5 Tips to Get Oracle Cloud Security Done Right

By Zsolt Varga posted 10-26-2020 07:31 AM


Is data in the Cloud secure? In short, the answer is yes, due to the improvements that have been made in Cloud security. In fact, Cloud servers often have more layers of security to protect data than companies can independently provide for on-premise servers. However, that’s not to say that there are no security concerns when shifting to a Cloud solution.

Data breaches still happen, but they are overwhelmingly the result of human error or unauthorized access rather than a weakness in the database itself. For this reason, companies need a well-designed, proactive plan for meeting compliance requirements and granting user access as they integrate Cloud applications with other company systems.

Oracle Cloud: Keys to Successful Role-Based Security Setup

Oracle Cloud meets this need with a role-based security design that includes both functional access and data access. Security policies and privileges can be customized based on the needs of your organization and can also scale with your company as it grows, creating a flexible security setup that meets both business objectives and compliance requirements.

 As you configure your security access rules, keep these five tips in mind: 

  1. Single Sign-On (SSO) and Active Directory – You can configure SSO to synchronize users with Active Directory so you can integrate your Oracle Cloud application with other on-premise company systems. Users will log in with a single username and password according to role-based access controls.

  2. Company Size and Audit Requirements – Choose security configurations based on company size and private/public audit requirements. Business objectives should align with audit objectives to maintain strong internal controls and minimize risk. For some companies, standard job roles provide adequate Segregation of Duties (SOD) and there is no need for customization. However, companies with stricter audit and SOD requirements will need to create custom job roles.

  3. Adequate Planning – As you structure job roles and grant appropriate data access, spend adequate time planning the details of user job role assignment. If you decide to pursue custom job role configuration, then job roles should be constructed from available duty roles and standard privileges based on detailed business requirements. This enables users to access objects, data, and functionality within the application.

  4. Security Setup and Implementation Scope – Security setup is different for Human Capital Management (HCM) applications as compared with Financials & Supply Chain Management (FSCM) applications. HCM relies on abstract roles, data roles, and security policies in addition to job roles. By contrast, FSCM relies exclusively on job roles (either standard or custom) and data access configuration. HCM and various modules of FSCM can be implemented as free-standing applications or combined as one totally integrated application. This means security design will be different based on the differing implementation scopes.

  5. Automatic Role Assignment – Oracle Cloud has introduced automatic role provisioning functionality, which utilizes role-mapping rules. Based on these rules, the system assigns roles (for HCM & FSCM) to users automatically when the hiring process is completed in HCM. Because there are some limitations of this functionality for ERP Cloud, you will want to assess and compare the effort of maintaining role-mapping rules with the effort of handling assignments manually.

 Flexible Security Access in Oracle ERP Cloud

 Oracle’s security model for ERP Cloud gives companies extensive customization options. Access can be configured both at the role-level and at the user-level so that jobs inherit security policies and privileges, but data access can still be customized for specific users. While this configuration can be a labor-intensive process, in the end it delivers a highly flexible, scalable security protocol that supports compliance requirements and meets the long-term needs of the organization.

 About the Author:

Zsolt Varga is a Project Manager and Solution Architect with professional experience since 2005. His areas of expertise include leading numerous projects, applications architecture and business analysis. Zsolt is experienced at coordinating all aspects of design and implementation of many Oracle application modules including Financials, Order Management, Supply Chain, Projects, Budgeting, and Human Resources.

Zsolt has hands-on experience implementing Oracle Cloud Financials and recently presented educational sessions on Oracle Cloud Financials and Oracle Cloud Security at local and national OATUG conferences.