Oracle Updates Identity Management Capabilities


Oracle has added a new password security feature to its identity management component of Oracle Fusion middleware. As the centerpiece of version 11g Release 2, "Oracle Privileged Account Manager" provides simplified password management specifically for shared passwords, as is the case for many admin accounts in data centers. Given that some enterprise data centers can have literally hundreds of shared accounts, the net objective of this rollout is to further comply with regulatory requirements, secure critical applications and sensitive data, and lower operational costs.

"Most companies have group accounts and databases with DBA accounts, and a number of other highly privileged accounts that are not directly associated with specific individuals," said Amit Jasuja, vice president of development for Oracle’s Identity Management and Security Products. "These accounts could be within HR, finance, administration, etc. but the common denominator is elevated access and passwords that are typically known by four or five, possibly even 10 people. This can make it nearly impossible for the auditors to be able to know who did what. So this product provides a solution to that problem."

The feature is based on automated password management capabilities that not only help to secure against unauthorized access, but also identifies authorized users accessing the data and records the actions of those individuals.

[Related: Seven Incidents That Remind Us About Password Integrity]

"Basically, all the passwords to the shared accounts are stored in a vault," explained Jasuja. So, in effect, nobody really knows the actual password. When someone needs to access the information, they go through a self-service interface where they request access. When access is granted, they can check out the password, which is then changed after the user logs out or after access expires. Based on the password that is used and the time the data was accessed, the system can identify the user."

NEXT: Increased Support For Mobility

On the mobility side of the equation, Oracle has also added a component that basically extends your web single sign-on to mobile platforms, using the REST lightweight protocol. The Redwood Shores, Calif.-based company is also delivering software development kits that will help customers to capture information about the device or collect other data that can be sent to the server to assist the administrator in setting up security policies. Single sign-on capabilities are also being extended to support multiple mobile apps, in the event the customers have more than one mobile application that needs to be accessed.

"This essentially means that you login once and all the apps involved pick up the same security credential," said Jasuja. "If the individual is using a device that the system is seeing for the first time or from an unfamiliar area, you can issue a separate challenge to further authenticate."

Jasuja added that channel partners can leverage this technology to create self-service interfaces for data access, and embed extensive customization that will not have to be repeated for each upgrade or security patch.

"This has been a long time in the making," said Steve Giovannetti, CTO at Hub City Media, an Edison, N.J.-based channel partner. "This moves identity management from administrative focus to more of a user focus, because the interface takes people from an IT-centric model to a more intuitive model that is more user-friendly."