FotolEdhar - Fotolia

Patch for Oracle Identity Management aims at mobile security

Oracle Identity Management 11gR2 PS3 extends identity management over mobile devices, as mobile becomes the platform of choice for business users.

Oracle Identity Management Release 2 Patchset 3 (11gR2 PS3) is not your ordinary patch. PS3 is the first time Oracle has fully integrated mobile device management (MDM) into its identity management software platform. In other words, Oracle has extended its existing security onto mobile devices, allowing the user to manage access, approvals and provisioning across all devices from one location.

Furthermore, any applications necessary for new access privileges can be pushed to the mobile device at the same time the privilege is granted. "I can go to one place and look at all my access at once," said Jim Taylor, senior director of product management at Oracle.

The integration between MDM and Oracle Identity Management comes out of the box, and everything can be viewed through the Identity Governance portal. Oracle Identity Management 11gR2 PS3 is available now.

Tailored security with Oracle Identity Management

11gR2 PS3 is also the first release of Oracle Identity Management as a platform focused on business activities. Over the last 20 years, security tools have come to be primarily in the hands of business users, he said. "Security really needs to be designed for the end user," Taylor added.

"[Mobile] device is becoming the platform of choice," said Taylor. Business users are accustomed to accessing business tools from a distance with mobile devices. "Everything is becoming a digital service, and just as consumers, we want to have access on all our devices," Taylor said.

Everything is becoming a digital service, and just as consumers, we want to have access on all our devices.
Jim Taylorsenior director of product management at Oracle

Oracle Identity Management 11gR2 PS3 uses contextualization -- a method that takes into account the user, the device and the location to create context for an access request -- to automatically tailor security to the needs of a user working on a secure computer in the office compared to a user working on an iPad in a coffee shop.

Then, Oracle's identity management software analyzes the context to create a risk score and presents different security protocols. For instance, the user in the office with the company computer might just have to enter a password. On the other hand, the user on the iPad in the coffee shop might be tested with an SMS text, knowledge-based questions, one-time passwords or entering an employee ID. Taylor describes Oracle Identity Management as "applying the right level of security based on the situation." Also, mobile devices can determine who has what types of access privileges.

Easing business user security mandates

The importance of context-aware security, according to Taylor, is directly tied to the industry shift toward the business user as the primary consumer of security technology. Long, complicated passwords are difficult, making business users less likely to use the security system. By adding context-based security via Oracle Identity Management, access gets easier for those in secure situations without lowering security standards. "The goal of security is to be secure," said Taylor. "But, we don't want to prevent legitimate access."

Prior to redesigning its identity management software, Oracle held focus groups with hundreds of users to discuss their needs. As a result, Taylor said 11gR2 PS3 offers a more intuitive interface, needs fewer clicks to accomplish tasks and makes popular features as easy to use as possible.

Next Steps

Learn how Oracle Mobile Security first brought Identity Management into the mobile space

See Oracle Identity Management in action keeping test data safe

Dig Deeper on Oracle database security