Cloud Security Perspectives and Insights

DevOps aims to bring software development and maintenance closer to IT operations. It is designed to deliver new software features, enhancements to existing features, and bug fixes faster than traditional methods and with the same quality.

DevOps aims to bring software development and maintenance closer to IT operations. It is designed to deliver new software features, enhancements to existing features, and bug fixes faster...

As companies transition to the cloud for greater speed and agility, they’re also starting to see security as a cloud benefit rather than a risk. Learn how Oracle Cloud Infrastructure offers organizations security that is built-in, not bolted-on.

As companies transition to the cloud for greater speed and agility, they’re also starting to see security as a cloud benefit rather than a risk. Learn how Oracle Cloud Infrastructure...

If you are running an Oracle Cloud Database in a private Virtual Cloud Network (VCN) on Oracle Cloud Infrastructure, you can now very easily monitor and control your security posture with Oracle Data Safe. Read the blog to learn more.

If you are running an Oracle Cloud Database in a private Virtual Cloud Network (VCN) on Oracle Cloud Infrastructure, you can now very easily monitor and control your security posture with Oracle Data...

Join Oracle and Kapstone for their upcoming Identity Cloud Service webcast, Journey from Fragmented Identity to a Unified IAM.

Join Oracle and Kapstone for their upcoming Identity Cloud Service webcast, Journey from Fragmented Identity to a Unified IAM.

Aquera and Oracle are excited to announce support of the Aquera SCIM Gateway for the Oracle Identity Cloud Service. The Aquera SCIM Gateway and catalog of over 400 connectors are now fully interoperable and supported with IDCS.

Aquera and Oracle are excited to announce support of the Aquera SCIM Gateway for the Oracle Identity Cloud Service. The Aquera SCIM Gateway and catalog of over 400 connectors are now...

As more businesses adopt business-critical cloud services, it is important to find a trusted cloud partner who can help you meet your organization's security and compliance objectives. Keep up to date and boost your cloud security knowledge with some of these new Oracle Security assets.

As more businesses adopt business-critical cloud services, it is important to find a trusted cloud partner who can help you meet your organization's security and compliance objectives. Keep up to date...

Finance leaders are learning that cybersecurity can help advance growth and innovation objectives.

Finance leaders are learning that cybersecurity can help advance growth and innovation objectives.

As a follow up to a previous post, join us for this blog to answer the question, "how do you ensure that an attacker cannot disable or corrupt your security detection framework?" Very simply, it is all about comprehensive monitoring and validation! In cybersecurity infrastructure, you must have a validation framework and lifecycle that develops and executes tests based on collected evidence.

As a follow up to a previous post, join us for this blog to answer the question, "how do you ensure that an attacker cannot disable or corrupt your security detection framework?" Very simply, it...

Based on reader interest on how the Oracle SaaS Cloud Security (SCS) organization uses Oracle Labs PGX for our Automated SaaS Cloud Security Services (ASCSS) infrastructure, I wanted to follow up with an article on one of the advantages of using graph-powered security analytics.  This posting describes how graphs make it very easy for incident responders or security engineers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.

Based on reader interest on how the Oracle SaaS Cloud Security (SCS) organization uses Oracle Labs PGX for our Automated SaaS Cloud Security Services (ASCSS) infrastructure, I wanted to follow up with...

Access our webcast on the Fortinet security solutions available on the Oracle Cloud Marketplace and how it can complement the security features on Oracle Cloud Infrastructure for business-critical workloads.

Access our webcast on the Fortinet security solutions available on the Oracle Cloud Marketplace and how it can complement the security features on Oracle Cloud Infrastructure for...

We learn new things every day, in our conversations with coworkers or the tv shows we watch, but we don’t often set aside time for the purpose of learning.

We learn new things every day, in our conversations with coworkers or the tv shows we watch, but we don’t often set aside time for the purpose of learning.

We're expanding Oracle Cloud Infrastructure Vault from just symmetric encryption keys backed by Hardware Security Modules (HSMs) to include arbitrary secrets. Oracle Cloud Infrastructure Vault Launches today.

We're expanding Oracle Cloud Infrastructure Vault from just symmetric encryption keys backed by Hardware Security Modules (HSMs) to include arbitrary secrets. Oracle Cloud Infrastructure Vault...

