1. Securing B2C Service
  2. How You Secure Integrations and Accelerators

How You Secure Integrations and Accelerators

You should closely examine integrations between B2C Service and external applications to prevent mishandling of sensitive data.

The value of B2C Service increases when data is exposed to other applications and shared across functional groups. Subsequently, a wide variety of methods to integrate with applications external to B2C Service are available. These include public APIs, productized integrations, and accelerators. You must carefully plan your integrations so that sensitive data is protected throughout the entire lifecycle, and ensure that sensitive data is either not moved or is only moved to environments having adequate controls.

Although B2C Service can integrate with customer on-premise applications or other Oracle Cloud products, the ability to share sensitive data with another application does not mean the other product maintains all the same regulatory controls that B2C Service has. You are responsible for validating which controls are in place across system architecture where your sensitive data will transmit and persist. For example, if PHI data within B2C Service will be shared with Oracle B2B Service, you should contact Oracle and validate that B2B Service has the necessary HIPAA controls. You cannot presume that the appropriate regulatory controls exist because the products in question are from the same vendor.

When determining how to move data out of B2C Service, consider whether the data is being pulled out or pushed out. This concept is relevant to sensitive data masking. In general, sensitive data in B2C Service being pulled out will be masked and sensitive data pushed out will not be masked. For example, when using the Representational State Transfer (REST) API, you could use an on-premise application to get (pull) data from B2C Service. Oracle Integration Cloud Service (ICS) is an example where connections enable data to be pushed out of B2C Service.

The B2C Service API, integration and accelerator documentation contains example integrations to other packaged applications, which includes examples of how to perform various integrations using approved technologies (such as, JavaScript, SOAP, REST, etc.) and what data is available. Please be aware that these examples are not analyzed for impact by Oracle to any regulation requirements.

Related Topics