Secure Oracle Data Intelligence Platform Services with Zero Trust Packet Routing – A Series Overview

Oracle Data Intelligence Platform in Oracle Cloud Infrastructure (OCI) provides a set of data services that help organizations manage, process, and integrate vast amounts of data efficiently. These services, tailored for cloud environments, span data discovery, big data processing, integration, and governance.

• Data lake services: Oracle Big Data Service (BDS), OCI Data Flow (DFS), OCI Data Catalog, Oracle Intelligent Data Lake* (IDL)
• Data motion and integration services: OCI Data Integration (DIS)

* Oracle Intelligent Data Lake (IDL) is a new data lake service in the Oracle Data Intelligence Platform. For a deeper understanding, check the blog Oracle’s Unique 360-degree vision for Data Intelligence.

This blog series provides best practices, architectural diagrams, and links to documentation to help you successfully deploy Zero Trust Packet Routing (ZPR) to secure Oracle Data Intelligence Platform services such as Big Data Service, OCI Data Flow, OCI Data Integration, and the data sources they connect to.

The blog series includes the following additional articles:

• Prepare Zero Trust Packet Routing Components for Securing Oracle Data Intelligence Platform Services
• Secure Oracle Big Data Service using Zero Trust Packet Routing
• Secure Oracle Cloud Infrastructure Data Flow using Zero Trust Packet Routing

To follow the articles in this blog series you need:

• An existing OCI tenancy.
• Privileges to manage resources in the compartments secured with ZPR.
• Privileges to manage ZPR policies in the tenancy.

The OCI Zero Trust Packet Routing documentation provides an excellent introduction and a short video.

ZPR helps to prevent unauthorized access to data by decoupling network security policies from the underlying network architecture. Using an easily understood and intent-based policy language, functional security administrators can define specific access pathways for data that build upon the foundation of network firewalls, route tables, and security lists managed by network administrators.

ZPR policies require the network administration components but take precedence over them. For example, security lists and route tables in a VCN (Virtual Cloud Network) may allow all resources in a subnet to connect to the resources in another subnet. ZPR policies can restrict access to only the resources explicitly assigned to ZPR security attributes referenced in a ZPR policy.

This diagram shows how ZPR requires and builds upon an existing network security framework.

This diagram shows an existing network security framework that allows network traffic from users through two gateways.

This diagram shows that ZPR takes precedence over the existing network security framework and allows network traffic from users through only one gateway.