No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Start a new search.
Contact Us Sign in to Oracle Cloud

Oracle Cloud Free Tier

Build, test, and deploy applications on Oracle Cloud—for free.

European Union Restricted Access (EURA) and SaaS Security

Rapid evolution of technology forces companies to undertake major changes in their current systems, tools and infrastructure. To remain competitive in the market, companies are seeking solutions in harmony with current regulations and technology, while supporting their business growth. The adoption of cloud computing and SaaS services is helping companies gain an advantage by expanding their level of automation beyond the scope and value of what a conventional solution does.

With the growth of cloud computing and software as a service (SaaS) solutions, data transfer and sovereignty issues have become a greater focus for cloud customers, especially after the adoption of new privacy laws, such as the European Union (EU) General Data Protection Regulation (GDPR). While GDPR is not a data residency law, market trends in the EU have led to a growing customer need for cloud services that are designed for the EU, located in the EU, and operated by EU personnel.

Oracle European Union Restricted Access (EURA) Cloud Service for Oracle Fusion Applications is designed and released with such EU data sovereignty needs in mind.

Map of EU member states

What is Oracle European Union Restricted Access Cloud Service?

Oracle EURA addresses the data sovereignty and privacy needs of our EU customers by ensuring that all customer service environments, and customer data in those environments, as well as derivative data sets potentially containing customer data, such as memory dumps, reside in EU data centers only. In addition, by restricting Oracle personnel access to customer data and diagnostic data by work location, only EU-based Oracle engineers can perform service management and maintenance. Oracle EURA is available for these Oracle Fusion Application Suite pillars:

Oracle EURA has obtained ISO27001 and CSA STAR certifications.

What are the key benefits?

EURA processes and stores all customer data and derivative data sets potentially containing elements of customer data, such as trace files and memory dumps, under the EURA restrictions regarding data residency and data access. A few minor exceptions apply for the email and malware scan systems, as well as any rich media streaming delivered from Akamai data centers. (Fusion Learn customers can opt to have media streamed from Akamai).

1.  EU data centers

EURA ensures that applicable Fusion customer services environments are hosted in data centers in the EU, currently in Frankfurt for the primary data center and in Amsterdam for the disaster recovery data center.

2.  EU data access

Controls are in place to ensure Oracle grants only EU-based personnel access to the cloud service and customer data for the purposes of service management. These access controls are designed to verify that personnel are employed in the EU. In addition, when logging in remotely from non-Oracle locations, IP based geo-fencing is applied to verify that personnel are physically present in the EU.

By restricting data storage to EU data centers and by applying data access controls, EURA can help customers address their EU data sovereignty needs.

Advanced security solutions for Oracle EURA

On top of the Oracle Corporate and Service-specific controls available within the Oracle solutions, additional security features are made available with EURA.

1.  Oracle Break Glass:

Break Glass for Oracle Fusion enables customers to restrict and control Oracle’s access to customer data stored in the Oracle Fusion Cloud Service database. By use of Oracle Break Glass for Fusion Cloud Service, customers can control access to passwords required for data level access to the Oracle Fusion Cloud Service database. With Oracle Break Glass, Oracle personnel cannot access the customer cloud environment to troubleshoot any issues unless they have approval from the customer.

In addition to such controlled access, data at rest is secured using Oracle Transparent Data Encryption (TDE) and Oracle Database Vault. Oracle requires use of the TDE master key to operate the database of the Oracle Fusion Cloud Service, but only retains a copy of the latest key provided by the customer.

  • Customer data in the database is encrypted at rest using TDE, and access is logged and audited using Database Vault.
  • Break Glass access is time bound; it secures customer data by requiring customer approval for Oracle personnel to access the environment.
  • Break Glass provides only temporary access. The access credentials are programmatically reset after a preconfigured amount of time, typically 72 hours.
  • Break Glass access is audited and logged, and reports are available.
  • Customers can upload, remove, or restore their TDE master encryption key from the Applications Console.

2.  Oracle Data Masking:

Companies run the risk of exposing sensitive data when copying production data into nonproduction environments to develop new apps, run tests, or perform data analysis. However, to perform real-world testing, non-production users have a need to access representative data sets.

Oracle Data Masking reduces this risk by replacing the original sensitive data with fictitious data so that the data can be shared safely with non-production users.

With Data Masking, customers can:

  • Limit sensitive data proliferation: Growing security threats have increased the need for companies to limit exposure of sensitive information. At the same time, copying production data for nonproduction purposes, such as test and development, is proliferating sensitive data, expanding the security and compliance boundary, and increasing the likelihood of data breaches.
  • Share what is necessary: Often, companies have to share a production data set with internal and external parties for various reasons. In some cases, it is efficient to extract and share a portion or subset of information instead of sharing the entire production dataset.
  • Implement data minimization: Data privacy regulations, such as the GDPR, promulgate data minimization principles. Limiting sensitive information in non-production environments can help address these principles because these environments are often accessed by larger number of users with more privileges than typical in-production systems.

To learn more, contact your Oracle Sales Rep and ask about Oracle EURA for Oracle Fusion Applications.