A Battle-Cry for Oracle EBS Security

Remember the Alamo! OK, I had to do that after returning from last week’s OATUG Collaborate Conference in San Antonio. Maybe the battle-cry for those who work with the Oracle E-Business Suite (EBS) should be “Remember Security!” Corny, yes, but what we heard while talking to attendees on the show floor and in our four sessions is that security for Oracle EBS is still challenging.

Security Matters for Oracle EBS
Keeping Oracle EBS and applications patched and making sure configurations are in a secure and compliant state is an important part of your jobs. Request from IT security and audit and compliance teams to remediate critical issues and provide reports to prove compliance add to your workload. Our theme for Collaborate “Security Matters for Oracle EBS” resonated well with everyone we talked with.




Some Highlights and Things We Learned:

  • There is not a great sense of urgency to move Oracle EBS and applications to the cloud. For customers who are heavily invested in on-premises Oracle EBS, they got good news at OpenWorld that Oracle would continue to invest in EBS and provide premium support until 2030. In our conversations at Collaborate, we learned that manufacturing companies using Oracle EBS and its manufacturing modules are not moving to cloud any time soon. These implementations are highly customized and complex, integral to the business, and Oracle has yet to build out SaaS offerings for manufacturing. This further emphasizes risk and the need for security.
  • Internal threats including fraud are a growing concern. Our friends at ERP Risk Advisors pointed us to an Association of Certified Fraud Examiners’ (ACFE) report that estimates a typical organization loses 5 percent of its annual revenues to fraud. In conversations at Collaborate, we heard fraud is a real concern. Much of an organization’s financials flow through its ERP systems. If access rights and configuration settings aren’t locked and continually monitored, internal fraud is a legitimate problem that can be costly to the organization.


Four Conference Sessions Presented
For those of you who attended the sessions and those who could not make it to Collaborate, you can download the sessions slides below. 

Oracle E-Business Suite: Key Audit and Compliance Advantages to Running in the Cloud
Mike Miller, Product Architect, Onapsis

Steps to stay Secure with Security Configuration Console in Oracle E-Business Suite
Mike Miller, Product Architect, Onapsis and Cristian Peque, Oracle Security Specialist, Onapsis

Hackproofing and Protecting Oracle E-Business Suite
Mike Miller, Product Architect, Onapsis and Jeffrey Hare, CPA, CIA, CISA and Founder and CEO of ERP Risk Advisors

How to Implement Oracle Critical Patch Updates for EBS
Mike Miller, Product Architect, Onapsis and Cristian Peque, Oracle Security Specialist, Onapsis

Thanks to everyone who attended our sessions and visited us at our booth. It was a pleasure talking to you about how we can help you protect your Oracle EBS environments and applications from constant internal and external threats. If you’d like to see a demo or learn more about the Onapsis Security Platform, let’s schedule a time today.