Oracle Identity Cloud Service provides users with the ability to securely govern their applications and perform single sign on, multi-factor authentication, user lifecycle management and API access management for a wide variety of cloud and on-premise applications. Working closely with our strategic partner, Kapstone Technologies LLC (KP), Oracle Identity Cloud Service now provides its customers greater flexibility and control over user lifecycle management activities through out of the box integration with 100+ cloud, on premise and legacy applications and platforms.

Oracle Identity Cloud Service provides users with the ability to securely govern their applications and perform single sign on, multi-factor authentication, user lifecycle management and API access...

For first time remote workers, the transition can be daunting. The best way to approach is to learn from others that have already made the leap. To that end in this article you’ll find some tips, suggestions and best practices for people and organizations that are introducing remote work so they can make the transition smoother for everyone involved. 

For first time remote workers, the transition can be daunting. The best way to approach is to learn from others that have already made the leap. To that end in this article you’ll find some...

This week we wanted to share how Oracle’s SaaS Cloud Security (SCS) organization is always prepared to support our customers and provide reliable continuity of service. Service continuity is a key pillar of Oracle’s SaaS Cloud Security Services.

This week we wanted to share how Oracle’s SaaS Cloud Security (SCS) organization is always prepared to support our customers and provide reliable continuity of service. Service continuity is a...

Well everyone another RSA Conference is officially in the books. This year’s theme was the “Human Element”, which is undeniably relevant given their description: “The most powerful tool to prevent cyberattacks? It’s you.

Well everyone another RSA Conference is officially in the books. This year’s theme was the “Human Element”, which is undeniably relevant given their description: “The most powerful tool to prevent...

With data breaches making the front pages several times per month, cybersecurity is eventually getting the attention of the board.

With data breaches making the front pages several times per month, cybersecurity is eventually getting the attention of the board.

We are pleased to announce the release of Oracle Key Vault 18.3, which is the first release that is also available from the Oracle Cloud Marketplace. Oracle Key Vault provides continuous, scalable and fault-tolerant key management for your Oracle Database estate, regardless of where they are deployed: On-premises, in Oracle Cloud, or across a hybrid cloud ecosystem.

We are pleased to announce the release of Oracle Key Vault 18.3, which is the first release that is also available from the Oracle Cloud Marketplace. Oracle Key Vault provides continuous, scalable and...

Oracle Identity Cloud Service provides single signon, user lifecycle management and API access management for a wide variety of SaaS and on-premises applications.

Oracle Identity Cloud Service provides single signon, user lifecycle management and API access management for a wide variety of SaaS and on-premises applications.

The 2020 RSA Conference was a success once again! The Human Element theme was woven throughout the week as we saw multiple sessions around the importance of creating a security plan that is tailored to your organization and your customers.

The 2020 RSA Conference was a success once again! The Human Element theme was woven throughout the week as we saw multiple sessions around the importance of creating a security plan that is...

Securing an Oracle Database is critical in keeping your sensitive data safe and staying compliant with the many new privacy regulations proliferating across the world.  Your data is extremely valuable– that could be intellectual property, financial data, personal data about your customers or staff, or a combination of all three.  Because data is valuable, you need to guard it against theft and misuse.

Securing an Oracle Database is critical in keeping your sensitive data safe and staying compliant with the many new privacy regulations proliferating across the world.  Your data is extremely...

Think your data is safe? Think again, threats today are more sophisticated than ever, are you protecting your sensitive data?

Think your data is safe? Think again, threats today are more sophisticated than ever, are you protecting your sensitive data?

In a borderless world, enterprises are finding a more diverse set of threats, with their attack surfaces increasing with infinite points of infiltration. With mobile devices, BYOD, IoT, and ever-expanding connectivity, there is no true network perimeter. Users and their identities are the new perimeter. So in order to protect today’s organizations, we need to focus on protecting their identities.

In a borderless world, enterprises are finding a more diverse set of threats, with their attack surfaces increasing with infinite points of infiltration. With mobile devices, BYOD, IoT,...

In the last installment of our series, we wrap up our conversation with Greg Jensen with a discussion around the future of cloud security and how leaders can help their businesses stay informed in the security space with the help of the annual Oracle and KPMG Cloud Threat Report. 

In the last installment of our series, we wrap up our conversation with Greg Jensen with a discussion around the future of cloud security and how leaders can help their businesses stay informed in the...

