Oracle Advances Application Security with Oracle Identity Management 11g

Oracle has announced Oracle Identity Management 11g, an integrated and open set of best-of-breed components built on a common platform and engineered to deliver integration within and across the suite through a series of common components.

As the industry's first "service-oriented security architecture," Oracle Identity Management 11g provides enterprises with shared services for everything from identity administration, password management, authentication and authorization, workflow, encryption, and auditing to simplify application security, says Rohit Gupta, vice president of product management for Oracle Identity Management.

Compliance needs have intensified with every passing year, observes Gupta. To address these escalating requirements, Gupta says, Oracle Identity Management 11g, a component of Oracle Fusion Middleware 11g, offers a breakthrough, combining business intelligence with enterprise security with identity data. Providing a level of intelligence driven by analytics, Identity Management 11g aims to provide "an end to end view of an organization's security posture to get a sense of their health, to improve visibility, to improve transparency, thereby helping to proactively mitigate risk and accelerate compliance."

Oracle Identity Management 11g is intended to security address challenges Oracle has witnessed among its customers, Gupta notes. "As we have talked with customers over the years about the state of security solutions, we have heard that their security solutions generally are fragmented. They have originated from different vendors and so they don't interoperate or integrate very well, and a lot of times they don't support open standards."

Enterprises have both custom applications and packaged applications within their environments and typically security is an afterthought, he notes. Oracle, he says, has heard from clients that the level of tooling, the level of development support, as far as the overall development lifecycle has not provided sufficient capabilities for helping architect security into those applications. Additionally, as data centers and enterprises go through the evolution of modern requirements - everything from web services to cloud computing, and support for SaaS applications - security solutions are not necessarily capable of supporting them or scaling across them because they are based on a dated technology infrastructure, they are proprietary, "an obviously that results in a level of complexity from a maintenance standpoint as well."

Go here for more information.