In 2019, Oracle announced it would end its support for its Governance, Risk and Compliance (GRC) applications, moving these customers to Oracle's "Sustaining Support" until May 2025. Since the Oracle GRC platform includes the Application Access Controls Governor (AACG), the Oracle solution that addresses Segregation of Duties (SoD) management and detects and prevents undesired user access, this should concern all Oracle EBS users.
What does Oracle mean by “Sustaining Support”?
In a nutshell, it means that Oracle will continue support any functionality that was available in these applications while under either premiere support or extended support.
According to Oracle’s Software Technical Support Policies, there will be no "new program updates, fixes, security alerts, and critical patch updates."
This can result in significant impacts to your company.
For example, if your company is publicly traded, your Audit Committee should be made aware that you have a potentially significant issue if the Oracle GRC applications should stop working. Also, your internal and/or external auditors should be notified that support for your GRC applications will be discontinued, which can also impact your financial and SOX audits.
Know your options
Since Oracle will no longer be offering new functionality or updates, there is little advantage to paying for support for Oracle's GRC applications. Now is a good time to start looking at GRC alternatives for your business applications. And when you consider that support costs for enterprise applications typically run 18-20% of the price of the product, this amount can be reallocated to the purchase of a replacement solution.
The Fastpath Assure platform offers many of the features available from Oracle’s AACG. Fastpath helps you manage SoD risks, automate user provisioning, and track critical changes to your business systems, down to the most securable objects. Fastpath provides the ability to schedule periodic access certification reviews and perform SoD checks prior to provisioning users, two capabilities that are not part of Oracle GRC.
Fastpath helps users answer these critical questions:
- Who has access to our systems?
- What did they do with that access?
- Where is our company vulnerable?
- Who can create a vendor and then pay that vendor with no oversight?
- Who has access to modify the chart of accounts, journal entries, or bank account data for vendors?
- Who is turning approvals on and off, or opening and closing periods?
- What data are your operating system administrators and/or database administrators changing?
Fastpath also works with many different applications, such as SAP, Peoplesoft, JD Edwards, Workday, Coupa, and many more, allowing you to perform true cross-application SoD analysis.
Find out how Fastpath Assure can help you find a viable alternative to Oracle GRC. Download our complimentary eBook HERE, talk to one of our Oracle security experts, or if you'd like to see a customized demo, please request a demo here.