Services

Ad-hoc Oracle Security Services

Often there are one-off issues, enhancements, or questions, where a traditional consulting engagement does not make sense. We participate, for free, on Oracle's Cloud Customer Connect community, and help Oracle users with such cases. Sometimes more involvement from us is required, so we offer pay-as-you-go and retainer options to provide assistance when it's needed. We are confident that our combination of experience and ability to solve novel problems are unmatched in this space.

Please contact us for more information and to have a discussion on how we can help.

Other Services

Oracle Fusion Cloud Application role design and implementation - ERP, HCM, SCM, CX
Oracle Risk Management Cloud (RMC) implementation - Financial Reporting Compliance, Advanced Access Controls, Advanced Financial Controls
Authentication and authorization implementation for Oracle Cloud applications and supporting tools
Identity and Access Management and Privileged Access Management implementation for Oracle Cloud
Segregation of Duties / Sensitive Access reviews and tool implementation
IT Application Control and IT General Control reviews and implementation
Audit support
Managed services and staffing
Training

FAQ

We already have an SI (Systems Integrator). Do we really need a separate security specialist?

In the vast majority of cases, yes. Some SIs have security pedigree, but for most, it's not a core competency, and sometimes, scoped out of contracts or heavily limited. Oracle security is incredibly complex, and while sometimes it can be made to "just work", there are lots of pitfalls and "gotchas", some with real monetary impacts, that are only avoided by engaging with experts that have years of experience in the Oracle security space. We find that many SIs welcome bringing on a security expert, so they can focus on their core offerings. Even if your SI has capable security team members, it's still valuable and worth the expense to engage a separate security specialist to represent you on the client side and manage the effort.

We understand we should engage a security specialist. Why Apexguide?

Oracle and its security is our sole focus. Our team has many Fusion security implementations of varying sizes under our belts, across a variety of industries. We have deep experience with internal and external auditors, including all of the Big 4, and are well-versed in their requirements for these types of implementations. You'll also only get "A-Players" for your effort; this means nobody learning on the job and no unexpected subcontracting or offshoring to pad our margins. Being small and nimble means we can offer pricing that is extremely competitive and hard to beat, even by firms that primarily offshore. We can provide references from former and current clients as requested.

Are custom roles only relevant for public companies?

Absolutely not. To be clear, if you're a publicly traded company and try to use seeded (out-of-the-box) Oracle roles for end-users, it is a fact that you're going to be paying to fix that decision at some point; better to address at the start of an implementation effort. SOD and sensitive access risk doesn't care if you're public or private, and the risks of using seeded roles remain if you're private.

We went live and now we're seeing license usage for SKUs we didn't order and overages for those that we did. We're using custom roles. What happened?

Custom roles cannot be designed in a vacuum and must consider what you've subscribed to. This is not uncommon, but it can be fixed. Please reach out to us so we can assist.

Will custom roles break as part of quarterly Fusion updates?

It's very unlikely and is nearly always caused by something else. Sometimes this is used as a scare tactic to dissuade organizations from using custom roles. Oracle's release notes generally describe what's needed from a security perspective to use a new feature.

In what regions do you offer your services?

Globally, with remote and on-site options as needs and budget dictate.