Cloud 101CircleEventsBlog
Missed CSA's Cyber Monday sale? You can still get 50% off the CCSK + CCZT Exam & Training Bundle and Token Bundle with raincheck code 'rcdoubledip24'

Research Topic

Enterprise Resource Planning

Critical Controls Implementation for Oracle E-Business Suite
Critical Controls Implementation for Oracle E-Business Suite

Download

Enterprise Resource Planning
The move to cloud has at least three advantages when running Enterprise Resource Planning (ERP) applications: faster time to value, increased innovation, and scalability with growth. However, the move to the cloud is still very complex for organizations migrating from on-premise systems. According to a survey from CSA, 64% of organizations were planning or in the middle of an ERP cloud migration project, while 87% percent of organizations were considering ERP solutions plan to use cloud solutions. 

Every Enterprise Resource Planning (ERP) deployment is something that is unique to each organization. In most cases organizations spend months if not years customizing their SAP or Oracle implementations and also spend a significant amount of money with third party contractors to get the implementations done. This makes standard security measures more difficult to implement due to the differences of each deployment. With the complexity of these large implementations, combined with the criticality of data and processes housed in these applications, it is imperative that industry best practices be established to provide companies with security guidelines when migrating to the cloud in order to protect the organization’s critical infrastructure.

There is a need for guidance that addresses specific technologies. 
Security configurations and vulnerabilities for cloud ERP applications can be difficult to navigate as there is currently no framework that aligns with standard controls. Furthermore, ERP applications are so complex and diverse that for any guidance document to be truly useful, from an implementation perspective, there is a need to address specific technologies. To fill this gap, the ERP working group has developed a series of implementation documents that focus on specific ERP technologies including guidelines for: SAP, Salesforce, and Oracle E-Business Suite.


Enterprise Resource PlanningCloud Key ManagementSecurity as a ServiceSoftware Defined Perimeter

Security for Enterprise Resource Planning

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Critical-Controls-Implementation-for-SAP

Critical-Controls-Implementation-for-SAP

SAP security documentation can be difficult to navigate and there are currently no frameworks that aligns with standard controls. This document aims to alleviate that problem by describing the implementation of the Top 20 Critical Controls for Cloud ERP Customer from a technology specific perspective, in this case SAP. SAP customers are extensively migrating to the cloud and will benefit from this document the most.

Top 20 Critical Controls for Cloud ERP Customers

Top 20 Critical Controls for Cloud ERP Customers

Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications. To assist in this process, this paper assesses and prioritizes the most critical controls organizations need to consider when transitioning their business-critical applications to cloud environments. The document also contains an overview of cloud ERP security, control details and associated threats and risks. The 20 controls provided are grouped into domains for ease of consumption, that align with the existing CSA Cloud Control Matrix (CCM) v3 structure of controls and domains. Application controls include: completeness and validity checks, identification, authentication, authorization, input, and forensic controls.

Critical Controls for Oracle EBS

Critical Controls for Oracle EBS

Oracle E-Business Suite (EBS) clients should address cloud migration as much more than a data center migration project. Cloud migration is a significant opportunity to “start over” regarding security by using best practices, tools, services, and techniques unique to the cloud. Moving an EBS implementation to the cloud can significantly strengthen an organization’s security posture. However, deploying EBS in the cloud can also bring severe risks if not done right. This paper outlines 20 critical controls that will help an organization determine what security changes are needed when deploying Oracle EBS in the cloud.

Webinars

Using SDP-based Zero Trust to thwart ransomware attacks
Using SDP-based Zero Trust to thwart ransomware attacks

September 22 | Online

Learn more

Security-as-Code:  What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

Key Considerations to Get Buy-in for a SaaS Data Security Program
Key Considerations to Get Buy-in for a SaaS Data Security Pr...

November 3 | Online

Learn more

Cloud Imposter: Using SSO to Stage a SaaS Invasion
Cloud Imposter: Using SSO to Stage a SaaS Invasion

October 19 | Online

Learn more

Blog Posts

How the CISO Drives Value Across the Enterprise
Build a Strong SAP Security Strategy With the NIST Framework
Unpatched ERP Vulnerabilities Haunt Organizations