How to Use the PowerPoint Template

Oracle Cloud SecurityThe Most Secure Cloud. The Most Viable ERP Cloud VendorSeptember 2014

5-in-15 Webinar1Copyright 2014 Oracle and/or its affiliates. All rights reserved. Copyright 2014 Oracle and/or its affiliates. All rights reserved. Today we are going to talk about Oracle Clouds Security Strategy and what this means for VP of Finance/ Finance professionals.1#1 Concerns with the Cloud#2 SaaS Security Checklist#3 Oracle Security Solutions#4 Customer Security Quote#5 SaaS Security ResourcesAgendaCopyright 2014 Oracle and/or its affiliates. All rights reserved. Here is how we are going to structure our conversation today Starting off with concerns in the cloud and ending with SaaS security resources and where you can find more info on Oracles strategy.-Concerns with the cloud- why should you care?SaaS security checklist- do you know what your customers should be asking other cloud providers?-Oracle Security Solutions- Rob Condon will talk about Oracles security strategy in the cloud-Customer QuoteSaaS Security Resources- where do I go next?

23 1. Concerns with the Cloud49% of survey respondents have with data security concerns

35% of survey respondents have regulatory or compliance issues

33% of survey respondents have reliability concerns Source: IDC CloudTracker Survey 2013, n=1109Copyright 2014 Oracle and/or its affiliates. All rights reserved. Why should you or your customers care about Cloud Security? Here are some top concerns for CFOs.Security of financial reporting systems ( data security)Compliance ( think auditing, PCI other industry based certifications)Reliability concerns in terms of service availability

32. SaaS Security Checklist OracleVendor ViabilityIsolated TenancyUnified Access ControlsData Residency and Compliance$4Data Center OperationsAdvanced Data SecurityCopyright 2014 Oracle and/or its affiliates. All rights reserved. This is how we are going to guide our discussion for todays presentation.

Lets look at Oracles security strategy and how it compares to first generation saas providers.

Vendor viability- Is your cloud vendor viable? Will they be around tomorrow? Oracle has a clear and committed cloud strategy( $ 1 billion SaaS business ) this is shown with over 14 years of experience running enterprise clouds and by the 29 million users that we support everyday.

Isolate Tenancy- Does your cloud provider co-mingle your data? The multi-tenant approach that many first generation providers promote leave you and your employee data vulnerable to increased risk and security issues as well as compromising on performance. Imagine co-mingling of your financial data with another customers. Nightmare waiting to happen.

Unified Access Controls- Can you control access across your erp applications and across cloud applications? What if users leave or join your company? Does your cloud provider have a unified strategy in a hybrid cloud scenario? What about access controls? You want to make sure users have the appropriate level of access to information and data as it pertains to their job duties.

Data Residency and Compliance- Many organizations have data location requirements especially in EMEA and APAC. In many industries you need to be compliant with industry security standards such as PCI,HIPAA etc. We have a broad compliance portfolio- and take care of it all for you.

Data center operations- Oracle operates embassy grade cloud data centers around the world. We have highly redundant infrastructure and 99.5% availability that we provide to our customers

Advanced data security- lastly advanced data security options when your business dictates additional layers of security . There are a number of Oracle products that can help support your advanced security requirements

4Top to bottom security from an experienced cloud partner3. ViableOracle is a profitable and proven tech leader for over 35 yearsLong history and proven cloud portfolio that scales from small to large enterprisesContinuous R&D and broadest portfolio of integrated cloud services with 14 yrs experience running enterprise cloudsSupports 29 million users & 22 billion transactions each day519 Data Centers WorldwideIdentity ManagementData IsolationHCMCXERPCopyright 2014 Oracle and/or its affiliates. All rights reserved. Making a decision about your ERP application is very important for your business. You want to make sure your cloud vendor is going to be around. It is important for your cloud provider to be a strategic partner for the long term. Oracle is a trusted erp cloud vendor that you can partner with in confidence.

Oracle has a clear and committed cloud strategy( $ 1 billion SaaS business ) that is shown by over 14 years of experience running enterprise clouds and by the 29 million users that we support everyday.