Security is taking over San Francisco! Will you be there? If the answer is yes and you are still deciding on your schedule, consider stopping by one (or more) of our in-booth lightning talks throughout the week. This year, we are focused on providing a variety of content that is valuable to customers and curious visitors alike. Whether you are interested in learning more about the latest updates in Identity Management or the top strategies to combat threat vectors we have a topic for you. Each lightning talk runs for about 10 minutes and is designed to give attendees a quick introduction to a topic they can explore more within our booth or online. We will be located in the North Hall booth #6085!

Security is taking over San Francisco! Will you be there? If the answer is yes and you are still deciding on your schedule, consider stopping by one (or more) of our in-booth lightning...

We often talk about the Maximum Security Architecture (MSA), but the reality is that not every database needs that level of protection. I thought it might be worth spending some time on what a baseline security posture for the Oracle Database should include – what the Minimal Security Architecture should be. Once we know the maximum and minimum, then we can think of database security on a sliding scale, with your database’s security controls adjusted to reflect the value of the data contained within the database, and your organization’s willingness to accept risk to that data.                   We like to see these seven simple things that can be done for ANY Oracle database, including Oracle Standard Edition, without any additional-cost licenses.  Adjust your configuration to remove unnecessary risk Apply security patches in a timely manner Practice good password discipline Reduce account privileges wherever possible Know your data Audit security-relevant activity Encrypt database network traffic These seven baseline security practices form the foundation for follow-on security controls that increase the security posture (and decrease risk) all the way up to the Maximum Security Architecture. Without them, adding additional technical controls may improve security, but it will not result in a truly secure system.  Adjust your configuration to remove unnecessary risk. There are hundreds of database parameters, and many of those impact the security posture for the system. Oracle provides the Database Security Assessment Tool (DBSAT) to help you evaluate your configuration and identify settings that may introduce additional risk. DBSAT is simple to download and run, usually producing usable reports within minutes.  If you are running databases in the Oracle Cloud, you can also use Oracle Data Safe (included with your Database as a Service subscription) to perform the same types of checks DBSAT does for on-premises databases. Apply security patches in a timely manner. Oracle releases security patches quarterly. With each release, we also provide guidance on the type of vulnerabilities being mitigated in the patch, the attack vector/complexity, and the severity. The reality is that once we release a patch, it isn’t long before malicious actors begin reverse engineering the patches to learn more about vulnerabilities and how they can be exploited. In some cases, the gap between our release of a patch and the availability of automated exploits can be as little as a few days. As every experienced IT professional knows, patching carries its own operational risk, and it’s always a balancing act between testing patches and applying them quickly. The important thing is to evaluate each patch and make a decision on your timeline for applying the patch. The decades-old DBA mantra of “if it ain’t broke, don’t fix it” doesn’t match up with modern risk evaluation! If you are not already subscribed to receive notifications of new critical patches, you can do so here. Practice good password discipline. This sounds so very basic that you may think it doesn’t need to be said, but having evaluated hundreds of production databases in real customer environments I can tell you that it IS something you should be paying attention to. The temptation to create accounts with passwords that don’t expire, and without those annoying complexity  requirements or limits of failed logins seems to draw people in. Remember that most database breaches involve compromised account credentials, and don’t neglect this most basic of security checks. DBSAT (or Oracle Data Safe if your database is in the Oracle Cloud) will help you here, letting you know which users have non-expiring passwords, passwords without complexity checks, and accounts that don’t automatically lock after a certain number of failed logins. Reduce account privileges whenever possible. Most database breaches involved compromised account credentials (sound familiar?). That means that you want to reduce the damage a compromised account can do whenever possible. This can be something as simple as reporting on the privileges/roles an account has and doing a manual review. If you are running the Enterprise Edition of Oracle Database you can use the Privilege Analysis feature to report on privileges an account uses, as well as privileges an account has that are not being used. Those unused privileges are excellent candidates for elimination. It’s always good to be cautious before removing privileges from a user, so I’ll usually take a two-step approach, running privilege analysis for a few months to identify unused privileges and then auditing the use of those privileges for several more months just to be sure the user doesn’t just use them infrequently. Know your data. Many have said that “data is the new oil” – but all data is not created equally. Some data has a higher value (with attendant higher security risk) than other data. Know what types of sensitive data your database holds, and almost as important, how much of that sensitive data there is. DBSAT can help here, with its sensitive data discovery module.  If you are running databases in the Oracle Cloud, you can also use Oracle Data Safe’s sensitive data discovery module.  The baseline security posture we’re discussing here is appropriate for databases with very low risk, databases that don’t contain a lot of sensitive data. The more sensitive data, and the more value that data holds, the more you should be doing to protect it. The baseline security posture we’re discussing here is appropriate for databases with very low risk, databases that don’t contain a lot of sensitive data. The more sensitive data, and the more value that data holds, the more you should be doing to protect it. Audit security-relevant activity. Just as important as knowing the types and quantity of sensitive data in your database is knowing how that data and your database are being accessed. The Oracle Database has superb auditing capabilities, and we improve them with every release. You should be auditing database login events, changes to user accounts, grants of database privileges, and changes to database schema. You may hear “I can’t enable auditing, the performance impact is too high” – but if you think about the things I’m saying to audit you’ll see that these are low frequency, high value operations. They shouldn’t be happening often in most databases, and therefore the performance impact will be minimal. Without an audit trail, your ability to detect malicious activity is severely compromised, and your ability to support a forensic investigation is almost non-existent. Encrypt database network traffic. Encryption of data in motion is standard now - websites that don't use HTTPS are the exception, not the rule. The same should be true for databases. Enabling encryption in an Oracle Database is as simple as a single line in a configuration file that will enable Oracle Native Network Encryption (NNE).  These seven simple steps establish a reasonable security baseline and are the foundation you can build on as you increase your security posture towards the Maximum Security Architecture. If you’d like to learn more about Oracle Database Security, please take a look at our third edition of “Securing your Database – A Technical Primer”.    

