Core-to-Edge Security: The Oracle Cloud Infrastructure Edge Network

As more customer, partner and employee interactions happen over internet-connected, digital channels and the threat landscape becomes more complex and varied, the imperative for security has compounded. That’s why Oracle Cloud Infrastructure takes a different approach to security, one that extends from the core infrastructure (including the database) to the user edge.

Oracle Cloud Infrastructure's core-to-edge security strategy protects you and your organization from a variety of external and internal threats and incorporates common management of events, alerts, and orchestration of mitigations.

Adding the edge to the core brings many benefits, including:

• Layers of defense that are designed to secure users, apps, data, and infrastructure
• Defense layer integration, so that detection of a botnet attack at the edge may automatically increase the security warnings and postures in the core
• Support for multi-location workloads (in the cloud, in many clouds, or at the edge), regardless of where users and customers are and what delivery mechanisms they use 
• Automatic detection and mitigation of attacks using simultaneous vectors on the network, user, and application layers
• A deep monitoring network of sensors that provides data on internet performance and security events all over the world

New edge security services including a web application firewall and DDoS protection were announced at Oracle OpenWorld 2018 to provide a secure cloud with reliable performance. The services run on the new globally-distributed Oracle Cloud Infrastructure Edge Network and are designed to alleviate many enterprise cloud migration concerns. Oracle edge security services can protect any application in any cloud and any on-premises infrastructure.

What Is an Edge Network?

The cloud edge is where users and devices connect to the network. That makes it both a crucial point for users’ interactions with applications in the cloud and a potential launch-point of attacks.

An enterprise-ready cloud needs to include an edge network that provides the following:

• Low latency and real-time processing of massive datasets such as web traffic
• Performance acceleration techniques such as load balancing, DNS resolution, local caching, and tracking of internet route changes
• Local learning and automation techniques
• Real-time internet health analysis

Many applications and services are designed to work at the edge, leveraging compute from the devices on which they are accessed, as well as workloads on the nearest cloud server. Today, that needs to be just about anywhere to enable business-critical functions. As the capacity of core networks is outstripped by computational intensity, organizations become more reliant on edge services, servers, and devices themselves to process business logic.

Oracle's edge network is deployed close to end users in many markets and complements the large, secure Oracle Cloud Infrastructure regions that host workloads by adding an important layer of security and performance for traffic coming into web applications. The network has now been deployed at scale in globally distributed, very high-capacity points of presence (POPs). Each POP is fully redundant, multi-tenant, fault-tolerant, and self-repairing.

Helping Move and Improve

One of the largest impediments enterprises face is maintaining a strong security posture during a migration of workloads to the cloud. Oracle understands this concern and has built tools and solutions that support this transition. Because the application security services are independent from the hosting location(s) of the applications, the same security postures that applied to the old infrastructure continue to apply seamlessly to the new infrastructure before, during, and after the migration.

Hence, to take the risk out of the move-and-improve process, Oracle recommends that Oracle application security services are activated on the current applications sitting within the old infrastructure before the migration. Then, as the customer migrates their application servers to the new target infrastructure, all security services are already in place and activated.

This is a key differentiator from the rest of the infrastructure as a service (IaaS) market, which can't offer the same no-risk solution for an enterprise cloud migration.

Deep Monitoring of the Internet

Oracle has also deployed a deep monitoring network that provides data on internet performance and security events all over the world, with real-time information about performance degradation, internet routing changes, and network security alerts. Oracle Cloud products, such as Market Performance and IP Troubleshooting, and based on this Internet Intelligence data.

Oracle’s Internet Intelligence Map monitors the volatility of the internet as a whole. With ever more organizations relying on third-party providers for their most critical services, monitoring the collective health of the internet is increasingly important.

Data gathered by the Oracle Cloud Infrastructure Edge Network is also used to provide valuable insight to the Oracle Security Research team around BGP route changes and DDoS activation worldwide. The Oracle Security Research team is able to monitor 250 million route updates per day, including where DDoS protection is being activated and when attacks are occurring. We measure the quality, in near real time, of any cloud DDoS protection activation by most cloud-based DDoS vendors. This information can be used to measure the effectiveness of protection solutions.

The Pillar of Security

The agility, scalability, and integration capabilities of the cloud, combined with extensive cost savings, have made migration to the cloud a necessity for enterprise-grade organizations. However, there are risks involved in an enterprise cloud migration, concerning everything from security to the sheer scale of such a move. Oracle Cloud Infrastructure was designed with this in mind.

Security is a core pillar of everything we do, from deploying data centers and architecting networks to monitoring and scaling services. The Oracle Cloud Infrastructure Edge Network is part of Oracle’s forward-looking strategy. As the world moves to the cloud, we provide a core-to-edge solution to do so securely, efficiently, and without boundaries.