When I talk with customers, they tell me that they feel like protecting their cloud resources and applications requires constant diligence. And sometimes it feels like they are constantly juggling priorities with not enough resources. This customer sentiment also aligns with the challenges we are seeing from industry data. IDC recently found that 33% of organizations worldwide have experienced a ransomware attack or breach (IDC, IDC’s 2021 Ransomware Study: Where You Are Matters!, Doc #US US48093721, Jul 2021); however, almost 4 million global cybersecurity positions cannot be filled, as highlighted from the (ISC)² Cybersecurity Workforce Study. As a result, 82% of data breaches have involved the human element, including social attacks, errors, and misuse (Verizon’s 2022 Data Breach Investigations Report).

By making security foundational and built into Oracle Cloud Infrastructure (OCI), Oracle helps you address regulatory compliance related to data security and regional sovereignty requirements and laws, helps you stay on top of security threats and concerns, and helps prevent security-related outages. OCI security services are simple and easy to use, deeply integrated across the infrastructure, applications, third-party clouds, and sovereign regions, and give you control over your security across all types of cloud deployments. The security capabilities you get from OCI are battle-tested.

We are excited to share how our security innovations can help you.  Join me in my session at Oracle CloudWorld on Tuesday, October 18th at 5pm PT, Cloud Security: Preparing for the New Normal [SOL3754].

Simple and Effortless Security

We have implemented a security model to help customers adopt a defense in depth strategy. To begin, Oracle has built automation and prescriptive guidance into our security services to help make it easier for you to adopt and maintain effective technical security controls. By providing security that is simple and easy to implement, OCI services do more of the heavy lifting, helping your security professionals focus on strategic security projects.
 

Simple and Effortless Security

First, we help make sure your database and storage are secure, encrypting data and masking data to help prevent it from falling into the wrong hands with services such as Data Safe and the newest MySQL Heatwave database security capabilities. We have built security into the cloud compute level and operating system, with a hardware root of trust card and tenant isolation as well as Autonomous Linux to help reduce the risk of attacks and malware. Oracle also helps you manage your security posture easily, detect and address threats, and manage vulnerabilities with Oracle Cloud Guard and Oracle Security Zones.

“Cloud Guard was the first thing we did when we got our tenancy. It is a great security monitoring tool and we also use compartments, policies, and Logging Analytics to maintain visibility and control. Together with logs from OCI IAM identity domains, we’re able to access all of our logs in a single location and customize the dashboards we need for complete visibility. The fact that this detailed view is all streamlined is a big win for customers.”

Lance Braswell, Cloud Architect, Cisco Systems, Inc.

Finally, we are building a Configuration Management Database (CMDB) solution, which will give you the visibility and control you need to manage your software supply-chain on OCI and allow you to identify software packages and dependencies faster.

Deeply Integrated Security

Oracle also integrates security across the infrastructure, applications, and distributed clouds (i.e., infrastructure running on multiple cloud providers and/or on premises) with OCI-native services and third-party offerings. By having security integrated across all parts of the cloud, you can have a more unified view of your security posture and possible threats, helping you quickly deploy and streamline the management of your security. At Oracle Cloud World, we are excited to announce the availability of security services that are not only integrated within Oracle Cloud Infrastructure, but also integrated with a number of Oracle SaaS applications, technology partners, and distributed clouds.

In addition, we hear from our customers that they rarely adopt only one cloud offering; they typically work with multiple cloud providers. According to IDC, 70% of organizations have adopted multi- or hybrid-cloud strategies (IDC, What Are Enterprise “Multicloud” Adoption Trends When It Comes to Infrastructure Deployment?, Doc #US48902122, Mar 2022). Oracle and Microsoft recently announced an Oracle managed service that helps enable customers to easily provision and manage Oracle database running on OCI with a Microsoft Azure-native experience. With this alliance, the two cloud providers offer a connected cloud to help simplify multi-cloud deployments and management so you can run mission-critical enterprise workloads across clouds.

Complete Control and Sovereignty

As data privacy laws tighten globally, businesses are pressured to adhere to these demands or face high fines and in some cases, may be forced to withdraw from doing business. There are numerous multi-million dollar fines resulting from non-compliance to GDPR (General Data Protection Regulation) in the European Union (EU) today. Oracle can help you handle your data privacy needs in two dimensions: physical infrastructure and software.

The different infrastructure deployment models of OCI help you control how you consume your cloud tenancy, with OCI public cloud, Dedicated Region, and the newest government sovereign cloud. With these offerings, you have control over your data and operations to help satisfy local government and regulatory demands. We also recently announced the Oracle Sovereign Cloud for the European Union, an EU-specific cloud offering that is isolated from Oracle’s global public cloud regions.

OCI Options

“This level of protection will appeal particularly to the many European government and healthcare organizations that use Oracle database technology to manage sensitive data.  A critical element of the Oracle sovereign cloud announcement is the approach to data sovereignty compliance.”

IDC Link, Oracle Plants Big Sovereignty Flag in EU with Launch of Oracle Sovereign Cloud, doc #lcEUR149505922, July 2022

The next layer is our security software—with our comprehensive security portfolio across diverse cloud deployment models, we offer a suite of capabilities in data protection, loss prevention, and privacy controls so that you can be in complete control of your data. Oracle provides data backup, replication, encryption, and masking. Whichever way you choose to store your data, Oracle provides software and services that you can use to help protect your data. On top of that protection, we are developing discovery and classification tools to help you identify and secure your sensitive data.

Finally, SaaS vendors, regulators, nation state governments and consumers are all struggling to establish a trust framework that solves for privacy protection, data sovereignty and control. Moving forward, we will focus our attention to creating simple, integrated tools and services that enable customers to address their security and assurance objectives. For example, imagine services that help customers prevents protected data from ever leaving a trust boundary, audit how data is handled, and generates compliance reports that can be shared with customers and regulators alike.

Conclusion

Security is more than a collection of parts and tools. By having security that is simple and effortless to implement and deeply integrated across the cloud platform, application, partners, and distributed cloud, Oracle can focus on upleveling our security to help you address key compliance and data sovereignty requirements for your region or across your supply chain. We are excited to share these security innovations with you at Oracle Cloud World and invite you to join me in my session Tuesday, October 18th at 5pm, Cloud Security: Preparing for the New Normal [SOL3754].

Additional links: