Interview with Jim Taylor, senior director, product management, Oracle
Oracle Updates Identity Management with Integrated Mobile Security and Redesigned UI
Oracle recently rolled out major updates to Oracle Identity Management to help organizations securely manage access to mobile, cloud, and on-premise applications. Jim Taylor, senior director, product management, Oracle, discussed how the data security landscape is being shaped by greater digitization, more demand for access from more devices, and the relentless reports of high-profile data breaches.
The updated IDM release integrates Enterprise Mobility Management but also just makes it easier for people to use, which is one of the key ways to win the data security battle, Taylor says. Coming soon also, he adds, following the recent launch of Windows 10, will be support for Windows devices.
Q: It appears that the big innovation being added with the latest version of Oracle Identity Management 11gR2 Patchset 3 is the integration of mobile security into the identity and access management platform.
Taylor: That is definitely one of the key points but there is another one as well that we really have been focusing on with this release. This Patchset 3 release is very strategic. It is a significant release for us because it really brings together quite a few years’ worth of work and strategy. But, as you said, one of the first things we have done is added mobile security and the integration of it in to the IDM suite, so we now can take an identity-centric view of mobile.
Q: Why is that important?
Taylor: For a lot of our customers that have an existing security infrastructure, that already have a lot of that investment in place, they can now extend that to cover devices. We have seen this trend where devices are becoming the platform of choice so that is critical for our customers. They can take an identity-centric view and for example if they have existing authentication or authorization policy, and they already have a framework in place, they can now easily extend that to devices as well.
Q: Who does this help most?
Taylor: From a user perspective, this gives me the ability to have a one-stop shop: If I am a corporate user and I want to request access to something or I have some kind of business process or approval process to do, I can now go to one central place to do that. I don’t have to have a separate tool or go to a separate place to manage my mobile devices. I can now go into my enterprise catalog and request access to apps and services, and roles, but I can also request access from my devices as well.
And, as a manager, I get to leverage my existing process and approval framework. From the compliance standpoint, when I have to do my “who has access to what” certification campaigns, I can go to one campaign and see all of the users’ access, not only their applications, and see what is on their devices, and the devices have access to corporate application, as well
Our strategy has been that as the device becomes the platform of choice, we want to enable our users to extend their security systems and to manage it as another corporate platform. More and more, we see users wanting access to anything from anywhere, from any device.
Q: What is the second key area you mentioned?
Taylor: What is really different about this release for us is that traditionally security has been IT infrastructure, and we have been in the background working with IT admins or security specialists, and our audience - or our consumers of the technology - has been technical or security-based. But we have seen this trend across the whole industry which is shifting that, and so now finally it is cool to be a security guy because it is much more of an app interacting with business users. They are doing self-service things like resetting a password, or requesting access to something, or approving something - routine day-to-day tasks. So, with this release we fundamentally designed the UI and we are launching our business-user-designed UI.
Q: How did you accomplish this?
Taylor: We invested a ton of resources and we did a whole bunch of focus groups and studies and worked with some specific UI designers. It wasn’t just about making it look good or improving the look and feel of the UI. It was much more about making it as intuitive as possible so if there was something done on a regular basis and it took six or 10 clicks, we wanted to get that down to two. We wanted to make it as wizard-driven and as intuitive as possible. As these business users who are now our primary consumers interact more and more with the identity tools it is specifically designed for them. This is our “business user release.”
Q: Going back to the mobile access, is it still relevant to ask about the kinds of mobile devices?
Taylor: It is becoming less of an issue. In the mobile security space itself, there have always been two ways to come at the problem. As mobile exploded, a lot of customers were making tactical choices around MDM – or mobile device management – solutions. And they were very platform-specific, very tied to the individual devices. It is a challenge with things like bring your own devices (BYOD) and compliance and corporate policies.
Q: What is the Oracle approach?
Taylor: We come from the container side of doing things. We have added device capabilities, MDM capabilities in this release, but we allow you to deploy a corporate container on the device. We now support the vast majority of pretty much every device, every flavor that is out there, but the one thing that is upcoming for us, as we speak, is support for Windows devices and we will be releasing that as an interim patch in the short term.
Q: By Windows devices – do you mean the Windows Phone?
Taylor: Windows Phones, the Surface tablets – as Windows 10 is released and moving to a single operating system across everything that Microsoft is. Your PC operating system, your tablet operating system, your phone operating system – it is all going to be the same thing. It will be one system and we will be supporting that.
Q: And, back to the redesigned UI – whether it is intuitive or not, business users are still forced to deal with security. Is the goal to make it less of a problem?
Taylor: Exactly. That has always been one of the challenges for security. You can have really great security but you are trying to balance security and flexibility at the same time. We want our users to be able to use the services that they need to be productive. If I asked you to remember a 100-character password and use a different password for everything, you would spend your life on the phone with the help desk and security would become a barrier. While we want to maintain good security, it is our goal at the same time to make security easy for users to consume. With the appropriate levels of security, by designing our tools for use by the business user, we are making it much easier and improving security overall. The easier it is to use and the less obtrusive it is, the easier it will be to be effective with it.
Q: Earlier in July, there was another well publicized breach, this time in the U.S. Office of Personnel Management. Do you think security is becoming a more prominent concern for companies?
Taylor: I would totally agree with that. To some extent, there are a lot of different trends that are coming together. It is almost like a collision that is happening in the industry right now. We have got this whole digitization of services. Everything is moving to digital services. Everyone wants access from anywhere and device, but at the same time we are living through a breach culture right now.
There are so many security incidents that are happening. It is a real challenge for companies. Security is very top of mind. Boards are asking questions and they want to know that security is tight and is being taken care of. But at the same time, you don’t want to secure something to the extent that no one can use it. Services have to be usable. It is a balance but we are definitely seeing that overall attention on security has dramatically increased over the last 12 months.