Search only in titles

---

Introduction

For any company that deals with sensitive data, keeping it secure is crucial to success. While hosting Primavera Cloud data on the Oracle Cloud provides security measures, it can't do everything. For example, it can't prevent phishing attempts or other attacks that exploit gaps in its users' security awareness. That's why it's important for everyone who works with Primavera Cloud to understand what they can do to keep data secure.

Who this guide is for

Security is everyone's business. This guide is for anyone who uses, manages, or is just interested in Primavera Cloud. If you're a security expert or administrator, this is a good place to start. It should help you see the big security picture and understand the most important guidelines related to security in Primavera Cloud.

For comprehensive information on administrative features, including those related to security, refer to the Primavera Cloud Application Administration Guide and the Oracle Primavera Cloud REST API guide.

Some Security Basics

We'll use the term administrator to refer to anyone who's responsible for managing a company's data and who can access that data. For our purposes, administrators include a wide variety of IT professionals, from those who define roles in the Primavera Cloud application to those who manage company servers.

An end user is anyone who uses Primavera Cloud to do their job. This includes project managers, subcontractors, general contractors, and everyone else who logs into Primavera Cloud from an office or jobsite to get their work done.

Administrators should...

• Set up Single Sign-On (SSO) and enable multi-factor authentication to minimize the number of passwords that users have to remember and to consolidate risk.
• Educate users on how they can avoid unwittingly helping hackers. One of the best ways application administrators and security advocates can help users is by helping them to prevent security breaches.
• Use a VPN to encrypt data being sent over the internet.
• Stay up-to-date about security trends and best practices.

End users should...

• Follow security guidelines created by their companies and the administrators of any network applications they use.
• Use strong passwords. The more random-looking the better, and avoid reusing passwords.
• Learn to recognize phishing. Phishing is when someone disguises an email or some other transmission as a legitimate message in an attempt to get a user to reveal sensitive information. For example, a hacker may send you an email disguised to look like an email from your employer requesting login information. These attacks are becoming more sophisticated, but you can still protect yourself by making sure any emails you receive or websites you visit are legitimate before using them to share sensitive information.

---

Last Published Wednesday, March 20, 2024