Oracle Responsys Security Overview
Important: Oracle Marketing Cloud is now known as Oracle CX Marketing. This change in name may not immediately reflect everywhere in the Oracle Responsys user interface.
Oracle Responsys has several mechanisms to help meet your organization's security requirements. In this
Related data privacy resources: Learn more about Oracle Responsys Data Privacy and Security Features and Oracle CX Marketing and General Data Protection Regulation (GDPR). Also review Data Processing Agreement for Oracle Cloud Services and Oracle Cloud Hosting and Delivery Policies.
This document covers the following sections:
User access control
When granting users access to Oracle Responsys, follow the principle of least privilege. The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Over-ambitious granting of responsibilities, user roles, and the like - especially early on in an organization’s life cycle when people are few and work needs to be done quickly - often leaves a system wide open for abuse. User roles should be reviewed periodically to determine relevance to current job responsibilities.
In Oracle Responsys, you can define a user's access to the system using functional access control and organization access control. Functional access control and organizational access control work together. These features are described in the following sections.
Functional access control
Functional access control determines what operations the user can perform with certain objects in the system. In Oracle Responsys, functional access is controlled by a user's roles. For example, both Email Marketing Manager and Email Marketing Director have access to Email campaigns, but the Email Marketing Manager does not have access to the Launch Campaign functionality.
Access to Oracle Responsys should be restrictive. Oracle makes the following recommendations for effectively handling unauthorized access:
- When you create new users in the system, assign roles to manage user access to different parts of Oracle Responsys.
- Grant only the user roles that are absolutely necessary for users to perform their job responsibilities. However, sometimes a user will need to be assigned more than one role to perform their duties in the system.
- Assign the following roles sparingly:
- Super User has full access to all functional areas except for account administration.
- Account Administrator has all privileges of a Super User, plus access to account administration functionality.
- Data Director has full access to your data, including lists, PETs, and supplemental tables. This user also has access to Connect, which enables import and export of data.
Learn more about Role Descriptions and Access Rights.
Organization access control
Organizational access control gives you the ability to define the visibility of objects (such as lists, campaigns, folders, and programs) based on organization assignment of the object, the user's organization assignment, and the functional role assigned to the user.
To use organization access control:
- If your account has not been enabled for the Organization Access Control feature, contact your Customer Success Manager or submit a Service Request through My Oracle Support to have the feature enabled for your account. When it is enabled, it is enforced for all users in that account.
- Your Responsys Account Administrator must set up organizational units and levels in the system.
- When you create new users in the system, assign only the minimum required organizations to each user.
Learn more about Organizational Access and Targeting by Organization.
Login behavior
This section describes how Oracle Responsys handles login behavior for new and existing users. The behaviors described in this section are system defaults and cannot be configured by your Oracle Responsys Account Administrators.
Responsys Account Administrator login
After your organization has activated your Oracle Responsys service instance, and Oracle has configured your new Oracle Responsys account, the system sends a "Welcome to Oracle Responsys" email. The person who receives this email is your organization's designated "Account Admin" when your order is placed with Oracle. This email contains the Oracle Corporation Login page address for your account and the Account Admin credentials. The system sets the initial username and temporary password automatically.
On the first login, the new Account Administrator must change their password. If the temporary password fails, it has expired. The Account Administrator must click the Can't Sign In? link on the login page and change the password immediately.
The Account Administrator user creates the other Oracle Responsys users. The Account Administrator may create additional users with the Account Administrator role, but this should be done sparingly.
Standard user login
Anyone in your organization who needs to use Oracle Responsys must have a user login. Account Administrators create users in the system. After a user is created, the user receives an email with their username and a temporary password.
- On the first login, the user must reset their password to one that meets the password requirements.
- Each time a user logs from an unknown device, Oracle Responsys prompts users to request a verification code to activate the device. Activation helps reduce the risk of security issues related to login. The system sends the validation code to the user's email address, which is part of their user profile.
- Users who forget their passwords can click the Can't Sign In? link on the login page and request that the system reset the password for their login ID.
- Account Administrators can also manually trigger the reset of a user's password. The user will be emailed a link to the Reset Password page.
Users with the Account Administrator role perform all user management tasks for Oracle Responsys users.
Learn more about Adding Users, Editing User Information, and Resetting Passwords, Unlocking, and Deleting Users.
Single sign-on
You can enable secure user access to Oracle Responsys by using your single sign-on (SSO) vendor. Enabling SSO allows your organization to take advantage of the security features you've already implemented with your SSO identity provider. Oracle Responsys supports SAML 2.0-compliant identity providers.
Learn more about single sign-on.
Password and login security configuration
Oracle Responsys offers you various protections to secure user access to Oracle Responsys and help prevent unauthorized access. Using Oracle Responsys security configurations, you can:
- Manage the password requirements.
- Manage login security such as idle session timeout and user lockout policies.
- Optionally, further restrict user access by allowlisting IP addresses.
User password requirements
Responsys Account Administrators can modify the default Oracle Responsys user password requirements to match your organization's policies. Your organization can configure the following requirements:
-
Minimum password length (no fewer than 6 characters)
-
Require at least one lowercase letter
-
Require at least one uppercase letter
-
Require at least one number
-
Require at least one of the following characters: !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
-
Require that the first and last characters must be non-numeric
-
Require that the password must not be the user name or user name in reverse
Oracle recommends that your user password requirements are equal to or greater than the strength of the system defaults.
