Description: Sponsored: Identity management not only enhances security, but it can improve compliance with the Sarbanes-Oxley Act. Rohit Gupta, the director of Oracle's
ID management & security products, explains how this is achieved.
The content for this video was sponsored and provided by Oracle.
Hello, I'm Rohit Gupta, Director of Identity Management and Security Products at Oracle Corporation, and I'm here today to talk to you about identity management as it relates to Sarbanes-Oxley reforms.
Now, the Sarbanes-Oxley Act was passed in 2002, specifically around providing legislation in response to the accounting and financial scandals that engulfed the likes of Enron, WorldCom, and Tyco. Sarbanes-Oxley has two major tenets: Section 404 and Section 302. 404 is centered around who gets access to what data, how often do they get access, what are they doing with it - fundamentally, talking about setting up a control framework that gives the enterprise information about access rights. And then 302 around notification whenever changes to these controls are made, so directly playing a role within disclosure.
The sections in Sarbanes-Oxley, the legislations here, have three common themes: Confidentiality, which is really around insuring that the data is protected, the right people are seeing the data; the integrity, which is centered around insuring that the data itself is valid; and then security, which is insuring that the right sort of protective controls are in place for your data.
The challenges with the Sarbanes-Oxley legislations are, they're pretty broad, and there isn't a specific reference model or reference architecture that enables enterprises to implement these efficiently.
Now, Oracle recommends a compliance reference model based on four primary principles. These include policy definition, which really gives you the ability to set up your entitlements, or your access rights, based on things such as role-based access control or policy-based access control - set up your provisioning and administering of your users - gives you the ability to set up preventive controls, so protecting your Web-based data by giving you Web single sign-on, or your legacy data, which may reside in a mainframe or a desktop client server environment.
Detective controls - again, extremely critical to report on what your users are doing. How often do they access data? What are they doing with that information once they get access to that?
And then, lastly, control validation, which is giving you the ability to set a processes, such as attestation, on a regular basis; set up your dashboards; do your gap analysis; et cetera, for both your financial and IT users, in an efficient manner.
Now, the interesting element here is, in order to be effective with Sarbanes-Oxley reforms, you've got to complete this in a sustainable and iterative manner centered around your audit and corporate data.
In summary, identity management can help address the confidentiality, integrity, and security needs of your Sarbanes-Oxley requirements. It'll help you achieve your tactical demands from your auditor, as well as the strategic demands to obtain business efficiencies from your compliance requirements.
For more information, I invite you to visit oracle.com/identity to learn what customers are doing with these products.
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Which solar technology will survive?
-
At the Cleantech Forum in San Francisco, Todd Glass of Heller Ehrman moderates a discussion, among tech execs, on the various solar technologies making a difference in the green movement.
- Watch the video >>
- Intel IT Data Center Efficiency Initiative - Going Green
-
"See how Intel is consolidating down to 8 global data center hubs through the use of consolidation, virtualization and standardization. The initiative is expected to save Intel $1.8B by project completion.
- See how Intel plans to save $1.8 billion >>