We often talk about the Maximum Security Architecture (MSA), but the reality is that not every database needs that level of protection. I thought it might be worth spending some time on what a...

This week, Oracle will be participating in the 2020 RSA Conference. One of the many items that Oracle will be bringing to the conference is information about security of the Oracle Cloud Infrastructure (OCI).  Nowadays, you can’t help but run across technology articles talking about Cloud, whether it is the growth of adoption, benefits received, or prevalence of cloud across businesses. I expect the RSA Conference to be no exception. 

This week, Oracle will be participating in the 2020 RSA Conference. One of the many items that Oracle will be bringing to the conference is information about security of the Oracle...

In our part 2 of our 3-post series, we continue the conversation with Greg Jensen and discuss the Shared Responsibility Security Model and the importance of visibility in the cloud.

In our part 2 of our 3-post series, we continue the conversation with Greg Jensen and discuss the Shared Responsibility Security Model and the importance of visibility in the cloud.

Every 11 seconds an organization suffers a cybersecurity attack and it's only expected to get much worse. So, it's critical for those that are responsible for securing these organizations to understand the challenges that they face and identify potential solutions to these issues.  I had the pleasure of speaking with Greg Jensen, Sr Principal Director of Cloud Security at Oracle about his take on the current state of cloud security and the Oracle and KPMG Cloud Threat Report.

Every 11 seconds an organization suffers a cybersecurity attack and it's only expected to get much worse. So, it's critical for those that are responsible for securing these organizations to...

