After evaluatiNG how clients handle data throughout their enterprises, in December, Oracle (Redwood Shores, Calif.) introduced its Identity Governance Framework (IGF), an open initiative designed to help firms better manage sensitive customer information.
According to Oracle's Amit Jasuja, VP of development, security and identity management, other efforts around identity data management have mainly focused on the actual collection of the data from users, rather than on how the data is controlled by the enterprise. "The value of this data is in being able to provide it to business applications so that companies can make decisions -- it shouldn't be floating around the company," he says.
"The goal of IGF is to create an open initiative that delivers concrete ways companies can define governance and control around identity data," Jasuja explains. "It will let people know that you have this identity data, where it is, the rules for sharing it and for applications to declare interest in the data, and what they plan to do with it."
Companies, particularly banks and other financial institutions, understand that they need to control and manage sensitive data better, Jasuja acknowledges. But, he contends, while many financial institutions have homegrown solutions in place for data governance, these solutions typically are not comprehensive enough or streamlined enough to do the job efficiently. Banks' in-house-developed solutions often rely on massive, centralized databases, Jasuja adds. With IGF, however, it is unnecessary to create a centralized data store, he explains, noting that, "You just have to identify where the authoritative sources are for this data -- which lines of business own the data."
Not only will the governance framework help banks improve operational efficiency, according to Jasuja, IGF also will lend itself to improving compliance efforts by creating more transparency into data, as well as an audit trail as to who used which information and where the data resides.
Oracle Plays Well With Others
Oracle's interest in security-related matters developed as the company gradually acquired companies in the security space, absorbing their competencies into its own products and services, Jasuja relates. As a result, "We now have a stronger interest in standards, consortiums and industrywide initiatives," he says. Under this collaborative business model, Oracle is partnering with several companies in the security sector, including Sun Microsystems Sun Microsystems (Santa Clara, Calif.) and CA (Islandia, N.Y.), to help standardize IGF specifications, according to Jasuja, who adds that he expects the partner ranks to grow.
Realizing that not all banks have a complete "Oracle stack" in their IT operations, the company is seeking to create specifications that "play well with others," Jasuja continues. "If I build an application, I don't know how it will be deployed at Bank of America versus Wells Fargo. To have a successful product, it has to work with the infrastructures at both of these banks. Therefore, it's important for the specs to be based on standards. We briefed other thought leaders in the identity-management space and they agreed on the value [of IGF]."
IGF proponents are looking carefully at numerous open source and standards organizations, such as Liberty Alliance and OASIS, to help them promote the specifications, according to Jasuja. "We want an organization that's strongly represented by customers, not vendors," he says. "We also want an organization that's nimble because we want this ratified as a spec as quickly as possible."