IT security is not just a set of products and tools arranged in a manner to protect different layers of the enterprise technology stack. It is a process. Security is only created by you, your teams and your people following processes. I recently had the opportunity to tell this story in an interview with Oracle Magazine, Onapsis Puts the Process of Security to Work for Oracle E-Business Suite.
Securing ERP systems like Oracle EBS presents its own unique challenges and must follow a process. This is where we started our conversation as we discussed the difficulty of securing ERP systems because of their complexity and the fact that ERP systems are increasingly under attack. A great point of reference that we have is a report Onapsis released with Digital Shadows that highlights a DHS US-CERT Alert on malicious cyber activity targeting ERP applications. In short, ERP applications are under fire and traditional perimeter and database security tools and processes are not enough to keep Oracle EBS secure.
To address security for ERP systems, I suggest that organizations must establish their own process for ERP security and put it into practice. Much of the core business of any organization is supported on your ERP system. In the example of Oracle EBS, you’re running your financials, HR, manufacturing, ordering, supply chain and much more. These are the most important applications of your business and where the crown jewels of your company are located. When creating your ERP security process, you need to ask what risks you are willing to accept to keep your business secure and compliant. What is important to you and what would a disruption to your ERP system mean to your business.
Often these processes involve the use of tools, but ultimately, security is created by humans making decisions. With regard to security tools, I point out in the interview that Oracle has had a focus on security since its start with a research project for the CIA. Oracle has many security tools that are both certified for securing ERP systems and complementary with our Onapsis Security Platform (OSP). But while Oracle does offer up these security tools, the biggest challenge is providing visibility and understanding across the teams that are all ultimately responsible for protecting Oracle EBS. This is where OSP shines and provides value to you.
We close the interview by providing security strategy recommendations for organizations wanting to establish their own process of security for their ERP systems. Part of these recommendations is getting started with Onapsis and working with us to understand your Oracle EBS security and compliance risks.
*** This is a Security Bloggers Network syndicated blog from Blog authored by ruxbaum. Read the original post at: https://www.onapsis.com/blog/process-security-work-oracle-ebs