As more customer, partner and employee interactions happen over internet-connected, digital channels and the threat landscape becomes more complex and varied, the imperative for security has compounded. That’s why Oracle Cloud Infrastructure takes a different approach to security, one that extends from the core infrastructure (including the database) to the user edge.
Oracle Cloud Infrastructure's core-to-edge security strategy protects you and your organization from a variety of external and internal threats and incorporates common management of events, alerts, and orchestration of mitigations.
Adding the edge to the core brings many benefits, including:
New edge security services including a web application firewall and DDoS protection were announced at Oracle OpenWorld 2018 to provide a secure cloud with reliable performance. The services run on the new globally-distributed Oracle Cloud Infrastructure Edge Network and are designed to alleviate many enterprise cloud migration concerns. Oracle edge security services can protect any application in any cloud and any on-premises infrastructure.
The cloud edge is where users and devices connect to the network. That makes it both a crucial point for users’ interactions with applications in the cloud and a potential launch-point of attacks.
An enterprise-ready cloud needs to include an edge network that provides the following:
Many applications and services are designed to work at the edge, leveraging compute from the devices on which they are accessed, as well as workloads on the nearest cloud server. Today, that needs to be just about anywhere to enable business-critical functions. As the capacity of core networks is outstripped by computational intensity, organizations become more reliant on edge services, servers, and devices themselves to process business logic.
Oracle's edge network is deployed close to end users in many markets and complements the large, secure Oracle Cloud Infrastructure regions that host workloads by adding an important layer of security and performance for traffic coming into web applications. The network has now been deployed at scale in globally distributed, very high-capacity points of presence (POPs). Each POP is fully redundant, multi-tenant, fault-tolerant, and self-repairing.
The compute capacity of the edge network secures applications at the edge before requests and data are routed optimally to an Oracle cloud region, any other cloud provider, or on-premises infrastructures used by Oracle customers.
Below is a map of Oracle Cloud Infrastructure Edge Network POPs. Fifteen locations are dedicated to application security, and five locations have high-capacity DDoS scrubbing centers. Nineteen locations are dedicated to DNS.
Security is the top cloud challenge of 2018; 77% of IT professionals identified it as a challenge in the RightScale 2018 State of the Cloud Survey. And when it comes to security, location is key. Oracle Cloud Infrastructure’s security defense platform sits at the network edge, away from the core web server infrastructure and closer to the end user. Hence, the process of detection and mitigation happens before the potential threat reaches your network. Additionally, this configuration allows users to run ad hoc security defenses based on specific events -- say, the escalation of an attack -- or focus on only a specific section of applications that need to be addressed during an attack without affecting the rest of the infrastructure.
How an application security POP works at the edge
Enterprises commonly use several cloud providers, often in combination with on-premises legacy systems. This is why all security services that run on the Oracle Cloud Infrastructure Edge Network are designed to work independently from where applications are hosted. This design is especially important for security and performance, as it allows for a global view of all events and monitoring and protection of all and any applications in one unique platform -- regardless of where these applications are hosted and regardless of the delivery mechanisms. The edge security services are a pure, cloud native, multi-tenant solution.
One of the largest impediments enterprises face is maintaining a strong security posture during a migration of workloads to the cloud. Oracle understands this concern and has built tools and solutions that support this transition. Because the application security services are independent from the hosting location(s) of the applications, the same security postures that applied to the old infrastructure continue to apply seamlessly to the new infrastructure before, during, and after the migration.
Hence, to take the risk out of the move-and-improve process, Oracle recommends that Oracle application security services are activated on the current applications sitting within the old infrastructure before the migration. Then, as the customer migrates their application servers to the new target infrastructure, all security services are already in place and activated.
This is a key differentiator from the rest of the infrastructure as a service (IaaS) market, which can't offer the same no-risk solution for an enterprise cloud migration.
Oracle has also deployed a deep monitoring network that provides data on internet performance and security events all over the world, with real-time information about performance degradation, internet routing changes, and network security alerts. Oracle Cloud products, such as Market Performance and IP Troubleshooting, and based on this Internet Intelligence data.
Oracle’s Internet Intelligence Map monitors the volatility of the internet as a whole. With ever more organizations relying on third-party providers for their most critical services, monitoring the collective health of the internet is increasingly important.
Data gathered by the Oracle Cloud Infrastructure Edge Network is also used to provide valuable insight to the Oracle Security Research team around BGP route changes and DDoS activation worldwide. The Oracle Security Research team is able to monitor 250 million route updates per day, including where DDoS protection is being activated and when attacks are occurring. We measure the quality, in near real time, of any cloud DDoS protection activation by most cloud-based DDoS vendors. This information can be used to measure the effectiveness of protection solutions.
The agility, scalability, and integration capabilities of the cloud, combined with extensive cost savings, have made migration to the cloud a necessity for enterprise-grade organizations. However, there are risks involved in an enterprise cloud migration, concerning everything from security to the sheer scale of such a move. Oracle Cloud Infrastructure was designed with this in mind.
Security is a core pillar of everything we do, from deploying data centers and architecting networks to monitoring and scaling services. The Oracle Cloud Infrastructure Edge Network is part of Oracle’s forward-looking strategy. As the world moves to the cloud, we provide a core-to-edge solution to do so securely, efficiently, and without boundaries.