Security could now be the reason to move to the cloud , for instance Oracle’s vision to postulate  that the cloud can be more secure than on-premise. At every layer and stage of technology investments are made in proactive security be it the cloud computing stack and everything from silicon to IAAS , PAAS and SAAS . Oracle’s portfolio includes award winning database security solutions such as the Audit Vault and Database Firewall. Oracle epitomises in Identity and Access management with its comprehensive solution for directory , governance and access. The Oracle cloud incorporates the best of oracles security products , technology and processes. Oracle’s security cloud services are built on the prodigious intellectual property and security foundation.

Which brings us to the focus of this article , The Identity Cloud Service(IDCS). A module of Oracles offering of security features.  

IDCS is a secure on demand Identity service from the Oracle public cloud. IDCS provides native cloud security by Access and Identity management platforms that is designed to integrate with the enterprise security fabric. It is designed to rapidly integrate modern identity to modern applications into your identity management systems from the cloud.Since it is built on standards it easons integration of your applications and facilitates inter operations. Not only does the design of the application guarantee security but it also inherits security from the Oracle Cloud. IDCS helps customers move to the Cloud quickly  and easily adopt the cloud as well.

Do you want training on Oracle IDCS?

Contact us now

Identity challenges faced with SAAS applications

There are several challenges users face with SAAS applications. Below mentioned are three glaring challenges commonly faced by SAAS users.

1.Fragmentation
2.Weak Security
3.Lack of Governance

Let’s deduce the reason for these challenges.

1. Fragmentation - For a while SAAS applications were deployed on the basis of need. Causing a range of applications that an organisation may use to  have been deployed from various vendors. Often due to the rush to time to market they have not wired it up or architected it to their credentials with on premise identities , resulting in users having to log into these SAAS applications with different credentials as opposed to using their on premise credentials hence causing a lack of synchronisation .

The scater of these SAAS applications has costed enterprises huge amounts of money in terms of resetting multiple passwords for users and other challenges that could arise due to fragmentation of applications.

         2. Weak Security - SAAS applications are not built with inbuilt security. For instance if

           we want to have intelligent capabilities within SAAS applications to prompt the user for

           Multi factor auth or One Time Passcode(OTP) or Step of indication depending on risk,

           these kind of options are not facilitated within the application. To many enterprises the

           lack of these facilities has found an increasing need for an integrated, centralised

           solution that can enforce this across their entire cloud based portfolio.

           3. Lack of Governance - Governance is always an area where enterprises have  

           excellent coverage on on-premise applications because On-Premise Identity

           Management including Oracle’s identity and governance portfolio has excellent

           governance capabilities for on premises applications but they are not extended to the

          cloud because no identity as a service vendor provides these capabilities on the cloud.

The Identity Cloud Service is designed to differentiate in 3 key areas 

1.Hybrid
2.Open & Standards - based
3.Secure Defense - in Depth

Why Oracle Identity Cloud Service when it comes to the above mentioned differentiators?

Hybrid means identities can be managed for both cloud based applications and on premise applications integrating with Oracles on premise portfolio in a manner that is better than other stand alone Identity As A Service providers can. Oracles IDCS Hybrid Identity feature

permits us to manage identities for cloud and on premise applications with enterprise - grade hybrid deployments.

1.There are flexible provisions to manage identities in the cloud

1. Synchronize identities directly with AD or OIG

2. If IDCS is configured for SAAS application all the identities from OIG or directly from AD can be synchronised using an identity bridge software that is capable of deploying on-premises or authentication can be federated to OAM or ADFS for instance which primarily permits authentication to be federated to external power

    2. Centralised governance workflows for Cloud applications

          1. Access review certification for extended OIG . A provision for an OIM connector is

          present where IDCS is capable of enabling the administrator to perform a set of

          Capabilities for applications that are protected by IDCS

          2. Audit compliance to extend OIG SoD to IDCS

          3. IDCS applications and Access Control ro include external reporting in OIG

Do you want training on Oracle IDCS?

Contact us now

Open & Standards - based

IDCS conforms to 4 key standards

1. Oauth

2. SCIM

3. SAML

4. OpenID

Using the above mentioned standards we can integrate with pretty much any application as long as these standards are conformed to.Proprietary integration is no longer existant , standards are the basis of everything.

1.OAuth and SAML can be used to integrate with almost any application that we have

2.SCIM is used to manage all forms of identity . It is an wholesome open standard that is used to manage all identities in the cloud directory. Hence, if customers want to provision users into the cloud directory into their instance they can do that directly using the SCIM standard

3.OpenID connect is used for authentication workflows.Oracle is a sustaining member of the board of the OpenId foundation

4.Native IDCS support for SAML, SCIM, OpenID, Connect and OAauth

5.FastFed Working Group to facilitate acceleration and to simplify application Integration

Secure Defense - in Depth

IDCS is designed with security in mind. It is built with several security capabilities to encrypt identities at rest besides the fact that it leverages security capabilities from the Oracle cloud platform.

The key differentiator is that many of the capabilities is leveraged from the Oracle cloud Platform itself.

1.Oracle public cloud layers of defense

            1. Administrative controls for fraud detection , alerting , blocking, behavioural based

             Strong authentication

            2. Restriction of Admin access : Roles , Policies and real-time variables

            3. Schema isolation and Transparent Data Encryption

     2. Contextual user access control Implementation in IDCS

           1. Time-Of-Day, Device, Network, Geo-location etc.

     3. Third Party integration - ready with open Apps

            1. Policies and risk scores from SIEM,CASB,UEBA vendors

Capabilities of Oracle Identity Cloud Service

The Oracle Identity Cloud Service is not another SSO and provisioning service in the cloud , it is basically a comprehensive Identity management solution that can do all of the below mentioned features. This particular service can not only integrate with Oracle cloud applications like Oracles SAAS and PAAS applications but also third party applications like Workday and Office365 etc but also on-premise applications.

One thing that differentiates IDCS is that it enables customers to protect not just the IDCS API’s but also their custom APIs using the IDCS server. Once we move it to the cloud we can continue getting  capabilities like governance , segregation of duties and Audit/compliance reports using the OIM connectors for IDCS so that they can continue using all these capabilities from OIG even after moving the application policies to IDCS.

Practical Applications in the cloud

Let’s look at a few practical applications of IDCS on the cloud and it’s advantages

1.Modernising custom applications in the cloud

Why should we modernize?

1.Maintaining Legacy applications are quite expensive
2.Proprietary Integrations
3.Integration with AD/OIG

Moving on-premise applications to IAAS/PAAS

How does IDCS facilitate modernisation?

1.Rich API support
2.Flexible User/Group/Role based access control policies
3.Ability to secure custom App API’s

Key Features of IDCS

1.Easy to integrate Apps with IDCS
2.Use oAuth to protect App API’s addition to user
3.The SCIM compliant Cloud Directory is fully featured
4.App roles and groups are supported
5.Inter-op with 3rd party tokens for services that span multiple apps/services
6.Audit Logs are available in detail

2. Integration with any application

With IDCS we can integrate with any application be it:

1.Oracle PAAS/SAAS service
2.Oracle on-premise applications
3.3rd Party SAAS applications

Key features of IDCS in terms of integration with applications

1.It helps to integrate with 3rd party apps using SAML/OIDC/oAuth for SSO & Access Mgmt. functions
2.IDCS can act as an Identity Provider in this scenario
3.Profile and password management functions performed Users and Administrators
4.Accomplish Hybrid Identity capabilities (existing OIM customers)
5.Third party apps to target - Salesforce,Box,Office 365,Google etc.

3. Manage external identities

In many cases customers are trying to upgrade  legacy applications to modernise them and be able to incorporate social identities and auto scaling capabilities.

In many cases some applications could have been written decades ago when there was no concept of social identity these applications were deployed on premises and in many cases tested applications are hosted on custom hardware , in situations where they experience higher demand these applications would require manual scaling and then they need to be scaled back when the demand reduces.By moving these applications to the cloud we can leverage a lot of auto scaling capabilities. We can simplify the management and administration of these applications by being in the cloud and for IDCS the very strong data security in the cloud provides things like transparent data encryption and schemalisation  for consumer identity that will be stored in the identity coud.

Why do customers upgrade to external-facing apps? 

1.To consume Social Identities
2.Auto scaling is more reliable in the cloud
3.To move apps to SAAS/PAAS

Why IDCS for these apps?

1.Strong data security in the Oracle Cloud

2.Rich APIs for integration with custom Applications

Key Features of IDCS in terms on Managing External Identities

1.Fully-functional Cloud Directory that can house identities
2.Self - service and ID Admin functions for admins and end users respectively
3.An easy access to applications without the need of VPN or on-premise gateways
4.Extensive APIs allow customers to integrate identity in a coherent manner

Anushya

Add comment