Introduction
Patch Solutions – PatchPay service, provides HRMS & Payroll as a service based on Oracle Fusion HCM Cloud, Oracle eBusiness Suite applications and Oracle Database 23ai. By combining the capabilities of Oracle Payroll and Oracle Fusion HCM Cloud, PatchPay offers an end-to-end enterprise class HCM & payroll solution. The Oracle Payroll application within Oracle eBusiness Suite, hosted and managed by Patch Solutions, is provided as a subscription service.
BSC – a long term partner and service provider to Patch Solutions, provides the cloud managed services and technical expertise to keep PatchPay available 24x7x365, including comprehensive security management and monitoring.
Company Overview
Patch Solutions are a leading provider for Oracle HCM and Payroll consulting, support and managed services. Patch Solutions are based in Sydney, Australia and service customers globally. As a provider of mission-critical payroll and HR services, security and data protection are paramount to maintaining customer trust and regulatory compliance.
BSC provides consulting, support and hosting services for the Oracle technology stack. BSC provide the private cloud platform and management services for the PatchPay solution, including comprehensive security architecture and monitoring. BSC are based in Sydney, Australia and service customers globally.
Challenge/Problem
Following the successful migration of PatchPay to OCI, Patch Solutions and BSC identified several critical security challenges that needed to be addressed to maintain enterprise-grade protection for their customers’ sensitive HR and payroll data:
Multi-vendor Security Complexity and Escalating Costs
- Never-ending cost and complexity increases for on-premise security solutions with multi-vendor platforms having to be used.
- Multiple commercial security tools required separate licensing, support contracts, and specialised expertise.
- Integration complexity between disparate security solutions created operational overhead and potential security gaps.
Enhanced Oracle Database Security Requirements
- Need for advanced database protection beyond traditional network access controls and role-based security.
- Requirement for runtime query-level protection to prevent malicious queries from authenticated users.
- Demand for centralised audit management and real-time security monitoring across multiple database instances.
- Need for sophisticated audit visualisation and reporting capabilities with automated alerting.
Inadequate Audit Visibility and Reporting
- Limited options to visualise and effectively report on Oracle Fine Grained Audit information.
- Compliance reporting for payroll and HR data required significant manual effort to consolidate audit logs.
- Lack of centralised audit management across multiple database instances supporting PatchPay.
Manual Security Assessment Procedures
- Complex, manual procedures to configure and run Oracle Database security assessment reports at scale.
- Security posture assessments were infrequent due to resource constraints and time-consuming manual processes.
- Inconsistent security configuration across multiple client environments within the PatchPay platform.
Solution
After evaluating security requirements for the PatchPay platform on OCI, Patch Solutions and BSC implemented Oracle Cloud Infrastructure’s comprehensive native security services. This strategic decision addressed all identified security challenges while significantly reducing complexity and operational costs:
Consolidated Native Security Platform
OCI security services cover cloud network, storage, compute and database resources for a comprehensive view of the platform security posture. The value of this service is amplified by the fact that these capabilities are “baked-in” to the OCI platform and require minimal effort and cost to start using.
- OCI native cloud security services replaced a number of commercial and bespoke security solutions offering far greater capability at a much lower price point.
- Unified security management eliminated multiple vendor relationships and simplified security operations.
- Native integration between OCI security services provided comprehensive protection without complex third-party integrations.
Enterprise Database Protection and Recovery
Immutable, offsite Oracle Database backups are essential in the modern threat landscape. OCI provides secure, cost effective backups that are easy to configure and very low cost compared to alternative solutions.
- Oracle Autonomous Recovery service provides a resilient, secure database backup solution with near real time data protection capabilities.
- Backups are secured and protected against ransomware attacks via immutable and deletion protected backups.
- Cross-region backup replication ensures business continuity for critical payroll and HR data.
Centralised Audit Management
- Oracle Data Safe provides a consolidated platform to manage and view audit configuration and data across all PatchPay database instances.
- Audit alerting and monitoring can be configured within Data Safe avoiding the overheads of maintaining a seperate log management platform.
- Centralised audit dashboard provides complete visibility into database access patterns and potential security threats.
Proactive Security Monitoring
- Oracle Cloud Guard provides proactive security assessment and reporting of the OCI tenancy with actionable recommendations to improve the tenancy cloud posture.
- Enhanced security capabilities through the use of SQL Firewall in Oracle Database 23ai provide real-time threat detection.
- Automated security monitoring eliminates manual assessment procedures and provides continuous compliance validation.
- Real-time security alerts enable rapid response to potential threats across the PatchPay platform.
Advanced Network Security
- OCI Security Zones provide policy based network security beyond the VCN access controls provided in Security Lists and Network Security Groups.
- Comprehensive network protection ensures secure access to sensitive payroll and HR data Policy-based security controls provide consistent protection across all PatchPay environments.
Benefits
The implementation of OCI’s native security services has delivered transformational improvements to the security posture and operational efficiency of the PatchPay platform:
Enhanced Security Visibility and Incident Response
- Far greater visibility into user database activity with reporting and event notification.
- Real-time monitoring and alerting capabilities reduce security incident response times from hours to minutes.
- Far greater visibility of security posture across multiple layers of the technology stack.
Robust Data Protection for Critical Business Data
- Secure, immutable cross-site Oracle Database backups protect critical payroll and HR data.
- Near real-time backup capabilities ensure minimal data loss potential for business-critical information.
- Ransomware protection through immutable backups eliminates a significant threat to customer data.
Operational Efficiency and Cost Reduction
- Consolidated security platform reduced overall security solution costs by approximately 45%.
- Automated security assessments and compliance reporting reduced manual security management effort by 70%.
- Simplified security architecture reduced the specialized expertise required across the BSC support team.
Scalable Security Architecture
- Cloud-native security services scale automatically with PatchPay platform growth.
- Consistent security policies and controls across all customer environments.
- Flexibility to implement additional security controls as customer requirements evolve.
Customer Quotes
“The comprehensive security capabilities of OCI’s native services have transformed how we protect our customers’ sensitive payroll and HR data. We’ve achieved enterprise-grade security at a fraction of the cost and complexity of our previous approach, which allows us to focus on delivering exceptional payroll services rather than managing multiple security vendors.” – John Sale, Patch Solutions
“Implementing OCI’s integrated security services has given us unprecedented visibility into our security posture while significantly reducing our operational overhead. Our customers can be confident that their data is protected by world-class security controls, and we can demonstrate our security capabilities through comprehensive reporting and monitoring.” – Mark Burgess, BSC
