Reduce License costs and increase security in Oracle Applications
Seecuring
12 views
29 slides
Aug 14, 2024
Slide 1 of 29
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
About This Presentation
Great security can lower your license costs. In this document we look at how the efficient use of security in Oracle ERP/HCM Cloud can restrict not only access, but license usage. By reducing your security footprint, the chances of over using licenses is significantly reduced. Many delivered securi...
Slide Content
How security can help lower your licensing costs in Oracle ERP/HCM Cloud
Working on Identity , Access, Security, Internal Controls, Audit & Compliance since 2003. [email protected]
Seecuring supports organizations through evaluating and assisting in audit, security and controls, including: Segregation of Duties. Sensitive Access. Patch Impact Analysis. Pro-active and Detective testing, ensure security goes in clean. Provided as a service from training through to controls evaluation.
Applications supported Oracle ERP/HCM Cloud Workday Salesforce MS Dynamics E-Business Suite SAP Concur Peoplesoft JD Edwards Oracle Edge Applications Yardi
The developing application landscape Over 50% of Applications are now deployed without IT (and perhaps the associated asset management procedures?) The average Enterprise has over 400 Applications. Shadow Applications has become a major concern for Executives. https://www.ciodive.com/news/app-sprawl-saas-data-shadow-it-productiv/606872/
The developing application landscape – PART 2 As customer acquisition slows, vendors will look to raise more revenue from existing customers. Additional Services. Additional Modules. Auditing usage. AKA Licensing.
The developing application landscape – PART 2 As customer acquisition slows, vendors will look to raise more revenue from existing customers. Additional Services. Additional Modules. Auditing usage. AKA Licensing.
Cloud applications allow easy expansion without installing the additional modules = Increased Risk of usage without authority
Licensing in Oracle Oracle has a licensing department, but no word on efforts for ERP/HCM licensing.
So how can good security help with licensing in Oracle ERP/HCM Cloud? (lets not also forget CX Cloud)
Controlling user counts. Controlling who can enable new features. Effective security design.
Controlling user counts. The importance of auditing access. How are you onboarding? 47% of Companies struggle to onboard because of IT processes. https://www.strongdm.com/blog/employee-onboarding-statistics.
Controlling user counts. Inadequate Offboarding may leave you with license overage (as well as security risks) Forty-two percent experienced at least 5% of instances of unauthorized access to SaaS applications and cloud infrastructure due to deprovisioning deficiencies of former workers; one-fifth had more than 10% such instances; and 17% didn’t know the extent of unauthorized access stemming from incomplete deprovisioning of employees and contractors. https://venturebeat.com/security/why-inadequate-automation-of-onboarding-and-offboarding-results-in-security-risks-and-data-loss/
Controlling user counts. Suspending a user = user no longer has roles or has been manually suspended. Don’t rely on this. Locked = the account is locked, usually because of entering a password too many times. Don’t rely on this. Active/Inactive = the best way to ensure access (or not to the application)
2. Controlling who can enable new features. Navigator -> My Enterprise -> Offerings Many new features can be enabled following a patch. Access to this feature, (license impact or not) should be secured. Enablement should go through change control for accountability.
3. Effective Security Design Oracle stores data related to Privileges and the services they are associated with. The delivered Roles have Sensitive Access and Segregation of Duty issues. Roles are most often over provisioned.
3. Effective Security Design Oracle stores data related to Privileges and the services they are associated with. The delivered Roles have Sensitive Access and Segregation of Duty issues. Roles are most often over provisioned.
3. Effective Security Design They say a picture is worth a thousand words: Roles ‘can’ consist of other sub roles, Duty Roles and other Job Roles. Job Role – General Accountant Duty Role – Period Close Management
3. Effective Security Design
3. Effective Security Design Receiving Transaction Maintenance Role SoD : Can create and maintain AP Invoices and Receive Transactions Holds license for ERP and Supply Chain
3. Effective Security Design Receiving Transaction Maintenance Role SoD : Can create and maintain AP Invoices and Receive Transactions Holds license for ERP and Supply Chain via the Privileges in conflict
3. Effective Security Design Delivered Roles provide the opportunity for license over use due to over provisioning.
Custom Roles Vs Delivered/Seeded Roles Custom Roles provide the opportunity to take back control. Delivered Roles are (again) over provisioned, and are updated by Oracle.
Delivered Roles had the following changes (23B) Over 130 New Privileges. 255 New Privilege to Role assignments (84 are existing Privileges). 160 Role to Role assignments. 58 New Data Security Policy assignments. 124 New Profile Options.
Seecuring Provides reviews of Segregation of Duties, Sensitive Access, Change and License analysis as a Service.
Seecuring No software to install, integrate and no need to ‘open up’ your applications. We provide the technology and services to support your organization’s internal control goals.
Contact [email protected]
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 12
- Slides 29
- Favorites 1
- Age 477 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
31 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
32 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
31 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
27 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
29 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
33 views