1 / 27

Oracle Enterprise Security & GRC Global Partner Strategy

Learn about Oracle's GRC platform and security strategy, market opportunities, and partner initiatives. Explore how Oracle is rebuilding trust in the face of increasing risks in the enterprise.

dtoms
Download Presentation

Oracle Enterprise Security & GRC Global Partner Strategy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Security & GRC Global Partner StrategySean Cronin – Sr. Director, GRCKen Zeng – Sr. Director of Technology Global Sales SupportLaura Romero – Director, Global Partner Strategy

  2. Agenda • Oracle At-A-Glance • Global Market Trends • Oracle GRC Platform • Oracle Security & GRC Strategy • Market Opportunity • Partner Initiative Overview • More Information & Contacts • Q&A

  3. Oracle At-a-Glance • Globally… • #1 in Database • #1 in Supply Chain Mgmt • #1 in Customer Relationship Mgmt • #1 in Human Capital Mgmt • #1 in Industries • Retail • Communications • Public Sector • Professional Services • Financial Services Founded in 1977. Headquarters in Redwood Shores, CA with operations in 145 countries. • 275,000 total customers • 220,000 database customers • 30,000 applications customers • 19,000 SMB apps customers • 30,000 middleware customers • 17,700 partners • 60,000 employees • 14,000 developers • 7,000 support staff

  4. Rebuilding TrustShareholders and consumers demand more transparency, less risk What they want… A survey of global consumers shows that public trust in business leaders fell to 28% in 2006, down from 36% at the peak of corporate scandals in 2002. Source: Mckinsey, 2007 Source: Mckinsey, 2007 Source: Economist, 2007 Source: Mckinsey, 2006

  5. Risky Business: Financial Services <Insert Picture Here> • Bank of America, Wachovia Customer account information was illegally sold by bank employees to a business posing as a collection agency. More than 670,000 customer accounts may have been breached.Source: CNNMoney, May 2005 • Citibank Mass theft of debit card PINS results in several hundred fraudulent cash withdrawals in Canada, Russia, and the U.K. This follows the loss of unencrypted tapes containing information on 3.9M customers.Source: InformationWeek, March 2006 • Nationwide Building Society The U.K.’s largest building society was fined £980,000 for failing to have effective systems and controls in place to manage its information security risk. Source: OpRisk & Compliance, March 2007 • Capita Financial Administrators Third-party administrator of collective investment schemes was fined £300,000 for poor anti-fraud controls over client identities and accounts. The firm discovered that client names and addresses had been changed, and sale of units processed without orders from the client. Source: OpRisk & Compliance, April 2006

  6. Risky Business: Pharma andHealthcare <Insert Picture Here> • WellPointHealth Insurer WellPoint settled claims brought by over 700,000 physicians against six major U.S. health insurers, agreeing to pay $198 million for miscoding legitimate reimbursement claims. As part of the settlement, WellPoint agreed to invest in IT and reform its payment system with enforceable standards for properly coding claims.Source: iHealthBeat, July 2005 • American Red Cross In 2006, the FDA fined the American Red Cross $4.2 million dollars for violating blood handling safety requirements that stemmed from poor quality controls, assurance and inventory audit management, along with inadequate donor screening standards.Source: WSVN News, September 2006 • Biogen IdecIn January 2007, Biogen Idec Inc. settled with the Office of the Attorney General in Vermont after failing to file its financial disclosures regarding its promotion and other marketing activities for Fiscal 2003 and Fiscal 2004 by the state’s deadline. Source: Center for Business Intelligence, May 2007 • HealthSouthFormer CEO Richard Scrushy was sentenced to nearly seven years in federal prison, while former Alabama Gov. Don Siegelman was sentenced to more than seven years, for related crimes in their bribery and corruption case. Prosecutors requested at least 25 years for each. Source: The Wall Street Journal, June 28, 2007

