Oracle Updates Identity Management Capabilities

Printer-friendly version Email this CRN article

Oracle has added a new password security feature to its identity management component of Oracle Fusion middleware. As the centerpiece of version 11g Release 2, "Oracle Privileged Account Manager" provides simplified password management specifically for shared passwords, as is the case for many admin accounts in data centers. Given that some enterprise data centers can have literally hundreds of shared accounts, the net objective of this rollout is to further comply with regulatory requirements, secure critical applications and sensitive data, and lower operational costs.

"Most companies have group accounts and databases with DBA accounts, and a number of other highly privileged accounts that are not directly associated with specific individuals," said Amit Jasuja, vice president of development for Oracle’s Identity Management and Security Products. "These accounts could be within HR, finance, administration, etc. but the common denominator is elevated access and passwords that are typically known by four or five, possibly even 10 people. This can make it nearly impossible for the auditors to be able to know who did what. So this product provides a solution to that problem."

The feature is based on automated password management capabilities that not only help to secure against unauthorized access, but also identifies authorized users accessing the data and records the actions of those individuals.


[Related: Seven Incidents That Remind Us About Password Integrity]

"Basically, all the passwords to the shared accounts are stored in a vault," explained Jasuja. So, in effect, nobody really knows the actual password. When someone needs to access the information, they go through a self-service interface where they request access. When access is granted, they can check out the password, which is then changed after the user logs out or after access expires. Based on the password that is used and the time the data was accessed, the system can identify the user."


NEXT: Increased Support For Mobility

Printer-friendly version Email this CRN article