With Cloud based Applications you benefit from having updates and fixes deployed to your Environment without the IT overhead and time to deploy - it's done for you.
At this point, the responsibility is on you to analyze and test the incoming changes in your non-Production Environment before it goes to Production.
This constant change provides challenges for organizations who need to ensure these changes are evaluated for both benefit and risk.
We placed a poll on Linkedin recently asking what the hardest part of managing these patches is:
So with time being the biggest factor related to managing these application updates, how can we help get that down?
Without an analysis of the impact of new Updates, how can you be sure of the changes, opportunities and Risks to your Applications and Business?
In the first quarter of 2024 we reviewed the latest update from Oracle (release 24A) and went 'under the covers'. In summary we found a lot of changes to the application:
* Over 100 New Privileges.
* Over 70 new Roles.
* Over 230 New Privilege to Role assignments, of these over 140 are existing Privileges (from a previous release) that are now assigned to a role in 24A.
* 130 new Role to Role assignments. These changes involve Oracle attaching Roles to other Roles. This can have a significant impact to your access model, users may inherit a Role that has other Roles and Privileges attached. This significantly increases the risk of users gaining far too much access, and without effective awareness, or change control.
An example of a new Privilege has been the expansion of Data Security around Elements in HCM Cloud. Changes have been made to Financials too, with the ability to segregate the person importing Asset details from the person posting them.
These changes have had a significant impact on the application and customer environments, particularly if the delivered roles are used. If you are using the delivered roles, these changes above are being automatically applied.
Are these changes something you want, and want to happen every quarter?
Seecuring offers Patch Impact Analysis, a comprehensive solution for identifying incoming changes and removals from your Environment. this process sits alongside:
* Identifying new functionality that creates risk.
* Analyzing new access to sensitive functions of the application.
* Segregation of Duty violations.
* Changes to Privileged accounts.
* Changes to access as a whole.
* New configurations that change the way transactions operate.
Save time and create assurance with our Application Patch Impact Analysis, and Role Design solutions from Seecuring.