Discuss this topic in Circle
Have an interesting article or video on this topic that you want to share? Anyone can join the discussion community for this topic to share ideas or ask questions.View discussion community
Participate in Enterprise Resource Planning Research
The Enterprise Resource Planning (ERP) working group seeks to develop best practices to enable organizations that run their business on large ERP implementations, such as SAP or Oracle applications, to securely migrate to and operate in cloud environments.
|Avoid the Hidden Challenges of Data Migration||Datanami||February 08, 2022|
|How To Plan A Pain-Free Cloud Migration||Forbes||May 18, 2022|
Security for Enterprise Resource Planning
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
SAP security documentation can be difficult to navigate and there are currently no frameworks that aligns with standard controls. This document aims to alleviate that problem by describing the implementation of the Top 20 Critical Controls for Cloud ERP Customer from a technology specific perspective, in this case SAP. SAP customers are extensively migrating to the cloud and will benefit from this document the most.
Top 20 Critical Controls for Cloud ERP Customers
Most organizations are migrating business-critical applications to a hybrid architecture of ERP applications. To assist in this process, this paper assesses and prioritizes the most critical controls organizations need to consider when transitioning their business-critical applications to cloud environments. The document also contains an overview of cloud ERP security, control details and associated threats and risks. The 20 controls provided are grouped into domains for ease of consumption, that align with the existing CSA Cloud Control Matrix (CCM) v3 structure of controls and domains. Application controls include: completeness and validity checks, identification, authentication, authorization, input, and forensic controls.
Critical Controls for Oracle EBS
Oracle E-Business Suite (EBS) clients should address cloud migration as much more than a data center migration project. Cloud migration is a significant opportunity to “start over” regarding security by using best practices, tools, services, and techniques unique to the cloud. Moving an EBS implementation to the cloud can significantly strengthen an organization’s security posture. However, deploying EBS in the cloud can also bring severe risks if not done right. This paper outlines 20 critical controls that will help an organization determine what security changes are needed when deploying Oracle EBS in the cloud.