5Isolated Tenancy ModelMulti-Tenancy ModelShared resources where it makes sense. Isolated where it doesnt3. Isolated TenancyMore security, less risk (separate databases )Flexible Upgrades (you choose)Minimized noisy neighbor syndrome (performance)6All the benefits of SaaS, plusCopyright 2014 Oracle and/or its affiliates. All rights reserved. Another key unique differentiator for Oracle is :isolated tenancy.

Oracle Cloud leverages shared resources across all of your cloud assets where it makes sense and isolates them when it makes sense. Your data will never be mixed with other customers data nor will your applications. With Oracles modern enterprise cloud you have the leverage of shared resources to reduce costs and the benefit of Oracle Technology to ensure privacy and performance.

Unlike First Gen SaaS Providers, Oracle provides :

Each Cloud customer with their own database instance not shared with others- keeping business critical data protected in the cloud

Oracles Advanced Isolated tenancy model provides unlimited performance, and rapid elasticity when your business needs change

It Enables Flexible Upgrades - so you can upgrade when your business dictates , avoiding critical times such as upcoming tax season, year end or other peak periods for your business.

Complete data isolation and security at multiple tech layers so your current and future employee data is safe in the cloud and never co-mingled with other companies' data

Consistent and automated control over employee on boarding and off boarding

Gain the leverage of shared resources to reduce costs and the benefit of Oracle technology to ensure privacy and performance

6Centralized Identity ManagementOne common strategy for better control 3. Access ControlsCentralized Identity Management with Federated Single- Sign On ensures that only approved users have access to relevant dataControl and configure access to application functions and dataInvoke mapping rules for each job function with auto provisioningRBAC* leveraging industry best practices for least privilege to prevent unauthorized access to confidential informationUnified Access Controls Across Your Business 7ERPHCMCX3rd Party*Role Based Access ControlsCopyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle provides unified access controls across your entire business.

There are multiple scenarios where this is relevant one example is :When users leave or join your company you want to make sure they have the right level of access ( new users) and you want to revoke access to all relevant systems and data when they leave. Lots of damage can be done if unauthorized users have access to business critical data.

Oracle provides :

Centralized Identity Management with Federated Single- Sign On ensures that only approved users have access to relevant data across clouds and on-premise

Role Based Access Controls (RBAC) controls leveraging industry best practices for least privilege(again employees should only have the level of access required for their specific job role) to prevent unauthorized access to confidential information

Control and configure access to application functions and data ensuring that users only see job specific duties

Invoke mapping rules for each job function with auto provisioning when new users are hired or transferred

7We are where you are3. Localized Data Residency and ComplianceKeep Data local 19 data centers located across the globeOracle badged security experts safeguard your sensitive data Best in class, industry based compliance8Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle has 19 data centers located across the globe . Our data centers are best in class from an availability, proximity and physical security standpoint. We support customers in all regions worldwide

-some organizations have specific data location requirements where their data has to be in a specific country or region- this is true for many customers in EMEA/APAC. With Oracle Cloud, you can have your data held in region to comply with regional, industry or country based regulations. -we have a broad best in class regulatory compliance portfolio to support relevant data privacy requirements and updates we stay compliant so you dont have to worry about it..

8Keeping your data safe and compliant with industry standards3. World Class Security and CompliancePCI Payment card industry data security standardsGLBAGramm Leach-Biley ActSSAE16 (SOC 1) And SOC 2Statement on Standards for Attestation EngagementsNIST SP800-53National Institute of Standards and TechnologyISO 27001An information security management system standardFISMAFederal Information Security Management ActFedRAMP, G-CloudUK Data Protection ActHIPAAHealth Insurance Portability and Accountability ActEU Data Privacy Directive 95/94/ECDIACAPDOD Information Assurance Certification and Accreditation ProcessFIPS 140-2Federal Information Processing Standard9Copyright 2014 Oracle and/or its affiliates. All rights reserved. Here is a list of some of our word class security and compliance certifications.We have best in class, compliance certifications to support local HR regulatory and data privacy requirements Oracle aligns to the ISO 27000 series security industry standard We do extensive internal and 3rd party auditing to ensure all requirements are met

Security compliance standards are applied to all tenants and services as regulations evolve

Inside the data center3. Data Center OperationsState of the art physical data center protection, logical data security and data privacy protection policiesPro-active security engagement and monitoringDirect link between cloud operations and development for optimal performance and rapid remediation Unified support at every layer of the tech stack and across clouds 24 x7 Follow the Sun Cloud Operations 1024 X 7Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle maintains some very impressive data centers around the world from both a physical and logical security perspective.

