Everyone gives lip service to the importance of security, but it’s often relegated to the back-burner in actual practice. For example, my anecdotal experience is that when conference attendees are polled about Critical Patch Updates, usually fewer than 50% of the respondents state that they’re up-to-date on the latest CPU. One potentially complicating factor is that there are many things that one can do to secure the E-Business Suite, and it may be hard to know where to start. At minimum, all Apps DBAs should be intimately familiar with these documents:
There are many other security-related Oracle products that you can use with your E-Business Suite environment, too. Eric Bing and Robert Armstrong profiled all of the latest security-related tools and options that are relevant to E-Business Suite users in their recent OpenWorld 2009 session:
Eric and Robert cover the following topics in their presentation:
Business drivers and security challenges
Database Defense-in-Depth
Options for monitoring, access control, and encryption & masking
End-to-end security strategies
Building a secure E-Business Suite configuration
Password policies for Apps and DB accounts (and reference notes)
Security profile option settings and recommendations
FND Validation Level feature
Fixed Key profiles
Non-reversible password hashing
Externalizing EBS security from the apps tier
Apps schema access via SOA Suite Apps Adapter
Application Data Source implementation
Java Authentication & Authorization Service (JAAS) for E-Business Suite
Using Oracle Access Manager
Other EBS security integrations and technologies
Oracle Audit Vault and client identifiers
Oracle Database Vault and segregation of duties
Oracle Transparent Data Encryption (TDE) for columns and tablespaces
Oracle Label Security (OLS) and Virtual Private Database (VPD)
Future directions for E-Business Suite security
Listening to the Session If you registered for OpenWorld, here’s a link to the OpenWorld On Demand page where you can download the presentation or listen to the live recording of this session. Related Articles
Steven Chan was a Senior Director in the Oracle Applications Technology Group. He managed EBS technology stack certifications, ATG product management, ATG documentation and curriculum, and ATG Quality Assurance in the E-Business Suite Development division.
Steven joined Oracle in 1998. Steven retired from Oracle in 2019. Prior to joining Oracle, he held positions with IBM, Deloitte & Touche Consulting, and other software companies.
Steven is an Oracle ACE and a three-time recipient of the Oracle Applications User Group 'Ambassador of the Year' Award (2007, 2009, 2010). Steven received the Oracle Applications User Group Lifetime Service Award in 2011.
