X
October 21, 2019

Move and Improve : Securing Enterprise Applications with IDCS

By: Sanjay Sadarangani | Product Manager - Identity Cloud Service

Share

Applications such as E-Business Suite, PeopleSoft, JD Edward, Hyperion, etc have enabled key business processes in several organizations. As organizations move towards cloud they may decide to migrate these processes to SaaS applications. SaaS migration may not always be viable.  Sometimes the SaaS applications do not provide functional parity or an organization has implemented too many customizations which are business critical. Many organizations also want to accelerate their move to the cloud, they want to immediately lift and shit their enterprise applications to the cloud and leverage the elastic salability and automation that is inherited with modern cloud platforms.

Organizations cannot overlook identity and security requirements when moving applications to the cloud. They need to change their strategy from a pure "Lift and Shit" to "Move and Improve". They need capabilities such as automated identity life cycle management,  adaptive MFA and single sign on to improve their overall security posture and inherit controls through which they can combat  sophisticated and prevalent cyber security threats. This is where Oracle Cloud Infrastructure (OCI) and Oracle Identity Cloud Service(IDCS) delivers.

Oracle Cloud Infrastructure (OCI) is a second generation cloud infrastructure platform designed to run enterprise application workloads with an emphasis on security at its core. Deep customer isolation, strong networking isolation, operational segregation, demonstrable compliance, a modernized WAF and effective DDoS protection are just some of the areas where OCI stands out. You can read much more about OCI security here.

Oracle Identity Cloud Service(IDCS) a component of OCI is a modernized Identity as a Service(IDaaS) platform that enables you to streamline and automate user identity life cycle management, simplify user access with standards based single sign on into both SaaS and enterprise apps, and also secures your applications with context based multi-factor authentication policies and an adaptive intelligence risk engine.

IDCS enables organizations to successfully implement their "Move and Improve" strategy with the help of following features:

  1. App Gateway and EBS Asserter
  2. Provisioning Bridge
  3. Multi-factor Authentication

 

App Gateway and EBS Asserter

The IDCS App Gateway is an identity-aware proxy that can be placed in front of your applications. It has the ability to intercept HTTP/S requests, redirect users to IDCS for authentication and then inject validated user identity and authorization data as HTTP Headers into the request which is eventually sent to the application. An application can then use the vales of these HTTP headers to create a secure session for the end user. The IDCS App Gateway will also enable organizations to enforce URL authorization policies and secure application APIs using OAuth.

You can deploy the App Gateway on Virtual Box, VM Ware or run it as a Docker container. Organizations can use the App Gateway to enable SSO into applications like PeopleSoft, JD Edwards or any bespoke application that supports HTTP Header based authentication.

The IDCS EBS Asserter is another innovative component that not only enables SSO with EBS, but it also simplifies the infrastructure requirements needed to enable EBS SSO. Traditional EBS SSO deployments require organizations to deploy and mange farms of Access Servers, Directory servers, Access Gates and Web Gates. The IDCS EBS Asserter  removes the need for these excessive and difficult to manage components. It's a simple WAR file that needs to be deployed on Weblogic. That's it, nothing more. The IDCS EBS Asserter acts as the interface between the identity token being issued by IDCS and the user session being created in EBS.

Provisioning Bridge

Comprehensive and complete security for applications requires life-cycle management of application identities in addition to single sign on. The IDCS provisioning bridge can be used to streamline account life-cycle management with on-premises components and enterprise applications. With the IDCS provisioning bridge organizations can perform authoritative sync, account provisioning and group management in generic LDAP servers such as OID, OUD, ODSEE and Apache DS. The IDCS provision bridge will also enable account, role and responsibility management in apps such as  EBS and PeopleSoft.

When combined with the SaaS application templates, AD Bridge and automated group grants; organizations can automate the entire identity life-cycle.

 

Multi-Factor Authentication

IDCS provides a market leading MFA solution through which organizations can define policies that contain context based rules and actions. These rules leverage the user, application, device, risk and request context to dynamically determine if a user is allowed access, denied access or needs to be prompted for MFA. The IDCS adaptive intelligence engine not only computes risk by analyzing login behavior but can also pulls in user risk feeds from UEBA systems such as Symantec CASB. It uses this combined risk score along with the user, application, device and request context to dynamically enforce access decisions.

MFA

Summary

Organizations cannot overlook identity and security requirements when moving applications to the cloud. They need to change their strategy from a pure "Lift and Shit" to "Move and Improve". They need capabilities such as  automated identity life cycle management, adaptive MFA and single sign on to not only improve their overall security posture but also inherit controls through which they can combat sophisticated and prevalent cyber security threats.

Join us for a live webinar on Nov 6th where we will discuss how you can secure your enterprise apps  with IDCS and enable your "Move and Improve" strategy.

Move and Improve: Keeping Your Workloads Secure with IDCS

November 6th | 10 am PT

Speakers: Sanjay Sadarangani (Oracle)

Register | Evite

 

Product Manager - Identity Cloud Service

12 years of experience in the Identity Management domain. Product Manger for Oracle Identity Cloud Service, driving roadmap for key Access Management areas such as SSO, MFA, Mobile Authenticator and Authorization.

More about Sanjay Sadarangani

Share