CON 8810 Who Should Have Access to What – Better Risk M anagement with Identity Governance

2. CON 8810 Who Should Have Access to What – Better Risk Management with Identity Governance Neil Gandhi Product Manager Oracle Identity Governance

3. Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decision. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

4. Session Goals • Understand the current market trends regarding Access Compliance and Risk Management • Realize the benefits of an Identity Governance platform and how it can help meet your everyday Compliance and Risk Management challenges • Hear from and engage with customers regarding their experiences with managing Risk by implementing an Identity Governance solution

5. Program Agenda • Market Trends • Risk Management & Compliance with Oracle Identity Governance • Panel Discussion • Q&A

6. Market Trends

7. Explosion of Scale Millions Of Entitlements 100’s of Thousands of Users 10’s Thousands of Apps Thousands of Systems • Few Administrators • Handful of Audit Staff • Too many privileged accounts

8. Getting the right access is hard

9. Market TrendsCompliance Requires Business User Participation • Increasing volume and frequency of employee access certifications • Business Users do not understand what they are attesting to • IT and Compliance teams struggle with “Who should have access to what”

10. Enterprise Certification RequirementsWho’s who & what can they do? Extract Entitlements Review Entitlements Correlate Results Remediate Access • Manual • Error Prone • Expensive Ad Hoc Complex Un-auditable Non-verifiable

11. Market TrendsScale requirements are increasing Moving from employee to massive scale for even small companies. Cell Phones 5B + Mobile Corp PCs 400M Enterprise Facebook 800M Social China 1.3B Citizen

12. Risk Management & Compliance with Oracle Identity Governance

13. Oracle Identity GovernanceGovernance Platform Connectors Provision De-Provision Grant User Access Monitor User Access Check-in/ Checkout Privileged Account Request Role Lifecycle Management Identity Certifications Reporting & Privileged Access Monitoring IT Audit Monitoring Rogue Detection & Reconciliation Access Request Access Catalog Roles Ownership, Risk & Audit Objectives Entitlements Accounts Catalog Management Glossaries

14. Oracle Identity GovernanceAccess Catalog

15. Oracle Identity ManagerProvisioning with Preventative SOD Controls

16. A Smarter Approach to Identity Compliance Reduce Cost, Time & Risk $ IdentityWarehouse Prioritizing & Automating Certification Closed-Loop Feedback & Remediation Aggregating Information & Building a Catalog Simplified User Experience & Reporting

17. Automate Identity Based Controls Automated Action is taken based on Periodic Review Report Built And Results Stored in DB Set Up Periodic Review 2 3 4 1 Reviewer Is Notified Goes to Self Service Reviewer Selections What Is Reviewed? Email Resultto User Certify Reject Automatically Terminate User via Closed Loop Remediation Who Reviews It? Decline Notify the Process Owner Archive Attested Data Attestation Actions Delegation Paths Delegate Notify Delegated Reviewer Start When? How Often? Comments

18. Oracle Identity Manager 11g R2Provisioning Context with Identity Auditor

19. Leverage data collected to streamline access certification Prioritize certifications based on user risk profiles Aggregate risk profile over the ENTIRE lifecycle High Risk Focusing on What (Who) Matters Most

20. Applications Identity Data Sources DB Mainframe Risk Based Certification Identity Warehouse Risk Factors Policy Violations Certification History Provisioning Events Roles Entitlements Resources Risk Aggregation Low Risk User High Risk User Bulk Certify Cert360 Approve Reject Focused Sign-off

21. Automate The Remediation • Focus on Large Scale • Quick Extract Transform Load • Rolling Certifications • Rolling Data Import • Large Volume Remediation Entitlement Report Reduce Remediation Time to Minutes Instead of Days or Weeks • Close Loop Remediation • Reduce Help Desk Volume • Complete Audit Trail • Increase Throughput Entitlement Review Auto-Remediate

22. Customer Panel Discussion

23. Customer Panel Patrick Landry David Mathias Robert House

24. Demo Pods

25. Sessions Not to Miss

26. Join the Oracle Community Twittertwitter.com/OracleIDM Facebookfacebook.com/OracleIDM Oracle Blogs Blogs.oracle.com/OracleIDM Oracle.com/Identity

27. Innovation Awards 18 Winners Across Eight Categories Lam Research Theater (Next to Moscone North) Session ID: CON8082 Session Title: Oracle Fusion Middleware: Meet This Year’s Most Impressive InnovatorsVenue / Room: YBCA - Lam Research TheaterDate and Time: Monday Sep 23, 4:45 - 5:45 p.m.

28. Oracle Fusion Middleware Business Innovation Platform for the Enterprise and Cloud • Complete and Integrated • Best-in-class • Open standards • On-premise and Cloud • Foundation for Oracle Fusion Applications and Oracle Cloud Web Social Mobile User Engagement Business Process Management Content Management Business Intelligence Service Integration Data Integration Identity Management Development Tools Cloud Application Foundation Enterprise Management