Best Practices from Oracle Development's A‑Team

Eloqua Security Cheatsheet

Michael Sullivan
Principal Cloud Solutions Architect

Many clients who purchase products or suites from our SaaS portfolio haven’t fully thought through their security requirements prior to signing up. As such, it is not untypical to find themselves in a quandary as to what they should provision (for free) versus what additional add-ons they should purchase. This blog post is an attempt to provide a quick overview as to what bits and pieces of Eloqua should be considered when evaluating a client's security requirements. Note also that certain SKUs are better provisioned up front, while others can be added later -- choose wisely.


Eloqua Security-related SKUs (to be provisioned):

1.) Oracle Eloqua Security Administration Cloud Service

Security Groups allow administrators to control what levels of access users have to assets, features, interfaces, and so on. There are several Security Groups offered with Eloqua OOTB; however you can create your own Security Groups to suit your needs.

Note: This add on is included in both Standard and Enterprise trims, thus it is only needed for Basic trim.

2.) Oracle Eloqua SSL Certificate Self Purchase 

a.k.a. “Secure Microsites”

Important: The secure microsites package does not contain an SSL certificate. Clients are responsible for purchasing a SSL certificate from a 3rd party.

After provisioning, client must log an SR to get it set up by Oracle Cloud Ops.

see: http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/Microsites/Tasks/CreatingSecureMicrosites.htm

3.) Eloqua Advanced Data Privacy Cloud Service

Add-on SKU

The Oracle Eloqua Advanced Data Privacy Cloud Service enables marketers in regulated industries like Financial Services to interact directly with consumers in a secure way that complies to PII and NPI privacy regulations. This add-on is available for all Eloqua trims (Basic, Standard and Enterprise). Note: This SKU is not HIPAA compliant (see below).

see: https://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/pdf/OracleEloqua_DataPrivacy_ConfigurationGuide.pdf

Requires: Oracle Eloqua SSL Certificate Self Purchase

4.) Eloqua Advanced Data Security Cloud Service

Database encryption add-on SKU to address requirement or internal policy that data be encrypted at rest. Note: included with the HIPPA add on.

Note: If the instance has already been provisioned, the database will need to be migrated to a database server that supports TDE, and then the database will need to be encrypted. If the database is small, this should only require an hour or so of downtime. However, if this is a large database, the downtime could be significant.

see: http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/General/DatabaseEncryption.htm

5.) Oracle Eloqua HIPAA Advanced Data Security Add-On Cloud Service

The Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service (i.e. HIPAA add-on) enables marketers to interact directly with healthcare consumers in a secure and compliant way. Once provisioned, client admins will need to set up and administer HIPAA-specific categories, opt-in welcome emails, email groups, campaigns, login forms, and various success/failure landing pages as documented below.

see: https://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/pdf/OracleEloqua_HIPAA_ConfigurationGuide.pdf

Note: The HIPAA add-on is included in some industry-specific trims. It is also available for all Eloqua trims (Basic, Standard and Enterprise).

Requires: Oracle Eloqua SSL Certificate Self Purchase


Other Eloqua security features:

Contact Level Security (CLS) using Security Labels

Contact security allows you to create labels and apply them to both users and contacts in your database. Users in a security group can only access contacts that are assigned the same label(s) as them. Labels are then applied to contacts through a program that you build and activate in the label assignment workflow canvas.

see: http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/ContactSecurity/ContactSecurity.htm

see: http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/General/RunAsUser.htm

Requires Oracle Eloqua Security Administration Cloud Service (see SKU previously described above)

Action Permissions vs. Interface Access Permissions

Action permissions control the functions users have access to while in an area of the Oracle Eloqua interface. Action permissions go hand in hand with interface access permissions. While interface access permissions determine what page or navigational area the users can access, action permissions determine what users can do within that interface.

Asset Security

To control access to assets, Eloqua has a standard security framework that behaves the same across all assets. Users and groups can be granted view, edit, delete, and set security permissions for specific assets.

see: http://docs.oracle.com/cloud/latest/marketingcs_gs/OMCAA/Help/Security/AssetSecurity.htm

Eloqua’s Layered Environmental Security

Eloqua has successfully completed both the Type I and Type II Statement of Auditing Standards (SAS) 70 audits. SAS 70 is an internationally recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). This standard helps companies identify service organizations that comply with defined business processes and audit standards. Eloqua’s SAS 70 audit, focused on the following key components of internal control: production system operations, development and quality assurance, human resources policies and practices, management oversight, and monitoring of the above. The resulting Independent Service Auditor's Report concluded that Eloqua had instituted the effective operational controls within these areas.

Eloqua maintains a record of zero known security breaches, and the company's data is hosted at Verizon, a SAS 70 Type II audited data center. Eloqua is the only marketing automation provider to boast both SAS 70 audited software platform and be hosted in a SAS 70 audited facility, underscoring its unrivaled commitment to the highest operational standards. Eloqua’s layered security philosophy has led to successful practices and measures that provide the environment necessary for businesses to achieve high productivity.

see: https://community.oracle.com/servlet/JiveServlet/download/896293-1-123951/Eloqua_Security_Whitepaper%5B2%5D.pdf

Feel free to add your thoughts and comments.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha

Recent Content