EPM Is Most Secure in the Cloud

Posted by Steve Berry

Jan 22, 2020 11:59:48 AM

It’s easy to believe that running your financial systems in your own facility is more secure than running them in someone else’s. The truth is just the opposite, especially for EPM.

CFOs have long understood the economic advantages of hosting software in the cloud. Costs are lower because they are shared across the cloud provider’s many customers and also because it’s the cloud provider, not the customer, that is responsible for keeping technology up to date. There are also operational advantages since customers can focus more of their limited resources on their core business and their core competency if they are not also simultaneously trying to maintain financial IT.

EPM magnifies these classic cloud advantages as it has transformed financial software. Once merely a standalone appliance within the finance department, financial accounting software has morphed into a true enterprise-wide ecosystem, creating both new opportunities and new challenges. On the opportunity side, EPM provides:

  • Near real-time correlation between financial and operational metrics to achieve enterprise-wide situational awareness and a single version of truth
  • Advanced self-service analysis tools that enable business unit stakeholders to optimize financial outcomes without needing help from IT or finance
  • A collaboration platform that enables finance and business unit teams to achieve consensus faster and coordinate action better for maximum return on resources

But those new opportunities come with new challenges that make cloud an even better deployment choice than before. Compared to a software accounting appliance, EPM is far more complex, has far more functionality, and supports many more users in many more roles. Software patches are bigger (more than 10 server installs in some cases), take longer, and require more sophisticated timing, both in terms of technology impact (like an unsupported OS version) and day-to-day user impact (like during an end-of-period close). But if your EPM application is not only hosted in the cloud but also managed there it means you do not have to deal with that extra complexity yourself in order to take advantage of those extra opportunities. In the process, you can also drastically reduce your risk of a suboptimal or nonsecure system.

EPM Cloud’s Security Advantages

A bigger software footprint equates to a bigger target, and more targets, for hackers. Greater complexity equates to potentially more ways to attack the software. And greater scope (more functionality, more users, more roles) equates to greater potential damage done if the software is attacked. The stakes are higher, the risk greater, and therefore the defenses required must be far more robust — in terms of what is protected (i.e., the EPM setup itself) and how it is protected (i.e., with firewalls, file encryption, and other non-EPM-specific measures). Take role assignment, part of EPM setup. Your software is unsecure if the same user who can put a new vendor in the system can also create a purchase order and authorize a payment to that vendor — or if someone assigned an administrator role is also assigned a provisioning manager role. Those vulnerabilities could exist as a byproduct of administrators simply not knowing how best to use the software, regardless of how well the software is protected from external hackers. So, EPM requires both kinds of protections — those protections that come from knowing how to navigate the complexities specific to EPM itself and also those protections that come from employing great security technology and best security practices in general.

On both fronts, a managed application hosted (MAH) environment is bound to be more secure than most on-prem implementations. By putting both the EPM application and EPM application management in the cloud, here is some of what you get:

  • A global network of geographically distributed datacenters with near real-time failover in the event a datacenter goes down
  • 24x7x365 monitoring of the application’s security and operational parameters (like a spike in login attempts to a previously little-used service or a change in user privileges)
  • Real time text and/or email alerts to key users whenever a preset operational or security threshold is violated
  • Annual comprehensive health checks encompassing the entire technology stack, including cloud infrastructure, operating system, and application
  • Ongoing application lifecycle management aligned with security best practices and your business policies (including application and operating system patch management)
  • Staged, multi-tier, multi-site, multi-cluster backups involving both complete as well as application- and database-specific backups on an hourly, daily, weekly, and monthly basis
  • Multi-layer physical security, including: retina or finger print scanners and badge readers, 24x7x365 security guards, silent and audible alarms and cameras at all entrances and access points

So, not only is your financial ecosystem more secure, it delivers more of what motivates organizations to adopt EPM in the first place — a higher level of functionality delivered to more stakeholders doing their jobs faster, more efficiently, and with fewer barriers to collaboration with peers.

Topics: EPM Support, Cloud Hosting, Technology Insights, Cloud EPM, Managed Services, Enterprise Performance Management (EPM), Oracle Products