Our guest authors this week are Chirag Andani, Oracle SaaS Security Services, Vice President, and Atul Goyal, Oracle Identity Cloud Service, Sr Principal Product Manager.
Secure your deployment of Oracle Fusion SaaS
You might be among the thousands of Oracle application customers who are embarking on a journey of cloud transformation by rapidly adopting for HCM, ERP, Sales, CRM and Marketing business processes. Mobile devices and the cloud platform have undeniably altered the traditional network perimeter. Your IT professionals can no longer assume trust across the stack as resources are available from anywhere and from any device.
As you adopt an API-first approach to provide business value to your partners and consumers, you need to understand what threats and vulnerabilities these APIs may expose. Identity becomes the new perimeter in this business transformation.
Built in security
With an open standards identity platform powered by SCIM, OAuth and SAML, provides built-in security for the Oracle Fusion SaaS stack and the extensions built by customers. The Identity Cloud Service ensures that the right people have the right access to the right resource in the right context at the right time across Oracle SaaS applications. This ensures governance, compliance and risk aware security for applications, while maintaining improved productivity via automation and multi-channel access. We like to call this risk aware access, where identity is the core component in managing and reducing risk (as shown in the graphic below).
In a risk aware access scenario, there are three key areas in which Oracle Identity Service (IDCS) secures your Oracle Fusion SaaS deployment:
Enables hybrid deployment and multi-channel access. You can enable integration with on-premises LDAP and active directory by federating identities from either your on-premises or other cloud providers like Azure AD using SAML 2.0. By centralizing user and entitlement management across different SaaS properties through provisioning and lifecycle workflows, you can eliminate human errors, improve productivity, and provide a single pane of glass for auditors. Additionally, you can enable multi-channel access by enabling web, bots, and mobile channels through modern authentication standards, like OAuth 2.0.
Enforces context and risk aware security. By using password-less authentication, you can reduce breaches and credential phishing. You can also use location, context, user, and device information to determine risk. You can further define adaptive policy and secure end-user and administrative access via Adaptive multi-factor authentication. And at the development layer, you can enforce API security using standards such as OAuth token policies.
Ensures governance and compliance. We always recommend that you use the available rich reporting capabilities to perform periodic reviews of user’s access and to automatically block access for high-risk users. You can easily enable and automate access and revoke process when users are on- and off-boarded via HR integration. This configuration provides a single pane of glass for users and roles across SaaS and hybrid applications.
Use these principles to plan your deployment
As you move your applications to cloud, you need to take a risk aware access approach. We recommend using the following principles in your planning to ensure a successful deployment with an optimized access strategy: