The ever-changing global security landscape and the rapid evolution of technology are forcing companies to make major changes to their current systems, tools, and infrastructure. To remain competitive in the market, companies are seeking solutions that are up to date with current regulations and technology and support their business growth. The adoption of cloud computing and software as a service (SaaS) is helping companies gain an advantage by expanding their level of automation beyond the scope and value of what a conventional solution does.
With the growth of cloud computing and SaaS solutions, data transfer and residency issues have become a greater focus for cloud customers, especially after the adoption of new privacy laws, such as the European Union (EU) General Data Protection Regulation (GDPR). While the GDPR is not a data residency law, market trends in the EU have led to a growing customer need for cloud services that are designed for the EU, located in the EU, and operated by EU personnel.
Oracle European Union Restricted Access (EURA) Cloud Service is designed and released with such EU data residency needs in mind.
Oracle European Union Restricted Access (EURA) Cloud Service for Oracle Fusion Applications is designed to address the data residency and privacy needs of our EU customers by ensuring that all customer service environments, the customer data in those environments, and derivative datasets potentially containing customer data, such as memory dumps, reside only in EU data centers. In addition, by restricting Oracle personnel access to customer data and diagnostic data by work location, only EU-based Oracle engineers can perform service management and maintenance. Oracle EURA is available for select services in the following Oracle Fusion Application Suite pillars:
Oracle EURA has obtained ISO 27001 and CSA STAR certifications.
EURA processes and stores all customer data and derivative datasets potentially containing elements of customer data, such as trace files and service logs, under the EURA restrictions regarding data residency and data access. A few minor exceptions apply for the email and malware scan systems, as well as Oracle Fusion Cloud Learning rich media streaming delivered from Akamai data centers. (Oracle Fusion Cloud Learning customers can opt out of having media streamed from Akamai).
EURA ensures that applicable Oracle Fusion customer service environments are hosted in data centers in the EU; currently the primary data center is in Frankfurt.
Controls are in place to ensure Oracle grants only EU-based personnel access to the cloud service and customer data for the purposes of service management. These access controls are designed to verify that personnel are employed in the EU. In addition, when logging in remotely from non-Oracle locations, IP-based geo-fencing is applied to verify that personnel are physically present in the EU.
By restricting data storage to EU data centers and by applying data access controls, EURA can help customers address their EU data residency needs.
On top of the Oracle Corporate and service-specific controls available within Oracle solutions, additional security features are made available with EURA.
Break Glass for Fusion Cloud Service enables customers to restrict and control Oracle's access to customer data stored in the Oracle Fusion Cloud Service database. By using Oracle Break Glass for Fusion Cloud Service, customers can control access to passwords required for data-level access to the Oracle Fusion Cloud Service database. With Oracle Break Glass, Oracle personnel cannot access the customer cloud environment to troubleshoot any issues unless they have approval from the customer.
In addition to such controlled access, data at rest is secured using Oracle Transparent Data Encryption (TDE) and Oracle Database Vault. Oracle requires use of the TDE master key to operate the database of the Oracle Fusion Cloud Service but only retains a copy of the latest key provided by the customer.
Customers can upload, remove, or restore their TDE master encryption key from the Applications Console.
Companies run the risk of exposing sensitive data when copying production data into nonproduction environments to develop new apps, run tests, or perform data analysis. However, to perform real-world testing, nonproduction users need to access representative datasets.
Oracle Data Masking reduces this risk by replacing the original sensitive data with fictitious data so that the data can be shared safely with nonproduction users.
With Data Masking, customers can
This feature enhances Oracle Fusion Cloud EPM security by allowing customers to bring their own key, which is used to encrypt the database access key. This feature is available to all Oracle Fusion Cloud EPM customers, not just those provisioned to EURA environments. All data in the relational database is encrypted at rest, and the customer-provided key is used to encrypt the database access credentials. Management of this key is provided by the customer. This feature can be used with the Restricted Database Access feature, which provides restricted access to customer data by Oracle development and database administrators (DBAs). With this feature enabled, access is controlled and authorized by the customer. DBAs do not have access to customer data. All access to the customer database is audited and made visible to the customer.
Oracle enables Oracle Fusion Cloud EPM customers to restrict and control Oracle access to customer data stored in the EPM cloud service relational database. When activated, Oracle personnel cannot access the customer cloud environment to troubleshoot any issues unless they have approval from the customer.
To learn more, contact your Oracle sales rep and ask about Oracle EURA for Oracle Fusion Applications.