Les Cunliffe - Fotolia

Aptec names use cases for Oracle Identity Management patch

Aaron Perry, president of Aptec, presents use cases for Oracle Identity Management 11gR2 PS3 drawn from his client's experiences with the new patch.

As one of Oracle's beta testers, Aaron Perry has been able to work with the latest patch for Oracle Identity Management  for nine months -- well before the patch became available to all.

Perry is president of cybersecurity consulting firm Aptec LLC, based in Bethesda, Md., which has been deploying Identity Management 11g Release 2 Patchset 3 for three months. Aptec's customers are all Fortune 1,000 companies, and Perry has found interest for the 11gR2 PS3 patch in the manufacturing, utilities, financials and gas industries.

Identity Management helps Oracle customers with user identity management by organizing users IDs. The latest patch beefs up mobile security options.

Interest in Identity Management compliance options

Perry identified a couple of major types of use cases among his clients: compliance and provisioning.

With auditing and internal compliance, 11gR2 PS3 improves user identity management by allowing customers to take a specific user profile and remove that person's access across the board. As publicly traded companies, Perry's clients are subject to the Sarbanes-Oxley Act, which mandates that publicly traded companies establish internal controls for financial reporting, and need to document and test these controls. Being able to quickly shut down someone who shouldn't have access is an important part of maintaining internal controls. "It's a use case we have been struggling with for years," said Perry.

What we're recommending to all of our customers is to move to PS3.
Aaron Perrypresident of Aptec

For provisioning, the patch allows Identity Management to automatically prevent someone from getting conflicting access or entitlements. Perry gives the example of a person who is able to request a purchase from a vendor and pay for the purchase. That situation leaves an opening for fraud, but is prevented by what Perry calls "smart provisioning," or provisioning that automatically takes context into account.

He also saw certification and access requests as important use cases for the patch.

Two weeks for testing Identity Management patch

Additionally, Perry provided progress reports for two clients currently upgrading to 11gR2 PS3.

One is a major manufacturing organization that was already using 11gR2. It is migrating its production and development environments to PS3. The organization plans to conduct two weeks of testing, perform regression testing on the back end and then roll out with the patch.

The other client is a large university in Florida that was also already using 11gR2. It is currently doing the upgrade in its development environment before moving on to testing.

Clients choose the amount of time they want to spend in testing, but Perry thinks one to two weeks are all that is necessary.

Perry believes that more and more people are starting to take identity management seriously. According to Perry, government organizations and Fortune 100, 500 and 1,000 companies, among others, have been waiting for the development of a single platform that they can use for both enterprise and mobile identity management.

Now that Oracle has developed it, Perry expects to see a lot of clients wanting to upgrade from a previous version of Oracle Identity Management or homegrown systems onto Identity Management 11gR2 PS3 in the next six to 12 months.

Next Steps

Check out how Oracle Identity Management keeps data secure for the SATs and GREs

Find out how Oracle Mobile Security originally worked with Identity Management

Dig Deeper on Oracle governance, risk and compliance