One of the great things about providing a cloud service is how easy it is to update the service with new features, and Oracle Data Safe is no exception. For example, this week we've added support for Oracle Database 20c. Since we released the service at OpenWorld San Francisco last year, we’ve seen enormous growth and the customer response has been fantastic. If you are running a database in the Oracle Cloud and aren’t already using Data Safe, you really should try it out – Data Safe is included with all of our in-cloud Database as a Service offerings – including Autonomous Database and Exadata Cloud Service – at no additional cost. But, back to my main topic – the ease of updating a cloud service. Comparing the process for enhancing a product or fixing product issues for a cloud service like Data Safe with the same process for an on-premises product is like night and day. For on-premises products, enhancements are scheduled and rolled into a delivery vehicle – usually quarterly or, if it’s a major enhancement, the upcoming annual release. Depending on where in the development cycle the enhancement request comes in, It can take months or even years to bring a new feature to our customers. And the QA cycles before release are long and complex because Oracle is run in so many different server/operating system environments With Data Safe, we roll out fixes and updates every few weeks – it’s a continuous cycle of improvement. Usually these are small improvements – make something easier to understand, fix a typo in some text on screen, add a new sensitive data format to the over 125 existing formats, or a new masking format capability like group-based masking – we are constantly moving the usability and quality of the service higher. Every now and then, it’s a “hot fix” – we spot an issue that is impacting multiple customers and that needs to jump the normal development sprint cycle. In one recent case a report came in about how we were handling large objects from one customer, was confirmed by another customer about eight hours later, and was fixed – with the fix rolled into production for ALL Data Safe customers – less than a day later. This is what I love about cloud services – how quickly we can fix or improve things, and how confident we can be rolling those changes out since the deployment environment is homogenous and controlled. Some recent examples– Automated registration for Autonomous Databases.  I love the Autonomous Database because it lets me get down to business quickly – I don’t have to worry about setting up encryption, separation of duties, patching – the everyday tedium of securing a database. It’s all done for me. But, because it’s all done for me, setting up monitoring tools like Data Safe used to mean I had to figure out what someone else had done for that automation so I could connect my tools into the system. We had several customers who commented on the difficulty of registering an Autonomous Database with Data Safe, so we created the “Easy Button” – the registration is now automated, with network ingress rules, certificate import, credentialing all handled in the background. And we’re working with the Autonomous Database product managers to make things even easier in upcoming releases. But the point is, this great automation that really made a significant difference in the ease of use for Data Safe happened in just a couple of weeks from identifying the issue. And for our customers, that “Easy Button” just appeared on their Autonomous Database console. Federated Logon support. Our initial release of Data Safe required local accounts. During our testing and limited availability program this didn’t seem like a significant barrier to adoption -but once we had Data Safe generally available we received feedback from several customers that they preferred to only use federated identities, no local logins. Here again, in a few short weeks we had the solution developed, tested, and pushed out to our customers. So one day, the requirement for local logins just went away. Private IP address support. Another project we are working on is removing the requirement for a public IP address. The OCI networking team partnered with us on this to create a new network construct called the “Private Endpoint” that allows our customers to grant direct access to Data Safe without having to route that access through a public IP address.  Limited availability for this has been in progress for a few weeks, and so far everyone loves it. One day soon, our customers will just see this new capability appear for them to use with no need for them to apply a patch, install software, upgrade their hardware. Or, our most recent change – Oracle Database 20c (preview edition on Oracle Cloud released this week). With Data Safe, we are able to support Database 20c on the same day it is released! It just doesn’t get much better than this.

One of the great things about providing a cloud service is how easy it is to update the service with new features, and Oracle Data Safe is no exception. For example, this week we've added support for...

Previous articles have talked about Oracle Identity Cloud Service and how it can greatly simplify single sign-on for Oracle E-Business Suite. With the latest release of IDCS, you can now manage the lifecycle of your EBS users directly from IDCS.

Previous articles have talked about Oracle Identity Cloud Service and how it can greatly simplify single sign-on for Oracle E-Business Suite. With the latest release of IDCS, you can now manage the...

Happy Data Privacy Day! For those of you scratching your heads right now, we are here to explain further. In a world of online subscriptions, website browsing, and businesses selling and otherwise leveraging customer information, many people are uninformed or plain confused about what is really happening with their data. Data Privacy Day is all about raising awareness of how data is being used and promoting action to better protect all personal data, both our own data and data that our employers collect and manage. 

Happy Data Privacy Day! For those of you scratching your heads right now, we are here to explain further. In a world of online subscriptions, website browsing, and businesses selling and otherwise...

Next month the biggest names in information security will come together in San Francisco for the 2020 RSA Conference. Each year more than 45,000 IT security professionals come to learn from peers and experts. This year attendees will have the opportunity to interact with vendors, partners, and industry leaders. With so much going on, it can be overwhelming at times!

Next month the biggest names in information security will come together in San Francisco for the 2020 RSA Conference. Each year more than 45,000 IT security professionals come to learn from peers and...

We are pleased to announce that Oracle Key Vault 18.2 is now available with significant additions and improvements.

We are pleased to announce that Oracle Key Vault 18.2 is now available with significant additions and improvements.

DDoS attacks can cause significant disruption for your organization. As many organizations transition to using Cloud services, it is important to understand what is and isn’t covered by your Cloud Provider.

DDoS attacks can cause significant disruption for your organization. As many organizations transition to using Cloud services, it is important to understand what is and isn’t covered by your Cloud...

Today we are introducing Oracle Internet Routing 3D Visualization as part of our Safer Internet Initiative to increase the public’s understanding of internet routing events such as BGP leaks and hijacks.

