In the month of November, Enguerrand Blanchy, Oracle’s Head of APAC Cloud Technology, had the opportunity to sit down with Scott Gledhill, Oracle Australia’s new Head of Applications for Public Sector, to discuss security and compliance in the context of Australia public services.

[Engy] Hi Scott, congratulations for your new role heading Cloud Applications for Public Sector in Australia! What keeps you excited after a couple of months in this role?

[Scott] Thanks Engy. Oracle has a long tradition serving government agencies and protecting citizens data. I’m amazed by the extent of Oracle SaaS references with the public sector. We have been at the backbone of global government delivery and initiatives for 44 years. This includes crucial programmes across health, defence, revenue, national security and social services. 

In Australia and New Zealand, Oracle supports the most critical functions of governments in the back office as well as the front office.  My Public Sector team work across all tiers of Government Local, State and Federal.  We have solutions and assets that address government industries such as healthcare, transport, and social services.  We operate across individually contracted engagements as well as a variety of government agreements and purchasing panels.

I certainly am excited to be part of a talented team that can address a wide variety of issues faced by governments with the best engineered products on offer.

[Engy]  What business value can Oracle Cloud Applications bring to public services agencies?

[Scott] Delivery of public sector services is transforming due to big shifts in citizen expectations, sustainability issues, urbanization, demographics, and workforce. And Covid obviously has had an accelerating impact on these drivers.  To support the dynamic environment of the Public Sector, Oracle cloud applications offer a fully integrated suite that serve to address both the back end and the front end of Government operations.  The applications are cloud native and are based on a single data model.  We often refer to them as Oracle Fusion Applications.

The Fusion Application suite offers a modern back-office spanning Enterprise Resource Planning (ERP) and Supply Chain Management (SCM).  It also covers Human Capital Management (HCM), including core HR, payroll, workforce management and talent management.  Lastly, and very importantly Fusion Applications deliver a modern front office to address the needs of citizen centric government organisations.  The Fusion customer experience application (CX) address the problems of citizen experience, case management, service delivery and marketing capabilities.  The CX stack has just been enhanced by the award-winning Redwood Design System user interface that brings state-of-the-art, consumer-grade user experiences to business applications, available across any device. Lastly, we also offer a suite of enterprise performance management (EPM) applications.

Fusion Applications are modular and you can choose to implement in phases. Over time you’ll get a complete, unified solution continuously being refreshed through 4 releases per year.  You can start implementing a business process, like procurement, knowing that later you can extend to additional areas, like financials or recruitment. As they share the same data model, integration between Fusion Applications is very easy.

Oracle Cloud Applications are available on OCI. Engy, could you explain what value OCI brings to our SaaS customer?

SaaS on COI

[Engy] You are right, Scott, Oracle Cloud Applications are available on Oracle Cloud Infrastructure (OCI). We have 40 OCI cloud regions globally including two in Australia: Sydney and Melbourne.

In the SaaS model the fact that Oracle controls the infrastructure, platform and application layers provides customers with significant security, performance, and innovation advantages:

Let me illustrate with 3 examples of improvements we’ve recently delivered:

  • Oracle SaaS target uptime SLA increased from 99.5% to 99.7% a couple of years ago. And from this year we have been offering a 99.9% SLA.
  • With the launch of Cloud Guard Fusion Application Detector, customers can get insights into potential threats, policy violations and sensitive data changes to act on them before they turn in to security incidents.
  • As a part of our Defense in Depth strategy, Oracle Fusion Applications on OCI are deployed with WAF for Fusion to help protect against DDoS and OWASP 10 threats

[Scott] Thanks Engy. When I speak to Public Sector executives, they often ask me about their need to comply with government cybersecurity frameworks and standards like Essential Eight and IRAP, what can you say about those?

 

[Engy]  The Australian Signal Directorate (ASD) effectively recommends that all Australian organisations implement the Essential Eight framework for best cybersecurity practice. What’s more, PSPF Policy 10 has been mandating that all Commonwealth Non-Corporate Entities achieve Essential Eight at Maturity Level 2 or Level 3 since 1st of July 2022. However ANAO reported in June 2022 that agencies had shown an ongoing weakness in implementing and maintaining strong cyber security controls over time, and that “reported maturity levels for most entities were still significantly below the Policy 10 requirements”.

Oracle Fusion applications have been IRAP assessed since 2017. The latest 2022 Fusion IRAP assessment was assessed against the ISM controls at the Protected Level. In this IRAP report, the independent assessor added that both Oracle Fusion and EPM services were assessed to achieve Essential Eight Maturity Level of 3, with no variations. I think this is great news because Level 3 is currently the highest maturity level you can achieve with Essential Eight.

Oracle Fusion and EPM customers can also access latest available attestations from our global cloud compliance programme e.g. ISO 27001 certificate or SOC reports.

Of course, getting access to formally assessed SaaS services are only part of the equation for government agencies wanting to address their own regulations and standards. SaaS customers also need to look after how they configure those SaaS services, including their own users’ identity and access, their integration with 3rd party applications, and their end user devices.

With this context in mind, we believe that Oracle Fusion and EPM SaaS applications can help government agencies improve their security and compliance posture by starting their journey with a strong and secure foundation.

Scott, what advice would you share with government agencies looking to adopt Oracle SaaS applications? Where should they start?

[Scott]  We would encourage people to contact either the Oracle Applications Public Sector team directly or speak with one of our many partners.  We can discuss how we can help address issues and deliver superior services while at the same time deliver the level of security the community expects when utilising Government services.