Amit JasujaVice President,

Identity Management, Oracle

This document is for informational purposes.  It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.  The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.  This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle.  This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle.   This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

What Keeps You Up at Night ?

OpportunitiesCompliance

Threats

Opportunities

Threats•More Attacks

•Insider Fraud

•Data Privacy

What Keeps You Up at Night ?

OpportunitiesCompliance

Threats

Opportunities

Threats•More Attacks

•Insider Fraud

•Data Privacy

Compliance•Tougher Regulations

•Intrusive Audits

•Costly Reporting

What Keeps You Up at Night ?

OpportunitiesCompliance

Threats

Opportunities

Threats•More Attacks

•Insider Fraud

•Data Privacy

Compliance•Tougher Regulations

•Intrusive Audits

•Costly Reporting

Opportunities•Cloud Computing

•Mobile Access

•Globalization

Reduce Threats and Improve Compliance to Unlock New Opportunities

2010 Data Breach Investigations Report

Threats are Against Applications and Data

Database Security

IdentityManagement

• How do I control insiders?

• Can I report on anomalous behavior?

• Is my data protected against SQL injection attacks?

• Can I prevent intrusions?

Other Security

VulnerabilityManagement

NetworkSecurity

EmailSecurity

EndpointSecurity

48% Caused by Insiders

92% Stolen Records From Database Servers

89% Records Stolen Using SQL Injection

86% Hacking Involve Stolen Credentials

40% Of IT Budgets spent on compliance mandates

Source: The Value of Corporate Secrets by Forrester Consulting (March 2010)

• Is access certification timely?

• Is audit data collected and retrievable?

• Are my security processes sustainable?

• Can I remediate audit issues quickly & effectively?

The Pressures

• SOX, PCI, Sec

• Industry Regulations

• Reputational and brand risk

• Cost effective sustainable controls

• Internal Governance

Reduce Audit Exposure

• Can I deploy new customer facing applications ?

• Can I extend my identity infrastructure to the cloud?

• Can employees access email & apps on mobile devices ?

• Can I consolidate my apps and run my database in the cloud?

The Opportunities

•Bring your own device to work culture

•Reduce data center cost

•Mobile employee access

•New customer acquisition

•Globalization and outsourcing

87% Security main barrier to Cloud AdoptionSource: IDC Enterprise Panel, 3Q09

46% Increase in Mobile attacks in 2010 vs. 2009McAfee Threats Report: Fourth Quarter 2010

Security Unlocks New Opportunities

Enterprise

Extranet

Cloud/Mobile

Tools Point Solutions Platform Intelligence

Identity

Authentication

Administration

Audit

Risk Management

Certify Access for Millions of

Users & Entitlements

User Lifecycle In Hybrid/Cloud Environments

Access Via Mobile & Social

Channels

Authoritative ID with Massive

Scale

Monitor Behavior &

Detect Improper

Access

Identity Management Evolves

Monitor SQL

Block Attacks

Audit User Activity

Compliance Reports

Encrypt Data

Mask Test Data

Control Privileged

Users

Enforce SoD

Oracle Databases

Non-Oracle Databases

Cloud

Defense in Depth

Authentication

Authorization

Encryption & Masking

Auditing

Database Firewall

Database Security Evolves

A Patchwork of SolutionsFragmentation Reduces Effectiveness

• Audit exposure• Poor reporting,

• Limited root cause tracking

• Vulnerable to breaches• Multiple points of failure

• Missed business opportunities• Inability to develop and deploy

applications to users

Oracle Applications

Taking a Platform ApproachIntegrated Application and Information Security

48% Savings with an integrated platform vs. point solutions

Source: Aberdeen “Analyzing point solutions vs. platform” 2011

Reduce audit exposure

Detect and prevent threats

Grow the business

Oracle Databases Non-Oracle Databases

Non-Oracle Applications

Identity Management Database Security

Integrated Security Platform

Oracle Identity Management StackComplete, Innovative and Integrated

Identity Governance

• Password Management• Self-Service Request & Approval• Roles based User Provisioning• Analytics, Policy Monitoring• Risk-based Access Certification

Access Management

• Single Sign-On & Federation• Web Services Security• Authentication & Fraud

Prevention• Authorization & Entitlements• Access from Mobile Devices

Directory Services

• LDAP Storage• Virtualized Identity Access• LDAP Synchronization

Platform Security ServicesIdentity Services for Developers

Auditing, Monitoring and Protection

• Monitor database network activity• Accurately detect and block SQL

injection and other threats• Consolidate audit data,

alert, report• Secure configuration

management

Access ControlManagement

• Privileged database user controls• Fine-grained authorization

enforce who, where, when, and how

• Securely consolidate databases• Data classification access control

Transparent Encryption and Masking

• Transparently encrypt application data

• Protect from unauthorized OS level or network access

• Built-in key lifecycle management • Mask sensitive data for

non-production

Oracle Database SecurityComplete Defense in Depth and Transparent to Applications

Oracle Database Security

Oracle Security Solutions

• Complete, Open and Integrated

• Innovative, Scalable and Modernized

• Simplified and Actionable Compliance