Today we are introducing Oracle Internet Routing 3D Visualization as part of our Safer Internet Initiative to increase the public’s understanding of internet routing events such as BGP leaks...

In this post, I want to compare the value and detection results of antivirus endpoint agents in datacenters, server systems, and SaaS environments to that of other security detection tools and techniques. Some people claim antivirus is only used and installed to meet audit and compliance requirements for certifications. At Oracle, the SaaS Cloud Security (SCS) team believes antivirus tools provide a necessary, clear defense in depth solution in SaaS environments. If you’ve been skeptical about the antivirus approach, read on.

In this post, I want to compare the value and detection results of antivirus endpoint agents in datacenters, server systems, and SaaS environments to that of other security detection tools...

For the second consecutive year, Oracle is offering customers the opportunity to attend OpenWorld events around the globe, beginning with Oracle OpenWorld Middle East in Dubai this week. If you are planning to attend and interested in learning more about security, please be sure to mark the following sessions on your calendar!

For the second consecutive year, Oracle is offering customers the opportunity to attend OpenWorld events around the globe, beginning with Oracle OpenWorld Middle East in Dubai this week. If you...

Oracle’s long history in identity and continued innovation is helping customers solve even the most demanding use cases. In our upcoming webinar, we will discuss Oracle’s comprehensive IAM strategy in depth and how it supports you through your journey with on-premises, hosted cloud, cloud native, hybrid and multi-cloud scenarios across all functional areas such as access, governance, directory and more.

Oracle’s long history in identity and continued innovation is helping customers solve even the most demanding use cases. In our upcoming webinar, we will discuss Oracle’s comprehensive IAM strategy in...

In a cloud world, medium and midsize businesses need a culture of “security first” that is part of the foundational elements of a modern security stack to keep core data safe.

In a cloud world, medium and midsize businesses need a culture of “security first” that is part of the foundational elements of a modern security stack to keep core data safe.

How well would your organization fare in the face of a full-blown cyber attack? If that question makes your palms sweat and your eyes shift, read on for some lessons we’ve learned at Oracle about penetration testing and red teams.

How well would your organization fare in the face of a full-blown cyber attack? If that question makes your palms sweat and your eyes shift, read on for some lessons we’ve learned at Oracle...

Why are we seeing so many breaches and successful attacks against organisations? Of course, anyone working in this field will know the answer. Security is hard! But why?

Why are we seeing so many breaches and successful attacks against organisations? Of course, anyone working in this field will know the answer. Security is hard! But why?

The time has come to say goodbye to 2019 as we head into 2020! What a decade it has been, and this year in particular has had some shining moments. I'd like to take a moment to highlight our best Cloud Security blogs of 2019.

The time has come to say goodbye to 2019 as we head into 2020! What a decade it has been, and this year in particular has had some shining moments. I'd like to take a moment to highlight our...

As we look back across 2019, organizations saw a tremendous increase in not only the use of cloud for business, but the valuation of the data and applications hosted in the cloud. These predictions highlight what many organizations will experience in 2020 when they focus only on secure strategies, and not placing a greater focus on the inclusion of a security-minded culture. 

As we look back across 2019, organizations saw a tremendous increase in not only the use of cloud for business, but the valuation of the data and applications hosted in the cloud. These predictions...

Gartner published an updated Critical Capabilities for Identity Governance and Administration (IGA). Oracle received highest scores for 4 of the 11 capabilities evaluated, which is the most of all the vendors included in the report. Oracle’s overall strong product scores show that IGA continues to be a strong product with continued development and innovation.

Gartner published an updated Critical Capabilities for Identity Governance and Administration (IGA). Oracle received highest scores for 4 of the 11 capabilities evaluated, which is the most of all the...

Just as in the Star Wars Galaxy the cybersphere is a dangerous place and attacks can come in any guise and from any location just when you are least expecting it. And like the Dark Side, hackers are constantly trying out new techniques to get their hands on what they perceive as having value.

Just as in the Star Wars Galaxy the cybersphere is a dangerous place and attacks can come in any guise and from any location just when you are least expecting it. And like the Dark Side, hackers are...

Many companies moving older applications to the cloud start with ERP. But before putting critical finance data in the cloud, update security protocols.

Many companies moving older applications to the cloud start with ERP. But before putting critical finance data in the cloud, update security protocols.

