Advice and Information for Finance Professionals

Why Finance Security Starts in the Cloud

Guest Author
This is a syndicated post, view the original post here

Contributed By: Vikram Kunchala, application security leader for Deloitte Cyber and principal in Deloitte & Touche LLP, and Jonathan Martin, senior manager, Deloitte & Touche LLP

In today’s “everything-is-connected” world, the reach of cyber goes way beyond IT. Cybersecurity has become a business-critical capability with the power to drive – or, if mismanaged, derail – the competitive prospects of a business. Increasingly, successful digital transformations require a holistic cyber strategy that engages the entire business, not just IT, and focuses on more than just risk mitigation, compliance, and the cost of a breach. Today’s business leaders are discovering that the more valuable role of cyber is to help secure and advance their enterprise’s growth and innovation objectives with a “cyber everywhere” approach. However, many organizations have yet to embrace this broader perspective.

This view is supported by Oracle’s ongoing conversations with clients – and by Deloitte’s latest Future of Cyber Survey of 500 C-level executives who oversee cybersecurity at companies with $500 million or more in annual revenue.

The survey revealed that executives remain keenly focused on cyber, with 49% of respondents, a plurality, citing “cybersecurity vulnerabilities” as their top concern. Yet, the overwhelming majority of these cyber executives (90%) say they’re not putting a significant portion of their cyber budgets (less than 10%) behind digital transformation projects – projects such as cloud migration, AI-driven products, and SaaS solutions –areas where cyber vulnerabilities can be readily addressed.

Furthermore, only 30% of the respondents indicated their organizations have integrated some form of cyber “liaising” into their core business functions to facilitate cyber awareness and readiness throughout the organization. This means that for the majority of companies, cybersecurity remains almost exclusively a concern of IT, which could undermine cyber’s potential for accelerating digital transformation and innovation across the rest of the business.  

Unleashing cyber’s full potential

In our client base, we see the tide beginning to turn as more businesses wake up to the power of cyber to drive growth and innovation. We saw this firsthand at a recent engagement at one of the world's largest logistics companies, where the adoption of advanced cybersecurity solutions is helping the company unify global operations on a single Oracle ERP Cloud and capture synergies from its global acquisitions.

The logistics company had recently completed an acquisition of a big competitor, and executives were committed to integrating both entities on a single platform to generate savings and facilitate growth. They saw the acquisition as an opportunity to drive a major business transformation that would include simplifying its heterogeneous, on-prem IT environment and moving to a modern, secure cloud environment.

Deloitte was brought in to evaluate the company’s existing environment and help it reorganize core ERP processes, including finance and procurement, to create an optimal digital transformation pathway and take full advantage of the native capabilities of Oracle ERP Cloud. The multi-year journey encompasses quick adoption of key emerging and disruptive technologies—such as robotics, cognitive, and analytics—to pave the way for modern finance in the digital world.

As the company accelerates adoption of Oracle ERP Cloud, however, its information security and compliance organizations have been challenged to adapt to a more complex threat landscape. So with Deloitte’s help, the logistics leader reengineered its cyber strategy, moving from an IT-centric to an enterprise-wide approach to cyber-risk management. The goal: to enable a scalable and sustainable security model that would strike a balance between business, compliance and statutory requirements across multiple geographies.

Our team worked with the company to help it address a range of cyber risks, designing and building solutions focused on application security, identity governance, infrastructure security, and data privacy and protection. To the extent possible, the cyber solutions were standardized for easy maintenance while allowing for local and country-specific variations in security requirements, such as data privacy. We engaged business and compliance stakeholders early in the implementation and socialized the Oracle Cloud ERP security architecture with administrators to ease adoption of the new ERP.

Cloud governance council

One of the success factors was the creation of a cloud governance council spanning multiple business functions. This cloud governance council brings together leaders from IT, audit and compliance, and relevant lines of business to ensure that cyber capabilities, processes and technologies can meet the company’s current and future business needs and quickly scale and adapt to help the company take advantage of emerging opportunities.

The company is anticipating a range of operational benefits from the cloud-based cyber initiative, including:

  • Easier security maintenance with streamlined and standardized custom roles
  • Zero unmitigated role-level segregation of duties (SOD) violations (achieved in first two deployments)
  • Easy extension of the security model to new markets (facilitating growth)
  • Enforced environment configuration integrity
  • Faster user-access provisioning with intelligence to inform decision making
  • 88% faster SOD analysis
  • Improved risk analytics to detect unauthorized transactions and disbursements
  • Automated threat detection and security analytics

When the company completes its move to a single Oracle ERP Cloud platform, it will unite more than 100,000 users around the world and create a secure, agile, and compliant environment for propelling further growth and innovation and readying them to face the realities of “cyber everywhere”.

Learn more about how Deloitte can help you create a holistic cyber strategy to help secure your ERP cloud and extend the digital core to help your business grow and innovate.

Join the discussion

Comments ( 1 )
  • Aditya Bhelke Wednesday, April 29, 2020
    With more and more enterprise applications moving or even getting born on the cloud, securing the cloud estate has become a critical aspect of the entire functional security aspect. These functional aspects not only span Financial but also other functional like HR, Sales, Engineering, Customer Experience, End user computing etc.
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.