There are dramatic benefits offered to Cloud adopters, such as efficiency, flexibility and global scalability, but these benefits do not magically occur simply because the company chooses to implement Cloud technology.
A move to Oracle Cloud can be a substantial opportunity to enhance security and controls while reducing compliance cost but a move to Oracle Cloud can also expose risks and rising costs. Addressing security and controls as part of an Oracle Cloud transformation is an opportunity that should not be missed.
There is lot of chatter in the market about Oracle Cloud and how security and controls might be affected. PwC helps to decipher what Oracle Cloud rumors are fact and what is fiction.
PwC recommends a risk-based security design strategy that finds the right balance between delivered and tailored roles and only creates custom roles for areas where they are truly needed.
PwC recently helped a technology company design roles that were right-sized for its particular Cloud environment by following a top-down, risk-based approach to role design. Instead of creating fully customized roles, or relying fully on delivered out of the box roles, PwC helped the client risk assess those business transactions that absolutely required segregation. After building a transactional access matrix and working through it with key stakeholders, PwC created custom roles to mitigate the risks that were deemed highest priority by the client, allowing for appropriate segregation.
This approach helped the technology company reduce the chance of audit findings upon go-live, and reduce the risk of fraud and erroneous transactions being processed in the system while avoiding significant overhead in ongoing role maintenance.
Managing Director, PwC US