Cloud Security Perspectives and Insights

Is your Cloud ERP Heading for a Heartbreak Hotel Moment

Greg Jensen
Sr Principal Director - Security - Cloud Business Group

It’s that familiar IT analogy that “Elvis has left the building in the context of, your enterprise data has left your data center, and is now in the cloud. It’s more true than ever before. What we are seeing instead is the rush to cloud, without all the pieces in place, is leading to heartbreaking results when increased risk is transferred into the cloud and amplified.

This week marks the kick-off of Oracle’s Modern Customer Experience Conference (MBX). This includes a phenomenal collection of attendees, partners and solution providers all centered around business-critical cloud solutions such as ERP, HCM, SCM and CX.   While these solutions are built around amazingly sound, secure, high performing cloud environments, there is always opportunity for fraud and risk that require a second look at the controls we place around these platforms.

Many know Brian Jensen (KPMG) and I as the co-authors behind the Oracle and KPMG Cloud Threat Report that we publish each year. No, we are not related, but we share a common concern from two unique perspectives. My cyber background paired with his background in ERP risk controls. Together we have been able to help elevate the conversation around what are the risks we are seeing around today’s business critical applications and how should businesses prepare? 

Below are a few of the topics Brian and I will discuss in April as KPMG hosts their ERP Risk Series: Oracle and KPMG Cloud Threat Report 2019Register for this now!

  1. Buy your CISO a coffee – The best $5 you can spend is to share a coffee with the person who can make you very successful within your line of business. Get to know the CISO priorities, but more importantly, educate them on yours.  Today’s CISO is not about saying “No”, they are about saying “Yes, but let me help you get there faster….and safely”.
  2. Identify your cloud quarterback – Every successful team needs a leader on the field who is organizing, driving strategy, interpreting the calls played and what it means on the field. This is the role of the Cloud Security Architect who is enabled and empowered by the CISO to drive security, privacy, data protection and risk programs. They are also focused on ensuring all LoB programs are engaging SecOps up front and meet key requirements before go-live.
  3. Know Shared Responsibility – 90% of CISOs, 75% of CIOs and 54% of SaaS teams are unsure about their role in securing the apps vs the cloud provider. Address this across ALL cloud services. Pull out the contracts, talk to your providers quarterly, understand the SLAs and identify the gaps where you are putting your company and customers at risk.
  4. Revitalize the Lunch and Learn – The lowest cost impact you can make to the organization is a round of pizza once a month, in exchange for asking them to sit down, and take notes on safe practices at work.  Phishing scams that target employees that have access to business applications is on the rise. Educating your staff on the risks, how to report and safe practices is a great starting point.

This week is a busy week for many at Oracle’s MBX. Make sure you register for next month’s session with Oracle and KPMG as we walk thru some of the key findings in the new Cloud Threat Report, and what we learned that will change the way you approach your upcoming enterprise application strategy. 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.