We hear often from customers that traditional cloud security is too hard.  They have too many security tools, too many security vendors, and too much security complexity as they strive to keep all their applications and cloud tenancies secure. According to the Oracle and KPMG Cloud Threat Report, 78 percent of organizations use more than 50 discrete cybersecurity products to address security issues. In fact, Gartner® recognizes that “through 2025, more than 99% of cloud breaches will have a root cause of preventable misconfigurations or mistakes by end users”¹. We believe there is a better way to address cloud security. For many customers, implementing security requires stitching together a set of disparate tools. In contrast, OCI offers built-in security services, at no additional cost, that don’t require complex integrations. As part of our ongoing innovations to make it easier for organizations to secure their cloud data, today we are announcing four new and enhanced security services that are integrated, make security simple, and offer prescriptive guidance: OCI Web Application Firewall for Flexible Load Balancers, OCI Vulnerability Scanning Service, OCI Bastion, and OCI Certificates.

Oracle Cloud Security Success to Date

These new and enhanced services complement our existing OCI security innovations, including Oracle Cloud Guard and Oracle Security Zones. In September 2020, Clay Magouyrk, executive vice president, Oracle Cloud Infrastructure recognized that “Security has been a critical design consideration across Oracle Cloud for years. We believe security should be foundational and built in, and customers shouldn’t be forced to make tradeoffs between security and cost. With Oracle Cloud Guard and Oracle Maximum Security Zones’ security automation and embedded expertise, customers can feel confident running their business-critical workloads on Oracle Cloud.”

Customers and analysts have also recognized the value of Cloud Guard and Security Zones:

  • Motorola Solutions Inc.’s Scott Shepard, Senior Director of IT Infrastructure and Information Security recently stated that “Oracle Cloud Guard gave us greater security monitoring capabilities, including the ability to shift from merely detecting security vulnerabilities to responding and enforcing security policy. We have also been able to see a 15% reduction in our financial spend in the security space by consolidating and leveraging Oracle Cloud Guard.”
  • Kuppinger Cole’s Mike Small wrote in a recent Executive View that “Oracle Cloud Guard strongly matches KuppingerCole’s recommended functionality for Cloud Security Posture Management (CSPM) within the Oracle Cloud Infrastructure.”
  • Omdia Research’s Maxine Holt, Senior Research Director for Cybersecurity, wrote “Oracle Cloud Infrastructure has taken a robust approach to cloud security, with strong security controls easily available for free.”             

Ongoing Security Innovations

As part of our innovation cycle, we believe it is important that we continuously enhance and expand our foundational security capabilities. We are focused on helping organizations reduce risk by providing a growing set of security capabilities that are simple, prescriptive, and integrated while keeping security as a design principle across OCI. Oracle has taken an integrated security services approach, which reduces the burden on our customers, enabling them to focus more time on improving their core business.

  • Oracle Cloud Infrastructure Web Application Firewall (OCI WAF) for Flexible Load Balancers—OCI WAF is a cloud-based security service that helps protect an organization’s web applications from malicious and unwanted internet traffic. Now customers can directly apply and enforce OCI WAF protection on their Flexible Load Balancer (both Public and Private) instances. WAF enforcement on the Flexible Load Balancer helps further strengthen the security posture of your applications by protecting them from the common web vulnerabilities, as identified by OWASP top 10 vulnerabilities, allowing customers to secure both their internet-facing as well as their internal application workloads. In addition, we are introducing a new flexible and simplified pricing for OCI WAF comprised of two components—WAF Instance and WAF Requests. The service is available to try in the Oracle Free Cloud trial.
  • Oracle Cloud Infrastructure Vulnerability Scanning Service (OCI VSS) is now available to help customers identify and address risks from unpatched vulnerabilities and open ports by assessing and monitoring cloud hosts. We integrated OCI VSS with Cloud Guard to enable customers to quickly and automatically identify vulnerabilities and common misconfigurations to help them improve the security postures of their OCI instances. The service is available to all OCI customers at no additional cost.
  • Oracle Cloud Infrastructure Bastion (OCI Bastion) helps customers gain restricted and time-limited secure access to resources that don’t have public endpoints and require strict resource access controls. OCI Bastion service is a fully managed service providing secure and ephemeral Secure Shell (SSH) access to the private resources in OCI. Like the bastion fortress of medieval times, the service improves security posture by providing an additional layer of defense against external threats. The service is available in the OCI Free Tier and is included with OCI paid tenancies.
  • Oracle Cloud Infrastructure Certificates (OCI Certificates) is a new cloud X.509 certificate service designed to help solve the issue of certificate management for Transport Layer Security (TLS) connections. OCI Certificates service enables customers to easily create private Certificate Authority (CA) hierarchies and TLS certificates and then deploy them to integrated services such as the load balancer and API gateway. These certificates are backed by a FIPS 140-2 Level 3 Hardware Security Module (HSM). The service has taken a long, and sometimes confusing, process of creating and managing CAs and certificates and made it simple. OCI Certificates service is available in the OCI Free Tier and is included with OCI paid tenancies.

Security Integrated by Design

Customers shouldn’t be forced to make tradeoffs between security and cost as they use the cloud. Instead, cloud security should be foundational and built in. By integrating our newest security services into Cloud Guard and Security Zones, we provide continuous monitoring of security posture and enforce security policy so that it’s harder to make configuration errors in the first place.

Here are quotes from our customers who have tried out our newest services:

Try New Oracle Cloud Security Services Today

You can try out the new Oracle Cloud Infrastructure security services to experience security that is integrated, simple, and offers prescriptive guidance across IaaS and SaaS. There is no cost for many of our cloud security services and they are included services with paid tenancies.  You can try the newly announced services with the 30-day free trial. I invite you to watch our announcement where we share the latest updates, show a demonstration of the integration of all four new security services, and hear from our customers. Keep in touch with us on our Oracle Cloud Security blog, Twitter, Facebook, and LinkedIn channels to continue to see our latest innovations.

Resources

¹ Gartner, Hype CycleTM for Cloud Security, 2021, Infrastructure SecurityCloud and Edge InfrastructureSecurity of Applications and Data, 27 July 2021.

GARTNER and HYPE CYCLE are registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.