive

• Q&A


reserved.

Secure Out of the Box

1. Role Based Access

2. Integration with Governance Risk and Compliance

3. Transparent Security Policies

4. Pervasive Privacy Protections

5. Secure Across the Information Lifecycle

6. Automated Workflows for Account and Role Provisioning

7. Enforcement Across Tools and Transformations

8. Comprehensive Reference Implementation

9. Complete Audit of Security Changes

10. Co-existing with your current Security Infrastructure


reserved.

You need to hire a “Procurement Manager”

for your German Operations…

Vision

Enterprises

Vision Germany Vision US

You have

Operations in

Germany & the US

Role Based Access


reserved.

1

1 2

2 3

3

4 4

4 4

All Duties assigned under Job Role

Job Posting FA Job Def Screen

Job Title Job Role

Line in Job Description Duty


reserved.

Fusion Automatically Creates Business Unit

specific Roles

Job Role Data Role = Job + Data Access

Procurement Manager Procurement Manager – Germany

Procurement Manager – US


reserved.

Meet Doris

She applies for the

job…


reserved.

Doris is hired…

For doing the job she was hired for..

For doing what all employees do

•Expense Reports

• Purchase Requisitioner

Duty Roles

Job Roles

Procurement Manager

Buyer Mgt Duty

PO Changes Duty

Procurement

Manager -

Germany

Procurement

Manager -

US Data Roles

Duty Roles

Abstract Role

Employee

Enter Expenses Enter

Requisitions


reserved.

What can Doris do and view ?

Duties

Provide

Access to

Screens,

Reports,

Dashboards

Via

Privileges

Roles Provide

Access to data

behind the

screens

Via Data

Security


reserved.

Doris Starts Using Fusion Apps

She starts work…

Sees only the Tasks she is entitled to.

Sees only data for Vision Germany.


reserved.

Menu Items


reserved.

Tasks


reserved.

Buttons, Regions and Actions

20

Controls access to work areas, dashboards, task flows, reports, services


reserved.

Segregation of Duties

(SOD)

respected during role

provisioning

you choose enforcement

Secure OOTB: Integration with GRC


reserved.

Secure OOTB: Transparent Security Policies


reserved.

Secure OOTB: Pervasive Privacy Protections

• Fusion Applications always protect personally identifiable

information (PII)

• PII = any piece of information which can potentially be used

to uniquely identify, contact, or locate a single person.

– Social Security Number (SSN)

– Driver’s license number

– State or National Identifier (Identification Card number)

– Passport Number

– Account number, credit card number (CCN) or debit card number

– Home or Physical address (e.g street address)

– Email address

– Telephone number


reserved.

Secure OOTB: Secure Across Info Lifecycle

• Sensitive data in file system and backups (data-at-rest) protected using Transparent Data Encryption

• Sensitive data in cloned, non-production databases protected using Oracle Data Masking

• Sensitive data protected from database administrators and other privileged users using Oracle Database Vault

25 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Secure OOTB: Account & Role Provisioning

• Lower Risks

• Lower Costs

• Greater Productivity

Fusion HR System

Provisioning Approval Workflows

Employee Joins / Leaves

Applications

GRANT

REVOKE

GRANT

REVOKE

GRANT

REVOKE

Oracle Identity Manager

Risk

Compliance

Governance

Fusion GRC Controls


reserved.

Secure OOTB: Enforcement Across Tools

• Defined Once. Used Everywhere.

• Same policies used across technologies

– ADF

– Enterprise Search

– Business Intelligence

– Reporting

– Mobile

– Web Services

Common Security Services


reserved.

Secure OOTB: Reference Implementation

roles you will recognize

as jobs

hierarchy of duties

data security policies

SOD Policies

Provisioning Events Authorization Policy Manager

APM

to extend

new jobs

new duties

OOTB


reserved.

Secure OOTB: Audit of Security Changes

• Who made what

changes, when

Manage Audit Policies

Oracle Platform Security Services


reserved.

Secure OOTB: Co-existing with your current

Security Infrastructure

29

Identity Provider

Existing

Identity

Management

Infrastructure

Custom

Applications

Service Providers

authentication

Service access

Allows a user to log in once & access all

applications…

OID

Federation

Enabled

Applications

Unlimited


reserved.

Secure Out of the Box

1. Role Based Access

2. Integration with Governance Risk and Compliance

3. Transparent Security Policies

4. Pervasive Privacy Protections

5. Secure Across the Information Lifecycle

6. Automated Workflows for Account and Role Provisioning

7. Enforcement Across Tools and Transformations

8. Comprehensive Reference Implementation

9. Complete Audit of Security Changes

10. Co-existing with your current Security Infrastructure


reserved.

Program Agenda



• Demonstration: Making a New Hire Productive

• Q&A


reserved.

Demonstration


reserved.

Security Flow

• Set up security profile

• Create data role

• Create role provisioning rule

• Create Employee


reserved.


reserved.

Security Flow




• Create Employee


reserved.


reserved.

Security Flow




• Create Employee


reserved.


reserved.

Security Flow




• Create Employee


reserved.


reserved.

Fusion Security Delivers

Reduced

Risk

Reduced

Administrative Costs

Increased

Productivity


reserved.

Q&A


reserved.

fusion apps security_con8714_pdf_8714_0001

Documents

oracle andor

fusion security

fusion applicationspowered

fusion applications

class6 copyright

transparent security

light of new information

actual results