Customers frequently express concern with trust in the cloud. Though the financial and operational benefits of the cloud are hard to dispute, some are skeptical of the cloud’s ability to protect their critical business data. At Oracle, we continue to develop solutions to help build security and privacy on and in the cloud to help build trust between Oracle as the cloud provider and our customers.

Oracle offers a full stack of cyber security capabilities to be enable our customers to help prevent, monitor, mitigate, protect, encrypt, and access their most important data. All these security capabilities are available throughout our distributed cloud. As a result, our customers can use Oracle Cloud Infrastructure (OCI) to help them meet over 80 global, regional, and industry standards.

Oracle’s approach to building security and privacy on the cloud focuses on three key tenets: simple and effortless, deeply integrated, and offers complete control. With those tenets in mind, we have been continuously innovating with new solutions to help our customers protect themselves in the cloud.

Simple and effortless

As we build our security offerings, Oracle recognizes the importance of providing security services that are simple and prescriptive. By making our security services easy to adopt, our customers can quickly secure their data and applications.

Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM)  now offers an expanded set of authentication options. Although we have supported the FIDO2 standards for several years, we’re now adding authentication for passkeys, adaptive security, delegated authentication to Active Directory, social sign-on, and federation.

Oracle Access Governance offers an intuitive user experience, dynamic access control, and a prescriptive, analytics-driven access review process as a cloud native identity governance and administration (IGA) service. The service helps customers manage access provisioning, get insights into access permission and cloud infrastructure policy reviews, and remediate security risks. With Access Governance, you can automate the distribution and management of access to critical IT resources for cloud infrastructure and applications.

The OCI External Key Management service and OCI Dedicated Key Management service help you further secure your data and address data sovereignty requirements. OCI built External Key Management in partnership with the Thales group, and it enables you encrypt your data using encryption keys that you create and manage outside OCI. OCI Dedicated Key Management gives you control over your encryption keys by using a dedicated, single-tenant Hardware Security Module (HSM) provisioned within OCI.

Oracle Database 23c raises the security bar with the following capabilities available to all databases:

  • SQL Firewall, which helps solve security problems, such as SQL Injection and stolen database log-in credentials by monitoring incoming SQL statements and comparing the session context and submitted statement against the enabled firewall policies.
  • Schema privileges gives the ability to grant access to an entire schema, extending the existing ability to grant access to individual database objects, such as tables or procedures, without the risk of granting system-level access to all tables and procedures.
  • Improvements to network encryption, including support for the latest version of transport layer security (TLS 1.3), which improves throughput by up to 15%, and the ability for TLS to use the OS’s certificate store.

OCI Network Firewall continues to make it easy for networking customers to add firewall enforcement. With the newest release, the service expands the capabilities of the firewall with increased policy scale, enhanced high availability across all availability domains in a region, high throughput, and bulk policy import. OCI Network Firewall allows administrators to grow a single network firewall policy to large enterprise grade levels, have regional high availability across all availability domains in a region, and enhance their user experience with the firewall.

Oracle EU Sovereign Cloud enables private and public sector organizations to gain more control over data privacy and place sensitive data and applications in the cloud in alignment with EU data privacy and sovereignty requirements.

Oracle achieved Top Secret Cloud Authorization by the US Intelligence Community to host Top Secret/Sensitive Compartmented Information (TS/SCI) missions. This new accreditation provides the Department of Defense (DoD) and Intelligence Community (IC) access to OCI innovations and expands Oracle’s enterprise accreditations to support unclassified, controlled unclassified information (CUI), and top-secret workloads.

Deeply integrated

From the beginning, Oracle has developed security that’s integrated deeply across the infrastructure, database, applications, and across clouds. We recognize that our customers don’t have a uniform distributed cloud. We strive to bring security to you, not make you change your security strategy to meet our requirements. 

Oracle Cloud Guard continues expanding coverage to help your security by moving beyond basic cloud security posture management (CSPM) to a cloud native application protection platform (CNAPP) and cloud workload protection platform (CWPP) with the following new features:

  • Log Insight Detector: Create alerts based on results from querying your log objects regardless of source
  • Workload Protection: Monitor your Compute instances to help assess the security state of their fleet  
  • Container Governance: Provides detection and guardrails for Oracle Container Engine for Kubernetes (OKE) deployments

OCI Config is a fully managed, single tenant service that provide insights from OCI and custom resources to address operational, security, and compliance, and analytics use cases. The service stores resource configuration data in a database or a data lake depending on the use case, provides rich, out-of-the-box data visualizations powered by Oracle Analytics Cloud (OAC) and enables data querying using SQL or Apache Spark for large-scale data processing. OCI Config can provide the corresponding resource configuration information to triage and evaluate responses to problems identified by Oracle Cloud Guard. 

A graphic depicting OCI Config.
Figure 1. OCI Config

We also continue to expand our security technology partnerships who have made OCI their home base, including Stellar Cyber, DigiCert, and Qualys. Together, with third-party cloud security partners, Oracle is providing defense in depth across customers’ infrastructure, applications, and development stack.

Complete control

We recognize that you need to maintain control of your data and applications, no matter where they reside. Therefore, the experience of complete control must be consistent on the infrastructure of the distributed cloud. At the same time, as cloud uptake increases and IT environments become more complex with distributed cloud deployments, it’s increasingly difficult for organizations to protect their data using existing practices and tools. For example, most current systems require security teams to coordinate siloed solutions for database, network, and identity security, multiplied by the number of different environments. Ensuring that those solutions are working together as the applications, environments, and users are constantly and independently changing can be difficult. Today’s security systems also require extensive configuration to differentiate types of individuals, such as full-time employees and contractors, in a way that’s not overly permissive or constraining.

 

Oracle is participating in an industry-wide initiative to design a new open standard for network and data security that can help organizations better protect their data in distributed IT environments. Under this new initiative, Oracle is collaborating with Applied Invention, other major technology providers, and other industry leaders. This new standard, Zero Trust Packet Routing, enables networks to collectively enforce shared security policies with an identity-aware security layer that can enforce security policies uniformly across all their systems and users.

 

To support this new initiative, Oracle announces the Oracle Zero Trust Packet Routing Platform, which can help organizations prevent unauthorized access or use of their data without adding extra hurdles for legitimate activities. The platform can enable you to define an intent based security policy with user and data attributes that humans can read, audit, and understand. At the network layer, the technology enforces your security intent and distributes the policy throughout your network. Over time, the platform will continuously monitor system changes to help ensure that the security intent is enforced and allow administrators to audit, validate, and visualize policy enforcement across the network. With the standard and Zero Trust Packet Routing Platform, Oracle elevates cloud security to redefine how you can access, move, and secure data.

 

Conclusion

The combination of the ongoing innovations from the Oracle security team and our vision of how we want to revolutionize network and data security means the emergence of a cloud platform with security posture management, host-based controls, scanning for vulnerabilities and threats, identity and access management, with network control built in and that’s easy to deploy. As Oracle continues to build our security portfolio, these offerings are just the beginning as we continuously innovate to become your most trusted cloud platform.

 

For more information, see the following resources: