Oracle EBS Browser Support Update 2014

Recently, Microsoft announced, its plan to block out-of-date ActiveX controls starting Sep 2014. ActiveX is a software component of Microsoft Windows. If you have Internet Explorer, then ActiveX is already installed on your computer. ActiveXcontrols are small programs, sometimes called add-ons that are used on the Internet. Oracle Forms in R12 E-Business Suite works on this ActiveX control (by using specific Java add-on).

 Internet Explorer 9 through Internet Explorer 11

Internet Explorer 8

It’s a known fact that, Oracle is slow in expanding the list of officially certified browsers (and browser versions) with E-Business Suite. That’s why oracle EBS users and developers (especially midsize enterprises) usually disable/degrade the browser updates and stick to older versions of IE. This exposes their computing environments to exploiters. Don’t believe that? Read this Microsoft SIR Volume 16 (page 14). It says, in 2013, there is an increasing trend towards reported vulnerabilities because of out-of-date Java Runtime Environment (JRE). In fact, these accounts to 84.6 to 98.5 percent of total exploit kit related detections. This number is alarming. 

Best way to protect the computing environments is to keep the JREs updated to latest available in Java official site. This won’t always be possible for EBS users and developers, because of two reasons. First, EBS is slow in certifying browser versions and JREs. Second, even if Oracle certifies, enterprises/businesses needs to complete the testing cycle, to make sure nothing breaks after upgrades, a significant time and resource intensive task. Sometimes, these upgrades are not necessarily work station upgrades and might needs upgrades on EBS servers too.

Well, there is a temporary solution to this dead lock. Just keep on installing the JRE updates, without major upgrades (i.e from JRE6 to JRE7 etc.). Oracle recently certified JRE version 6 update 81 with  Oracle E-Business Suite. This update is available as a part of Java JDK tool kit (Patch 19071743: Oracle JDK 6 Update 81 b32).

Permanent solution would be to wait, until Oracle gives up the conventional certification methodology and come up with bring-your-own-device (BYOD) approach. This becomes reality when industry adopts Oracle Fusion middleware.

Reference:

IE’s new ActiveX blocking policy

Trend Watch after TARGET Data Breach

This blog post is only my personal view, based on observations.

Everyone who is reading this post must be aware of recent TARGET Data Breach. There is no doubt, this news has shaken IT world for a moment and every company should have reviewed their current status of in-house systems which are crucial to running their business. Such security/data breaches cost business, time and credibility big time.

Well, context is all set for main point…. Yes, I am talking about the security on ERP systems like Oracle APPs or SAP. Any medium and big companies/organizations must be dependent on ERP systems, be it supply chain management, CRM, HR or Financials. Most of the systems are restricted to company staff and less likely vulnerable to outsiders (may not be true always).

ERP systems generally use the encryption technologies to restrict the data thefts but there is always big concern on authorized employees having access to un-authorized modules and hack the information.

Companies/Organizations drive security on ERP systems because ERP systems are installed and maintained in-house. According to some surveys, companies lose 3-6% of their revenues every year because of ERP systems malfunctioning, be it because of down-town or system issues. This trend is going to change because of target incident. Organizations soon will realize driving security may not be fool proof always and they start looking for implementations which comes with in-built security features, which has better monitoring tools, immediate alerts in case of un-authorized access etc…

Yes, I am talking about ERPs on CLOUD…. This is going to be future trend big time. I am not arguing that hosting ERPs on Cloud is secure as on today but doing so, organizations will get lot of flexibilities, opportunities to improve, good monitoring/audit tools and comes with other advantages of using cloud too.

Hoping for the best and waiting to see this interesting trend in near future….