Join Oracle at Gartner Identity and Access Management Summit from December 10th-12th, 2019 in Las Vegas at Caesars Palace to learn how Oracle is addressing these issues with Identity at the core of the solution.

Join Oracle at Gartner Identity and Access Management Summit from December 10th-12th, 2019 in Las Vegas at Caesars Palace to learn how Oracle is addressing these issues with Identity at the core...

Midsize and medium businesses share in the responsibilities for data security as they move core applications to the cloud. Follow these three tips to lay a secure foundation.

Midsize and medium businesses share in the responsibilities for data security as they move core applications to the cloud. Follow these three tips to lay a secure foundation.

We strive to build security into our applications and services in every phase of the DevSecOps engineering cycle. In this post, I want to address how the distributed engineering teams and the central security teams can join forces in the testing phase. I also want to discuss the advantage of their combined efforts in the DevSecOps model shown below.

We strive to build security into our applications and services in every phase of the DevSecOps engineering cycle. In this post, I want to address how the distributed engineering teams and the central...

Bring your own key (BYOK for short) seems to be the buzzword of the year; however, I struggle to understand where this comes from ... If prospective cloud customers want to retain control over their encryption keys, they can deploy an Oracle Key Vault 18 cluster on-prem to manage the encryption keys of on-prem and cloud-based Oracle databases at the same time. On the other hand, I have heard customers call those "BYOK" keys "pre-breached" keys, since they have been created/touched/manipulated by humans.

Bring your own key (BYOK for short) seems to be the buzzword of the year; however, I struggle to understand where this comes from ... If prospective cloud customers want to retain control over...

A historic Internet blackout in Iran began on Saturday afternoon, according to our team member Doug Madory. Doug is a Director of Internet Analysis for Oracle Internet Intelligence, part of Oracle Cloud Security. Internet Intelligence has been reporting and covering global connectivity and security threats that impact the performance of the global internet for over a decade.

A historic Internet blackout in Iran began on Saturday afternoon, according to our team member Doug Madory. Doug is a Director of Internet Analysis for Oracle Internet Intelligence, part of...

Join David B. Cross as he examines the MITRE ATT&CK matrix and explains the many ways in which Oracle SaaS Cloud Security goes above and beyond.

Join David B. Cross as he examines the MITRE ATT&CK matrix and explains the many ways in which Oracle SaaS Cloud Security goes above and beyond.

Organizations moving to the cloud are seeing traditional network perimeters vanish, leaving their users vulnerable to social engineering and phishing, and their applications vulnerable to data breaches. Multi-factor authentication gives organizations a crucial layer of security, securing end-user credentials and administrator access to on-premises and SaaS applications.

Organizations moving to the cloud are seeing traditional network perimeters vanish, leaving their users vulnerable to social engineering and phishing, and their applications vulnerable to...

Eleanor Meritt brings 24 years of experience at Oracle to her new position as the Vice President of IAM Development. Learn more about her and the future of Identity at Oracle.

Eleanor Meritt brings 24 years of experience at Oracle to her new position as the Vice President of IAM Development. Learn more about her and the future of Identity at Oracle.

Legacy applications are becoming harder to manage and costly to migrate. Identity is critical to staying secure, and it must work with these applications and the entire hybrid IT infrastructure. Oracle’s identity solutions are built for these environments, with many strengths for the full breadth of Oracle business applications.

Legacy applications are becoming harder to manage and costly to migrate. Identity is critical to staying secure, and it must work with these applications and the entire hybrid IT...

Mobile devices and the cloud platform have undeniably altered the traditional network perimeter. Your IT professionals can no longer assume trust across the stack as resources are available from anywhere and from any device. Oracle Identity Cloud Service provides built-in security for the Oracle Fusion SaaS stack and the extensions built by customers.

Mobile devices and the cloud platform have undeniably altered the traditional network perimeter. Your IT professionals can no longer assume trust across the stack as resources are available...

Make sure your business’ data is protected on and off the cloud with an in-depth, multi-layered system. Cybersecurity experts share their tips for building one.

Make sure your business’ data is protected on and off the cloud with an in-depth, multi-layered system. Cybersecurity experts share their tips for building one.

It’s that time of the year, October and Cyber Security Awareness month. But it’s also time for Halloween. Spend a few moments with us to learn some tips on how to avoid malicious 'tricks' that appear in your inbox.

It’s that time of the year, October and Cyber Security Awareness month. But it’s also time for Halloween. Spend a few moments with us to learn some tips on how to avoid malicious 'tricks' that appear...

