kras99 - stock.adobe.com
Oracle has upgraded its HCM Cloud security capabilities in a way that might make HR managers more involved in protecting data.
The upgrade includes the ability to identify security risks based on time, frequency, location, role and employee responsibility. If employee behavior is outside the norm for a particular individual, it might trigger an alert. The system, which uses AI and is available to Advanced HCM Controls customers, will also prioritize alerts.
The system uses graph-based analytics to detect security anomalies; supervised learning for better results and to provide training data for machine learning; statistical algorithms to uncover risks and refine the rules; and other AI-related capabilities.
It can send alerts to IT and HR managers, and Oracle believes that this will help improve cooperation. Both HR and IT will have to assess risk.
"Cybersecurity is no longer something you can silo," said Aman Desouza, senior director of risk cloud strategy at Oracle. "Everyone is responsible for it."
Mark Taylor, CEO of the Society for Information Management, an organization for senior IT professionals, said there is a "natural propensity" toward silos in business.
But the idea that HR takes care of the people and IT takes care of the technology doesn't meet the needs today, according to Taylor. "The reality is it's so integrated," he said.
Both Desouza and Taylor noted that cooperation between HR and IT security is dependent on organizational maturity. This need for cooperation is growing, Taylor said.
With COVID-19's effects on remote work, "there's suddenly a more pressing need for collaboration between HR and and the IT department simply because everyone is now dispersed," Taylor said. Organizations need to know where their employees are and where they have permission to be, he said.
Insiders pose biggest HR risk
HR is generally considered a top target for breaches because of the type of data it manages.
"Most of the intrusions happen due to an insider, whether malicious or accidental," said Avishai Avivi, CISO at SafeBreach Inc. in Sunnyvale, Calif.
A growing area of work in IT security is modeling user behavior, which includes everything from logins to browsing habits, Avivi said.
Aman DesouzaSenior director of risk cloud strategy, Oracle
The challenge is in the creation of these user models, Avivi said. A system that flags employees' browsing may not know that the employee is looking at specific websites because it's their job to do so. Understanding this requires a dialogue with HR. "You do need to have a back and forth between HR and security," he said.
Oracle said that many customers don't have the staff from an HR and security perspective to stay on top of the security risks, and it believes AI-based tools will help bridge that problem, said Sherri Bartels, director of HCM product strategy at Oracle.
"The problem is not getting any better; it's getting worse, from a threat perspective and a compliance perspective," Bartels said.
Patrick Thibodeau covers HCM and ERP technologies for TechTarget. He's worked for more than two decades as an enterprise IT reporter.