1. Security Guide
  2. General Principles

General Principles

The following principals are fundamental to any software security plan.

Keep Software Up to Date

One of the foundations of good security practice is to keep all software versions and patches up-to date across the technology stack. The Oracle WMS Cloud Service will be updated to include any relevant Oracle Critical Patch Updates (CPUs). Oracle releases these Critical Patch Updates multiple times a year. These CPUs will be applied to customers instances to keep the service as secure as possible. There is nothing a cloud customer needs to do to get these CPU patches. However, a cloud customer needs to make sure these scheduled application updates happen on-time four times a year and they need to test their scenarios when their Test instance is updated.

In addition, it is recommended that clients keep any of their custom applications or external systems that interface with their Oracle WMS Cloud Service patched and up to date with any relevant security patches as well.

Follow the Principal of Least Privilege

The principal of least privilege states that users should be given the least amount of privilege to perform their job responsibilities. Over-ambitious granting of responsibilities, roles, permissions, etc., especially early on in an organization or

during an implementation’s life cycle irrespective of the number of people or implementation timelines; can leave an application or cloud services open for abuse. All user access and privileges should be reviewed periodically to determine relevance to current job responsibilities.

Monitor System Activity

System security stands on three pillars: recommended security protocols, proper system configuration, and system monitoring.

  • Security protocols - Oracle addresses the good security protocols and the proper system configuration pillars within

    the Oracle WMS Cloud Service.

  • Proper system configuration - When interfacing to the service with custom applications and external systems, it is the

    responsibility of the customer to use good security protocols and the proper system configuration.

  • System monitoring - Auditing and reviewing audit records address this third requirement and is the responsibility of

    the customer . The Oracle WMS Cloud service has sufficient degree of monitoring capabilities and customers are advised to make use of it as needed.

Keep Up to Date on the Latest Security Information

Oracle continually improves its software and documentation. Check this document regularly for revisions as well as Oracle SaaS Security

Note: For more detailed information about SaaS Security, see OCI SaaS Security