  7. Risky Business: Data Privacy <Insert Picture Here> • Mellon BankFor a violation of the Fair Debt Collection Practices Act, in which employees destroyed 80,000 unprocessed Federal tax returns and tax return checks in an attempt to conceal failure to meet IRS processing deadlines, Mellon paid a fine of $18.1 million and closed its tax processing center. Source: Unbossed.com, April 27, 2005 • ChoicePointIn addition to paying $500,000, ChoicePoint has agreed to a monitored customer data protection program as part of its settlement with 43 State Attorneys General and the District of Columbia, stemming from a 2004 personal database breach. ChoicePoint was fined $15 million in its 2006 Settlement with the Federal Trade Commission for violations of the Fair Credit Reporting Act resulting from this incident. Source: Statesman.com, June 1, 2007 • Crédit Lyonnais French data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL) announced its first-ever fine, amounting to EUR 45,000 (U.S. $57,556) against Crédit Lyonnais. CNILaccused the bank of violating French privacy law and obstructing investigations by “abusively” recording names of clients with bad credit managed by the French central bank. Crédit Lyonnais also erroneously informed the French central bank of fraudulent use of debit cards by customers, although these customers had other financial incidents. Source: Winston & Strawn, LLP, June, 2006 • Xanga.com Xanga.com, a social-networking and blog site, will pay $1 million in a settlement with the Federal Trade Commission for violating the Children's Online Privacy Protection Act (COPPA). Xanga had been letting users create accounts even if the dates of birth they entered indicated that they were under the age of 13, and with no provisions for parental notification. Source: CNET News.com, September 8, 2006

  8. Share-price performance of companiescomplying with SOX rules 28% 26% Reported control weakness 2004-05 No control weaknesses in 2004 -05 Control weakness in 2004, but none in 2005 6% Source: Lord & Benoit, 2006 Savings on legal liability avoidancefrom GRC investment Opportunity cost of siloed GRC Spending on Compliance Resources for innovation Ad hocApproach Cost of GRC $1 Savings on Lower Legal Liability PlatformApproach $5 # of GRC projects Source: General Counsel Roundtable, 2006 Ounce of Prevention Worth a Pound of Cure Information protection less costly than breaches Cost of a Data Breach Spending on Security $90 $6 Source: Gartner, 2005

  9. IT’s Role in Rebuilding Corporate TrustThe need for IT Governance Control Strategy Security Majority of 400 directors surveyed recognize that the right IT strategy is very important for The Ponemon Institute finds that Gartner warns that of all reported security breaches were due to insiders 70% 70% “More than 80 per cent of IT groups may be incapable of satisfying many of the laws and regulations, such as HIPAA and 21 CFR Part 11, that require change-related audit trails and accountability over material configuration items.” 69% Compliance 66% Customer Satisfaction When a company announces a security breach, its stock price can drop by 2% 2% 57% Managing Risk Source: Ponemon Institute, 2005 Source: Gartner, 2005 Source: Corporate Board Member/ Deloitte Consulting, March 2007

  10. Financial Services IT Governance Public Sector Financial Compliance … Fusion GRC Intelligence Reports Dashboards Alerts Key Risk & Control Indicators Oracle GRC Manager Risks Issues Processes Assessments Remediation Policies Procedures LogicalApps - GRC Controls Access Controls Setup Controls Transaction Controls Infrastructure Services Content Mgmt Identity Mgmt Change Mgmt Data Audit Data Security Repository Oracle GRC Platform Oracle Delivers a Comprehensive Platform for Governance, Risk, and Compliance Management

  11. Oracle Security & GRC Strategy The Oracle Investment • Partners – Software, Platform, Infrastructure & Services • Products – Comprehensive, Industry Leading Solutions; Common Integrated Security Across Applications & Data Infrastructure; Hot-Pluggable & Open • Customers – Enabling & Ensuring Sustainable Compliance and a Secure Infrastructure

  12. Market Opportunity Oracle • Secure and maintain Oracle’s leadership position • Oracle’s install base demands it of all of us • New doors to knock on with a different audience • Sell complete partner-enabled solutions and services that address multiple security and GRC business requirements Partners • Increase partner value proposition by leveraging Oracle’s technology and applications, position and brand • New opportunities through access to the Oracle customer base and Oracle sales • Participation in focused market events by region

  13. Partner Initiative Overview FOR IMMEDIATE RELEASE Oracle Unveils Enterprise Security and Governance, Risk and Compliance Initiative for Partners Enables Oracle Partners to Deliver Comprehensive Solutions to Help Customers Address Regulatory Mandates, Organizational Complexity and Risk Management Requirements REDWOOD SHORES, Calif., - Nov. 8, 2007

