John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
Three Salesforce Experience Cloud security alerts in six months. Three. Same platform, same general attack surface, same 180-day window.
That’s not bad luck. That’s someone working your enterprise apps like a job.
Experience Cloud is the layer that powers your customer-facing portals. When it gets compromised, you’re not leaking internal docs. You’re leaking customer PII, order history, support tickets. The stuff that makes lawsuits.
And while Salesforce admins were digesting that news, Michelin confirmed a data breach tied to Oracle E-Business Suite. Michelin isn’t some startup. They’re a Fortune Global 500 running Oracle EBS across 170+ countries. That’s financials, HR, supply chain, procurement. All of it potentially exposed.
Oracle EBS shops tend to have legacy configs, infrequent patching, and broad internal network access. Attackers know this. It’s exactly why they’re looking there.
Here’s what’s changed: the old model assumed that if you hardened the perimeter and locked down endpoints, your business apps were safe enough. But why would an attacker bother fighting through your perimeter when they can hit Salesforce or Oracle directly?
If you’re a Salesforce admin, go check your Experience Cloud guest user permissions right now. Audit sharing rules. Look for recently added connected apps. Don’t wait for the quarterly review.
If you run Oracle EBS, check your patch status and network access controls today. Not next sprint. Today.
The enterprise application layer is where your business actually lives. Treat it that way.