Hoping to keep up with users' ever-changing requirements for regulatory compliance, Oracle has delivered an improved
version of its Identity Manager that allows enterprises to carry out a more granular segregation of duties (SoD) among enterprise applications including its Oracle E-Business Suite.
The new version contains a shiny new SoD integration architecture designed to supply hot pluggable support for several SoD engines, including Oracle's Applications Access Controls Governor and SAP's Business Objects Access Controls.
Two advantages of the new release are that administrators can now automate user provisioning and centrally manage and monitor SoD-compliant user access at a fine-grain level in real time, according to Oracle executives.
Amit Jasuja, Oracle's vice president in charge of Oracle Identity Management, emphasized that SoD policy enforcement represents a critical component in user provisioning, but that it is essential that it support heterogeneous environments. If it doesn't, it can become very costly very fast, as well as prone to errors, he said.
"With some of the enhancements we have made [to the new version], I think we have simplified the process," Jasuja said. "By both integrating and automating SoD policy enforcement with disparate IT applications, we think we can help customers reduce security risks, comply with industry regulations, and do so at a lower cost."
Through the product's latest capabilities, SoD policy enforcement now becomes a more seamless part of both the provisioning and account request approval processes. This, according to Jasuja, serves to reduce security risks from manual provisioning and to implement more consistent access policies across the breadth of applications. It should also result in more cost-effective control practice, he said.
Other new capabilities include allowing administrators to more easily get at domain expertise, validation policies and workflows existing within SoD engines -- the latter intended to lower ownership costs – and to put preventative controls in play to identify potential fraudulent activities.
"I like the idea of being able to access things like workflows easier, and ways to prevent fraud, but lowering cost of ownership. That will take a bit more investigation on our part to see what the savings might be there," said Edward Henderson, an IT administrator with Johnson Trucking Co. in Thomasville, N.C.
Other applications the new version is designed to exploit include Oracle's PeopleSoft Enterprise and SAP's series of ERP applications.
Yet another new feature allows administrators to maintain an audit trail, including SoD conflicts, across applications, which helps to support regulatory compliance.
Oracle is also shipping with Identity Manager a connector for SAP that company officials say is tightly integrated with a number of enterprise processes for user and role administration. This new level of integration is intended to better ensure that a SoD conflict check is always carried out, whether the privilege was requested directly or indirectly, and can be programmed to be executed before or after all approval workflows. Also, all SoD conflicts are now recorded in the identity management audit trail and so can produce a new exception workflow for special approvals.