Oracle Endorses Role-Based Access Management

Oracle pushes its access-management security strategy at the RSA Conference in San Francisco.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Oracle is pushing role management as a key element of its security strategy.

The approach, which the company calls service-oriented security, is meant to help organizations simplify and centralize critical security tasks, including authentication, user administration and role management.

In a keynote address April 10 during the RSA Conference in San Francisco, Thomas Kurian, senior vice president of Oracle server technologies development, said businesses today are challenged to deal with the growing number of users accessing their systems.

To address that challenge, Oracle announced the release of Oracle Role Manager, software designed to permit organizations to centrally model, define and manage business roles and relationships to enable tighter access control.

According to the company, Oracle Role Manager is intended to lay the foundation for service-oriented security by delivering a comprehensive framework of business and IT roles and privileges.

With the identity access management field growing, customers can expect to see better integration. Click here to read more.

The software provides event-based role services that automatically trigger entitlement changes to user provisioning and enterprise applications. It also gives administrators the ability to simulate how a role change will affect data security before actually changing the role.

The company's service-oriented security approach spans four areas in IT: development, deployment, administration and governance. Oracle officials said the company has delivered on each of the four areas, launching the identity governance framework with proposed standards being pursued by a number of vendors.

The company has also released the beta version of the Oracle Fine-Grained Authorization software and the general release of Application Access Controls Governor 8.0.

In September 2007, Oracle acquired Bridgestream, which specialized in enterprise role management software. At the time, Oracle officials said the marriage between the two companies would deliver an integrated product that combined role discovery, modeling, enforcement and attestation capabilities.

"Historically, organizations have struggled to easily define and manage enterprise user roles that reflect their business structure, and are typically left with an overpopulation of roles dispersed across their various enterprise systems," Hasan Rizvi, vice president of identity management and security products at Oracle, said in a statement.

"The new release of Oracle Role Manager provides customers with automated tools to mine and model roles and to efficiently manage multiple interrelated hierarchies across diverse IT systems on an ongoing basis," Rizvi said in the statement.