Oracle Corp. today announced updates to Oracle Access Governance, its identity governance and administration service that covers both cloud and on-premises environments.

The improvements are aimed at helping information technology teams better assign, monitor and manage user access to applications and other technology resources. Oracle said the cloud-native service provides detailed visibility into how users interact with those resources and reduces risk by allowing only authorized users to see or use restricted assets including source code, patents, databases, applications and infrastructure elements like cloud servers and services.

“Administrators typically have several thousand users and machines to manage; that’s a security risk,” said Leo Leung, vice president of products and strategy at Oracle. “It can get very, very time-consuming to figure out who has access to what across that many people. This uses machine learning to understand users and privileges over time and can look for unusual behavior that should be flagged.” The product works with non-Oracle clouds as well as on-premises infrastructure.

Expanding user base

Oracle said it’s addressing the growing complexity of managing permissions as businesses grant access to contractors, customers and suppliers into their IT systems. Access Governance takes a lifecycle approach that adjusts to roles as they change.

“People oftentimes change roles and access certainly changes a lot over the course of time,” Leung said. “This product is entirely geared toward managing the lifecycle of access.”

New features being announced today help automate the process of managing the identity lifecycle by enabling administrators to grant access to thousands of users at once based on common variables like attribute, role or policy-based access control. It can also automatically grant access through bundles that assign privileges to large groups while maintaining granular controls based on policies and identity collections.

New no-code workflow formation provides a graphical interface that makes it easy for non-IT administrators to visualize and design the access governance processes with tools for incorporating user management and identity collection services into workflows.

Access to newly deployed on-premises and cloud applications can be granted through a wizard-based process that manages user identities centrally and prepares applications for access provisioning by managing and updating information without data migrations.

Keep your own key

In another data protection-related announcement, Oracle said Thales SA will make its CipherTrust Cloud Key Management Hold Your Own Key service available across all 45 regions of Oracle Cloud Infrastructure.

The offering helps OCI customers achieve data sovereignty and other compliance objectives more easily by encrypting data in OCI with keys that are controlled and managed outside of the cloud platform. That’s a particularly important feature for financial institutions that in some cases are prohibited by regulations from entrusting encryption keys to a cloud provider.

CipherTrust Cloud Key Management lets users store keys in a virtual or physical appliance that is entirely under their control and outside of the cloud. They can also localize their encryption keys wherever they choose and maintain control of their encrypted data in cloud environments to meet regulatory audits.

“A lot of these requirements are coming out of the [European Union] where they want a degree of control that is almost completely independent of the cloud,” Leung said. “Customers can now have their keys in a separate location of their choosing. This meshes nicely with our EU sovereign cloud but also works with our other regions as well.”

Photo: Pxfuel