Oracle adds context-aware authentication to its identity management family

Identity Management This newsletter is sponsored Gateway Virtual Server Management: Weighing the options Learn about an array of exciting new time-saving tools that make it possible to manage virtual servers in a similar way as physical servers by watching the latest Network World Editorial Perspectives Webcast. Click here to watch! Network World's Identity Management Newsletter, 07/23/07 Oracle adds context-aware authentication to its identity management family By Dave Kearns Larry Ellison’s yacht didn’t fare so well in the recently completed America’s Cup series in Spain, but he has continued to beef up the identity practice at Oracle with a new, shiny addition just last week. Oracle acquired Bharosa, which the new owner described as “a leading provider of software that helps combat online identity theft and fraud.” Well, lots of companies can claim that. What excites me about Bharosa is how it goes about combating identity fraud. The company’s lead product, Bharosa Tracker, performs “in-session risk analysis/scoring to verify users by their device, location and behavior.” In other words, it is one of the first context-aware authentication services. Optimize Your WAN: Network World Shows You How In this Executive Guide learn how optimization can supercharge your WAN. Click Here Now authentication context has long been something I’ve advocated to minimize risk to high-value resources. Here’s an example: Suppose your CFO has rights to transfer money from your corporate account to any other account up to $1 million. This would be useful when quick turnaround was necessary on a desirable purchase. But even if you had the CFO authenticate with password, security token and biometric – fraud could still occur. If your authentication system could tell, however, that the CFO was attempting to authenticate remotely from his laptop in Rio de Janeiro, at 2 a.m. on Sunday morning, you might want to be able to require some additional steps: a lowering of the dollar limit, a second “signature” on the transfer, a time delay on the transaction – or you might want to block it entirely. Right now, Bharosa Tracker isn’t concerned with employee fraud as in the above scenario but it could easily be adapted to do that. What it does do, though, is verify the user's IP/geolocation, computer/device attributes, historical site usage, among a host of other factors, and compare these with an existing or predefined risk profile. Tracker can also generate a dynamic alert or even a programmed response to suspected fraud. Oracle intends to keep Tracker available as a stand-alone product that can integrate with other vendors’ identity products, or be combined with Oracle’s established Web single sign-on and Web based-authorization offerings. The result would be a highly secure, low impact security offering that protects users from common, often costly, threats. Oracle continues to add to its lead at the top of the heap of complete identity services providers. Pay attention! Events: Courion launched a series of podcasts called, very unimaginatively, the “summer podcast series.” First up is “Developing an Enterprise IdM Program” hosted by Courion’s “identity leprechaun” Chris Sullivan. Sully hopes to present answers to questions such as: “How do I get started with an identity management program?”; “How do I maximize returns in the short and long term?”; and “How do I measure the success of an identity management program in business terms?” Head to the podcast site, where you’ll need to register, then download and listen.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. 11 corporate anthems to die for 2. 12 IT skills that employers can't say no to 3. Hogwarts IT director quits 4. iPhones flood WLAN at Duke University 5. Duke's iPhone mystery reportedly resolved 6. Readers speculate on Duke's iPhone problem 7. Unmanned aircraft crush worldwide enemies 8. Google's chief legal officer slapped with SEC fines 9. Brazilian plane crash to push malware 10. Microsoft 'silently' restores root certificates MOST E-MAILED STORY: Hogwarts IT director quits

Contact the author: Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill. Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com . Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. This newsletter is sponsored Gateway Virtual Server Management: Weighing the options Learn about an array of exciting new time-saving tools that make it possible to manage virtual servers in a similar way as physical servers by watching the latest Network World Editorial Perspectives Webcast. Click here to watch! ARCHIVE Archive of the Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007