If regulatory compliance isn't a top priority as you move infrastructure and applications to the cloud, it should be.
Organizations of all sizes and across all verticals are subject to various industry and government regulations. Cloud infrastructure migration and cloud-native application development complicate compliance because they open up protected data to be handled by more parties and stored in more locations.
The top cause of data breaches are attacks on websites and applications, so web app security must be a part of any cloud compliance strategy.
Web application attacks caused 21% of all data breaches that occurred in 2017, up from 10% the year before, according to the Verizon Data Breach Investigations Report. And 23% of organizations fell victim to at least one of these attacks in the past year, according to a Spiceworks survey on web application security.
Web application servers are appealing targets because they may contain valuable customer data, including medical records and credit card information, both of which have regulations (HIPAA and PCI DSS, respectively) that govern their handling and protection. Effective cloud compliance depends on technology that prevents unauthorized access to these types of data, and a cloud-based web application firewall helps do just that.
Web application security alone, however, can't completely address cloud compliance. Startups and enterprises alike are building more cloud-native applications, which often rely on third-party APIs and other components that are not directly controlled or managed by the organization itself. That's why these companies need an enterprise-grade cloud that provides a secure and compliant infrastructure and application platform.
Oracle's offerings address not only the web application security aspect of cloud compliance, but also the broader concerns around Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).
The Oracle Dyn Web Application Firewall hides the origin of the web server, which makes it harder for attackers to reach. It also inspects all incoming traffic and blocks malicious requests, and it inspects outgoing traffic to protect against breaches of regulated data. The service has prebuilt rule sets for PCI DSS and other regulations that check whether the web server is attempting to transmit data in a manner that would result in a compliance violation—and if so, it blocks that traffic.
And because, as I mentioned, the increasing use of APIs creates a larger attack surface, we offer Oracle Dyn API Protection to prevent malicious calls from reaching your network.
In addition, Oracle Cloud Infrastructure, an IaaS and PaaS offering, holds a PCI DSS Attestation of Compliance for more than a dozen infrastructure and application services. Oracle Cloud Infrastructure also holds an attestation for HIPAA's rules around security, breach notifications, and where applicable, privacy.
Your customers' data is your biggest asset. It can also be your biggest liability. Web application security, combined with the right cloud platform, can help keep it safe and compliant.
VP of Product Strategy, Oracle Cloud Infrastructure and GM, Oracle Dyn Global Business Unit