Segregation of Duties for Oracle ERP-HCM Cloud Applications

Seecuring provides Segregation of Duties and Sensitive Access Reviews for Oracle Cloud Applications, delivered through both Technology and a Service, here's why:

Users, Abstract Roles, Job Roles, Duty Roles, Privileges, Abstract Privileges, Data Security Policies, Procurement settings, the list go on, securing your Oracle Cloud Applications involves analyzing many elements. Roles can be buried in Roles, creating layer upon layer of Access to the underlying functionality in the Application. Seecuring works through all of this to give you the most complete picture of whats really going on in your Application - without all the false positives and false negatives.

Security Console

Many Organizations have chosen to implement Oracle Cloud Applications using the delivered (seeded) Roles. The benefit to this approach is that the Application can be deployed quickly without a vast Role Design project. The downside is that many of these Roles contain Separation of Duty violations and access to both configuration and the transaction side.

In addition each new update from Oracle can bring new Risks to these delivered Roles, as updates can be deployed directly to them. This means when the changes hit Production, any Users with these Roles may inherit the new functionality.

Seecuring can assist in the following areas:


Analyzing access to the Sensitive and Critical elements of the Application

* Segregation of Duties and Sensitive Access Analysis

* Review the impact of making changes to your security and make the right decisions to get your Controls and Configurations resolved

* Assign actions to your team for resolving issues

* Create exceptions to Violations, stored and ready to be reported on as part of your Access Certification

* Ensure your issues are being resolved by measuring progress over time, if you need a Role removing from a User.

* Data Security Policy review, ensuring users with PII access are highlighted and any violations against legislation or audit can be remediated.


Patch Impact Analysis

With each new update from Oracle, new functionality is provided. These updates bring in new Privileges and Configuration changes that may also be granted to the seeded/delivered Roles.

If you are using these Roles, then these updates will be inherited by the Users attached to them.


Role Design Services

* a complete library of Roles to be imported and used immediately

* SoD and Access issues can be picked up and resolved before importing the Security


Configuration Review

* for changes made to the Application that may affect the performance of your processes and transactions


The Process

Seecuring is Technology and a Service, we are dedicated to helping you overcome your Security and Configuration issues to get better control over your Applications. Our subscription based approach ensures that you get ongoing support, including ongoing updates to your Segregation of Duties matrix, training and other support.

To find out more you can contact us using one of the methods below:



Contact Us

Resources

Understanding Role Delegations in Oracle ERP/HCM Cloud

Continue Reading...

Fraud and Data Loss - one and the same?

Securing the Financial Close