There are :Dedicated Oracle badged cloud security experts that support every layer of the technology stack from application to infrastructure. Application supportPlatform technologies (Middleware & DB)Infrastructure support and system administration

24 X 7 video surveillance, security guards and personnel screening

There is a very comprehensive list of the physical security that we maintian at our data centers.

Physical Access (Cloud Ops staff only)Controlled point of entry to hosting areaAccess card, biometric scanner, access listsVideo surveillance, motion detectors, guardsMultiple physical security zones, man trapsPhysical environment access or cage completely managed by Oracle

10State of the Art Cloud Disaster Recovery3. Data Center OperationsBack-Up, Availability and SLAs Within region HA / DR with highly redundant and resilient infrastructure in the event of a disasterComprehensive data back up strategy with built in redundancy and fault toleranceTarget System Availability Level of 99.5%Oracle engineered systems powered speed, performance and scalability without the upfront investment 11Copyright 2014 Oracle and/or its affiliates. All rights reserved. Oracle provides state of the art cloud disaster recovery includingHighly redundant and resilient infrastructure to recover services in the event of a disasterComprehensive data back up strategy with built in redundancy and fault tolerance for power systems, cooling systems, telecommunications , networking, application domains, data storage, physical and virtual servers, and databases

Customers enjoy the speed, performance and scalability of Oracle engineered systems without the upfront investment

Component and power redundancy with backup generators to support high availability in the event of crisis

State of the art Cloud Disaster Recovery with highly redundant and resilient infrastructure to recover services in the event of a disaster

Comprehensive data back up strategy with built in redundancy and fault tolerance for power systems, cooling systems, telecommunications , networking, application domains, data storage, physical and virtual servers, and databases

Target System Availability Level of 99.5%

Customers enjoy the speed, performance and scalability of Oracle engineered systems without the upfront investment

11124. Customer Security Quote I'm actually kind of surprised that security is a bigger issue on the ERP side with the controllers and the CFOs. I'm going to put my trust in something like an Oracle data center that has significant amounts of security, as opposed to, say, two or three IT guys that I have downstairs that are responsible for ultimately managing and maintaining who has access to that data. In a scenario where we outsource this to Oracle, it makes a lot of sense for us to be able to say, here's somebody who's a lot better at this than we are, and I think the risks are actually significantly smaller. Brandon Byrne, VP of finance, CURSECopyright 2014 Oracle and/or its affiliates. All rights reserved. Here is a great customer quote from Curse.125. Cloud Security ResourcesCIO Insights Video Part 1: Cloud Security Challenges CIO Insights Video: Part 2 - Different Clouds Equal Different Risk CIO Insights Video : Part 3 - How to Mitigate Risk in the Cloud Executive Brief: 5 things to look for in cloud provider when it comes to securityCloud Operations Sales Enablement Portal SaaS Sales ContentSecurity in the Cloud13Copyright 2014 Oracle and/or its affiliates. All rights reserved. Where to go for more information. You can always reach out via email. 13ERP Cloud 5 in 15 SeriesNext 5 in 15: September 19, 2014; topic is TBDJoin the ERP Cloud Market Intelligence OSN ConversationReplays of past 5 in 15 sessionsAll replays will be available on Oracle Sales AcademySearch for the ERP Cloud 5 in 15 Guided Learning Plan (GLP)Once added, you will be notified as new replays are availableReplay will also be available on the ERP Cloud Market Intelligence OSN conversationCopyright 2014 Oracle and/or its affiliates. All rights reserved.

Questions?#6 to Unmute Line or Via WebEx ChatContact Info:

Yaldah Hakim: yaldah.hakim@oracle.comRob Condon: rob.condon@oracle.com

Copyright 2014 Oracle and/or its affiliates. All rights reserved. Copyright 2014 Oracle and/or its affiliates. All rights reserved. 16