Top Management of Big Companies are facing challenges from lack of information on various Risk faced by all departments / divisions at individual company level and group level and the effective Controls in place are not reported in a consolidated manner as they are managed in fragmented and silo manner at various department level.
- Most organizations respond to regulatory requirements or risk events in a silos or piecemeal fashion. This leads to a duplication of effort, duplication of controls and duplication of activities. In the end, the fragmented efforts lead to the inability to see and therefore properly evaluate the performance of enterprise-wide GRC activities.
- Most organizations do not have a disciplined approach to risk management. IT, Finance, Manufacturing, HR, Sales and Line Managers respond to specific risks in isolation and cannot see the impact of the risk in combination with others. Responses are often knee-jerk, tactical, and focused on putting out fires. Data gathering for risk analytics is manual and cannot scale to the volumes generated by modern business operations.
- GRC activities are often manual and ad-hoc. Control activities are often done after-the-fact, separately from the business process itself. As a result, out-of-policy activities are not prevented and normal business operations are interrupted with requests to satisfy compliance requirements.
Solution and Key Strengths
- Oracle is the only software vendor to supply a comprehensive, enterprise-wide platform for IT governance. Oracle IT Governance products allow robust controls to be introduced, enforced and modified at all levels of the IT infrastructure, from the applications to the database, and across heterogeneous systems.
- Segregation of duties with business-driven rules enforce detective and preventive access controls
- Oracle’s Database Vault separates the administration of data-level security from the daily activities of the Database Administrator (DBA).
- Oracle Enterprise Single Sign-On Suite (SSO) provides end-users with convenience and uncompromised security through true SSO capabilities from network login through to application access
- Oracle Identity Federation enables organizations to create virtual communities for their own employees, as well as customers and partners with single sign-on capabilities.
- Oracle Internet Directory is a scalable, robust directory service implemented on the Oracle Database. Oracle directory synchronization service, which is part of Oracle Internet Directory, permit synchronization between Oracle Internet Directory and other Oracle and non-Oracle directories and user repositories.
- Oracle Virtual Directory provides Internet and industry standard LDAP and XML views of existing enterprise identity information, without the need to synchronize or move data from native location.
- Oracle Web Services Manager user security for heterogeneous web service environments.
- Oracle Audit Vault is an enterprise-wide audit solution that detects, monitors, alerts and reports on audit data for security auditing and compliance enforcement.
- Oracle Application Configuration Controls continuously monitor system configurations
- Oracle Change and Configuration Management involves discovering IT configurations and auditing changes that occur over time