Oracle Extends Access Certification for Compliance

The latest version of Oracle Identity Manager has new attestation technology to help prove who has access to what data when the auditors come calling.

Oracle is expanding its user provisioning software to include new capabilities around attestation and reporting.

The latest edition of Oracle Identity Manager, the company's IAM (identity access management) offering, includes additional support to automate the certification of access privileges required by regulatory and industry compliance mandates.

"What we've done with this release is we've made that attestation process more flexible," said Amit Jasuja, vice president of development for security and identity management. "What you can do now is say, -I want to attest the privileges of the following people.' ... [It could] be based on a certain location, it could be based on a different group or organization."

The definition of user scope and resource scope can be based on rule-based expressions, Jasuja said. A new multi-select attribute has been introduced for the resource entity, which allows for the categorization of resources based on mandate and attestation frequency to help administrators create a regulatory-mandate attestation process. A grace period for attestation can also be established. At the end of the period, the attestation request is automatically delegated to a specific user.

In another move to aid organizations in the area of compliance, the product also includes 19 new compliance and operational report templates to help organizations streamline audit processes. Compliance is one of the key drivers for the IAM market, which analysts with Forrester Research have estimated will reach $12.3 billion by 2014.

Oracle, which acquired Bharosa last year partly for its authentication technology, competes with players such as IBM and CA in the IAM space.