Oracle Fusion Middleware Edition
Oracle Corp
June 2012 Stay Connected: Blog Facebook Twitter Youtube
Back to the main page
Put Enterprise Security Nightmares to Rest with a Declarative Solution

Security breaches can be a nightmare for any organization, particularly the kinds of breaches that can be traced to weaknesses in application access control strategies. Three key challenges are driving organizations to use smarter access control strategies to secure enterprise software stacks.
  • More-stringent regulatory requirements. Regulations are becoming more complex and stringent. Enforcing modern regulatory mandates often demands enforcement of segregation of duties and ethical boundaries, in addition to auditing of access. For example, a financial services company can enforce policies that restrict a trader’s transactions to customer accounts by region, trading exchange, time of day, and customer’s net worth. Similarly, a healthcare organization can limit a doctor’s access to a patient’s records to only those that are applicable to his or her current ailments.
  • Fragmented security policies. Many homegrown applications have authorization policies hardwired into the business logic, which means applications have to be retooled in response to evolving security and regulatory considerations. This not only complicates the application development lifecycle but also results in diminished service levels.
  • Dynamic access control for heterogeneous systems. Traditional solutions do not address the fundamental need to protect applications and data based on the runtime context of access. And since organizations rely on a variety of heterogeneous systems, authorization solutions need to be able to integrate with multiple systems, including applications, Web services, databases, and portals.
“Today, when developers build applications, transaction control and authorization is often hard coded. Instead of building security policies and authorization directly into the application, declarative security makes it easy to manage security policies centrally. Declarative solutions externalize and centralize authorization policy definitions, allowing companies to set up extremely rich policy definitions on the basis of context, attributes, roles, or runtime conditions,” says Bharath Shashikumar, principal product director, Oracle.

As a result, companies are increasingly turning to authorization solutions that use a declarative security model, such as Oracle Entitlements Server. An April 2012 product review from SANS Institute, Demystifying External Authorization: Oracle Entitlements Server Product Review, drives home the importance of externalizing authorization from applications, Web services, portals, and databases.

“The ability to centrally manage access down to the specific resource level has in the past seemed unachievable beyond a system-by-system basis. An integrated tool that does not require changes to applications is a welcome improvement in administration and risk management,” notes the report, authored by Tanya Baccam, senior courseware author, SANS. “Oracle Entitlements Server made the process of controlling access easier—and more manageable across multiple applications and scenarios within those applications—with no retooling of applications required.”

Oracle Entitlements Server delivers an external authorization solution for the entire software stack, allowing companies to secure different ecosystems, such as third-party applications, SOA Web services, databases, portals, and home-grown applications, and centrally manage authorization policies for those ecosystems. Moreover, the solution is massively scalable, so mission-critical applications can enforce authorization decisions in real time. 

The SANS Institute review summarizes the benefits: “Products such as Oracle Entitlements Server not only secure the enterprise, but also reduce the burden on application development teams—which means companies investing in this technology will get security benefits and a strong ROI. Overall, we felt this technology was mature for broad industry adoption.”

Download the full SANS Institute product review of Oracle Entitlements Server.

Back to Top
Oracle Information InDepth newsletters bring targeted news, articles, customer stories, and special offers to business people who want to find out how to streamline enterprise information management, measure results, improve business processes, and communicate a single truth to their constituents.

Please send questions or comments to

For answers to questions about subscribing, unsubscribing, and managing your Oracle e-mail communications preferences, please see the Oracle E-Mail Communications page.

Copyright © 2012, Oracle Corporation and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.