  14. Security & Compliance Initiative Strategy Objectives • Generate net new revenue (increase influence rate & resale) • Increase Oracle product adoption & integration among ISV community • Create ecosystem of partners identifiable by solution and business issues solved • Enable partners to sell and implement security and compliance solutions based on Oracle technology Approach • Create formal program and standardized framework • Identify target initiative partners by solution or service, commitment to Oracle and market presence • Leverage SIs and Platform Vendors as channel to bring ISV solutions to market • External content highlighting Oracle’s security & compliance solutions including integrated partner components • Create an ecosystem of strategic partners that the regions can integrate into local sales initiatives & go-to-market activities

  15. Enterprise Security & GRC Initiative Update Current • Security & Compliance Initiative • Loose criteria & approval process New Initiative Updates • Enterprise Security & GRC Initiative • Supports Oracle’s updated product strategy • Open to partners with solutions and/or services for enterprise security, identity management, IT governance, risk management and compliance management • Partner Solutions are complementary to Oracle’s offerings in this space • More selective in order to add value and validity to the partner ecosystem and our overall strategy • Better benefits for greater visibility

  16. Criteria to Apply for Initiative • OPN member in good standing • Acceptance in Database or Fusion Middleware Product Focus • Published Solutions Catalog profile • Existing Enterprise Security and/or GRC solution or service offering • Solution that is complementary to Oracle products & services • Completed application & acceptance based on review of qualifications • Note: Applications will be reviewed at the regional and global levels prior to acceptance

  17. Application Process • Review the criteria for and information on Enterprise Security & GRC Partner Initiative on the OPN Portal • Click on Engage with Oracle • Then on the Go-to-Market link • Find the link to Enterprise Security & GRC

  18. Initiative Overview Page

  19. Application Process • Complete the application online – includes: • Company information • Product , solution or service description • Sales and marketing information including business issues addressed by solution or service, customer information • Business case for initiative participation • Value proposition to Oracle sales • Application is reviewed by regional Alliances & Channels team for completeness and fulfillment of criteria • If an ISV, application is reviewed by Development • Email response to be sent to you within 15 business days • If approved, your company will be flagged as Accepted and you will see a link on the Engage with Oracle page (under My Company Initiatives)

  20. Initiative Benefits • Recognition as a key partner in the Oracle Enterprise Security and GRC partner ecosystem • Visibility to Oracle sales & customers on Oracle.com • Eligibility for Security Strategy Workshops • Consideration for inclusion in the Enterprise Security and GRC solution map • Consideration for targeted sales and marketing opportunities and participation in events and promotions by region • Consideration for inclusion in Oracle press and analyst activities focused on Oracle’s security and compliance strategy • Consideration for “expert services” bundles with Oracle Consulting • Access to the Enterprise Security & GRC Initiative Dashboard

  21. So What? Who Cares?Initiative Value Proposition For Oracle • Oracle can satisfy customer demand for solutions that enable and ensure enterprise security and sustainable regulatory compliance, risk management and corporate governance by leveraging our partners’ assets to drive more revenue. For Partners • Partners can differentiate themselves and help prospective and existing Oracle clients rationalize their current position and exposure, by mapping solutions to Oracle technology and applications that help fill clients’ security and compliance gaps. For Customers • Access to a portfolio of qualified solutions and services that help reduce cost and complexity by managing multiple GRC requirements on a single platform, enable visibility of GRC related activity across the enterprise and safeguard brand and reputation.

  22. Metrics for Success • Expanded partner ecosystem and portfolio of complementary solutions and services • Extended security & GRC solution and services map • Increased Resell/Co-sell Revenue • Increased partner awareness & training • Increased Oracle footprint, product adoption and services development among partner community • Partner & Customer References

  23. More Information… Enterprise Security & GRC Initiative Teaser Page http://www.oracle.com/partners/home/bi/global/security_idty/unauth/index.html Oracle Products & Solutions http://www.oracle.com/grc http://www.oracle.com/security Initiative Partners http://solutions.oracle.com (Keyword Search “GRC”)

  24. Contacts • OPN Interaction Centers • prn-nas_in@oracle.com - North America OPN IC • opnic_ro@oracle.com - EMEA OPN IC • opnlad_ww@oracle.com - LAD OPN IC • opnbr_ww@oracle.com - Brazil OPN IC • prn-apac_au@oracle.com - APAC OPN IC • Additional OPN Information • opninfo_us@oracle.com - Global OPN Email Box

  25. Meet the Partners at Oracle OpenWorld

  26. Q&A

More Related