Password reset
The Oracle Corporation Account Administrator can reset a user's password. When the password is reset, the user receives an email requesting them to change their password immediately. The link expires 2 hours after it is sent.
Learn more about resetting a user's password.
User lockout after multiple failed logins
Oracle Responsys locks a user out of the system after 5 unsuccessful login attempts. The user will be able to log in again with the correct user name and password after the specified lockout time.
You can specify how long before a locked user can be unlocked. The default lockout time is 60 minutes. Alternatively, you can set a custom time or require that only an account administrator can unlock the user.
Oracle recommends that your user lockout time is equal to or greater than the strength of the system defaults.
Learn more about setting failed user login lockout policies.
Manual user lockout
If you need to block a user's access to the system, the Oracle Responsys Account Administrator can edit the user's profile and set the User Status to Suspended. Suspended users cannot log in to the system.
Learn more about Editing User Information.
Idle session timeout
You can set the maximum number of minutes after which Oracle Responsys logs out inactive users (that is, session timeout). You can choose a session timeout of 15 minutes, 30 minutes, or 60 minutes.
Learn more about setting idle session timeout policies.
IP address allowlisting (optional)
You can restrict Oracle Responsys login access based on a range of authorized login IP addresses. Any login attempts initiated outside of your authorized range are immediately denied. This type of restriction can help protect access from unauthorized users.
IP address restrictions are configured by submitting a service request through My Oracle Support.
Learn more about authorizing login IP addresses.
Account-level data security
Oracle Responsys provides capabilities to help protect your account and its data. Features like granular user access controls, encryption, data redaction, anonymization, and more help your organization protect your data at the highest possible standard.
Oracle Responsys provides data security mechanisms and controls to help your organization securely manage access to Oracle Responsys and minimize access within Oracle Responsys.
Hashing and using oHashes
To protect your account's customer data, Oracle Responsys creates an oHash of customer email addresses using the SHA-256 and MD5 hash value of a normalized email addresses. The normalized email address is generated by trimming the raw clear text, converting it to lower case, and removing any aliases.
The oHashes are stored in the columns EMAIL_SHA256_HASH_ and EMAIL_MD5_HASH. If you want to use your own externally calculated hash for profile merges or personalization, populate your hash value in the CUSTOMER_ID_ column.
These oHashes can be leveraged with your integrated systems to map customer data across systems without sending the email address itself. For example, the oHashed email addresses are used in an Oracle DMP integration or an Adobe Analytics integration, and can be used with retargeting use cases.
With Connect, you can use these oHashes as a match key. oHashes cannot update the standard EMAIL_ADDRESS_ column.
Responsys Personalization Language (RPL) and Built-in Functions provide methods for one-way hashing of data during personalization.
Learn more about RPL and Built-in Functions.
Data Redaction
Redaction is the process of censoring or obscuring part of a text for legal or security purposes. The Data Redaction feature redacts customer data in Responsys to obfuscate Consumers' Personally Identifiable Information (PII) from Responsys users. For example, Responsys accounts may want to redact customer data such as Email Addresses and Mobile Phone Numbers in the Profile List to ensure customer data is hidden from Responsys end users. Data Redaction ensures that Responsys accounts are compliant with data protection regulations to keep Consumers' PII or medical records (for HIPAA compliance) confidential.
Learn more about Data Redaction.
Encryption at Rest
Encryption at Rest is Oracle Responsys' solution to "data at rest encryption". Encryption at Rest provides security for data in files that are saved on disk (or at rest) by encrypting that data. Using Oracle Transparent Data Encryption (TDE) technology, Encryption at Rest encrypts Responsys data to prevent access from unauthorized users. For Responsys accounts with security mandates to protect their data at rest from unauthorized access, Encryption at Rest offers advanced data protection.
Learn more about Encryption at Rest.
Securely transfer data
Oracle Responsys facilitates data transfer and integration in a number of secure ways.
REST APIs
Using Oracle Responsys REST APIs, you can securely transfer personal data at scale. REST APIs use HTTPS end points. API users require Oracle Responsys functional roles and if Organizational Access Control is enabled, it will be enforced for API users as well.
By default, API user authentication requires username and passwords. For greater security, you can configure username and certificate authentication. These options are set on the user profile for the API user.
Learn more about the REST API for Oracle Responsys Marketing Cloud Service.
Connect
Connect enables secure transfer of data to and from Oracle Responsys. Connect jobs can transfer data using the following options:
- A Responsys Secure Copy Protocol (SCP) file server accessed by via an SSH/SCP client
- External server by Secure File Transfer Protocol (SFTP). Connect only supports external SFTP servers with static IP addresses.
Connect supports file encryption with PGP/GPG. This allows you to leverage PGP/GPG encryption so that files remain encrypted on your file servers until they are needed for processing.
Using Connect you can export:
- Contact Event Data (CED)
- Profile tables
- PET
- Supplemental Data including SQL data sources
- Filters and Audiences
When exporting data outside of Connect, Oracle Responsys enforces a download limit of 5000 records. The API does not have this restriction.
Learn more about Connect.