Oracle® Retail Predictive Application Server and Applications Cloud Edition Security Guide Release 23.1.201.0 F80663-01 |
|
Previous |
Next |
The Oracle Retail Predictive Application Server Cloud Edition (RPASCE) is a platform that provides a set of common components used by a number of applications (solutions). For these solutions, RPASCE provides the infrastructure needed to store, process, and produce information based on data input by the retailer.
This guide discusses security considerations pertaining to the end user maintenance of an RPASCE Server application and the users of an RPASCE application.
The following section provides a brief introduction to RPASCE and its terminology.
RPASCE: A platform that provides a foundation to run solutions used for retail planning. RPASCE provides those solutions with a common interface based on wizards, templates, workbooks, and batch processes.
RPASCE Solution: An application running on top of RPASCE that provides solutions for retail activities such financial planning or forecasting demand.
Planning Data Schema: The Planning Data Schema (PDS) is a schema created within the Oracle Database containing the tables that contain application metadata, a customer's planning data, and the procedures used to access and manipulate that data. The majority of user interactions with customer information are performed in workspaces; however, data load and other offline batch activities operate directly on the PDS.
Workspaces: Users perform application tasks inside workspaces. A workspace is a sandbox built by pulling data from the PDS; it supports the operations a user requires to perform a given task within the application. Once a task is complete, the changes made within the workspace sandbox can be applied to update the information contained within the PDS.
Secure deployment refers to the security of the infrastructure used to deploy the SaaS application. Key issues in secure deployment include Physical Safeguards, Network Security, Infrastructure Security, and Data Security.
RPASCE applications are deployed via Oracle Cloud Infrastructure datacenters. Access to Oracle Cloud data centers requires special authorization that is monitored and audited. The premises are monitored by CCTV, with entrances protected by physical barriers and security guards. Governance controls are in place to minimize the resources that are able to access systems. Physical security safeguards are further detailed in Oracle's Cloud Hosting and Delivery Policies.
http://www.oracle.com/us/corporate/contracts/ocloud-hosting-delivery-policies-3089853.pdf
The above referenced document also contains information about practices concerning Network, Infrastructure, and Data Security for applications deployed in the Oracle Cloud Infrastructure datacenters.
The following principles are fundamental to using any application securely.
One of the principles of good security practice is to keep all software versions and patches up to date. Since all interactions with RPASCE applications occur via a web browser (either through the RPASCE Client or through the Object Store web interface) and the FTP, these must be maintained at their latest release level to ensure the security of customer information.
The principle of least privilege states that users must be given the lowest privilege level required to perform their jobs. Overly ambitious granting of responsibilities, roles, grants, and so on, especially early on in an organization's life cycle when people are few and work must be done quickly, often leaves a system wide open for abuse. User privileges must be reviewed periodically to determine relevance to current job responsibilities.
System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow the audit advice in this document and regularly monitor audit records.