Your mission: Build a multi-layered defense to keep your data and web presence secure against four dimensions of threats. Our new ebook has the intelligence you need.

Your mission: Build a multi-layered defense to keep your data and web presence secure against four dimensions of threats. Our new ebook has the intelligence you need.

Oracle Identity Cloud Service(IDCS) a component of OCI is a modernized Identity as a Service(IDaaS) platform that enables you to streamline and automate user identity life cycle management, simplify user access with standards based single sign on into both SaaS and enterprise apps, and also secures your applications with context based multi-factor authentication policies and an adaptive intelligence risk engine.

Oracle Identity Cloud Service(IDCS) a component of OCI is a modernized Identity as a Service(IDaaS) platform that enables you to streamline and automate user identity life cycle management, simplify...

Oracle helps makes the Internet a safer place by joining the effort to improve routing security

Oracle helps makes the Internet a safer place by joining the effort to improve routing security

Just thinking about a data breach will make any IT or security professional sweat. And, for good reason. We know that the cost of a data breach goes far beyond a dollar figure. The loss of data impacts brand, customers, partnerships, and more. And, when you throw in managing data in the cloud, working with security can become even more complicated.

Just thinking about a data breach will make any IT or security professional sweat. And, for good reason. We know that the cost of a data breach goes far beyond a dollar figure. The loss of...

Doug Madory, our Director of Internet Analysis at Oracle Internet Intelligence, presented at RIPE 79 in Rotterdam, Netherlands. The presentation centered on Doug’s original research on BGP AS path prepending and the unintended vulnerabilities created by the practice.

Doug Madory, our Director of Internet Analysis at Oracle Internet Intelligence, presented at RIPE 79 in Rotterdam, Netherlands. The presentation centered on Doug’s original research on BGP AS...

To unlock the real value of data, businesses need to use it and “interact” with it in some way. Unlocking your data can create operational risk such as someone leaving the door open, abusing data access privileges, or not knowing where and what kind of data is being accessed. To help customers protect data and reduce this operational risk, Oracle recently introduced Oracle Data Safe, read here to learn more.

To unlock the real value of data, businesses need to use it and “interact” with it in some way. Unlocking your data can create operational risk such as someone leaving the door open, abusing data...

The Database Security Development and Product Management teams are happy to announce Oracle Key Vault 12.2, bundle patch 10. This new release update brings increased efficiency and improved security to your organization.

The Database Security Development and Product Management teams are happy to announce Oracle Key Vault 12.2, bundle patch 10. This new release update brings increased efficiency and improved security...

Data Safe helps organizations identify sensitive data and mask it for use in partner or development environments.  It also alerts on risky users and unsafe system configurations; and monitors database activity to let organizations quickly discover suspicious attempts to access their data.   

Data Safe helps organizations identify sensitive data and mask it for use in partner or development environments.  It also alerts on risky users and unsafe system configurations; and monitors database...

Bad actors want your organization’s wealth. Unfortunately, wealth today means not just the money in your bank accounts, but also your data. Data such as intellectual property, customer files, transaction records, and software source code are the kind of assets that define the wealth of modern businesses.

Bad actors want your organization’s wealth. Unfortunately, wealth today means not just the money in your bank accounts, but also your data. Data such as intellectual property, customer...

When an Internet outage occurs in nearly any country globally, Oracle’s Internet Intelligence team can provide critical insight into connectivity and performance metrics.

When an Internet outage occurs in nearly any country globally, Oracle’s Internet Intelligence team can provide critical insight into connectivity and performance metrics.

Welcome to the final article in my series, where we have been discussing “Enhancing EBS Security on OCI”. We have covered a lot of ground in this series, looking at a range of threats that need addressing for your EBS (or any enterprise) application being moved to the Cloud. In this article, we will be looking at the final threat on my list, Database Bypass.  

Welcome to the final article in my series, where we have been discussing “Enhancing EBS Security on OCI”. We have covered a lot of ground in this series, looking at a range of threats that...

In the area of security, we continue our innovations to improve the self-securing capabilities. Many customers have already been excited about self-patching capabilities, freeing up their DBAs to focus on more strategic projects.  Tune in to our newest On-demand webcast around Autonomous Database and Data Safe.

In the area of security, we continue our innovations to improve the self-securing capabilities. Many customers have already been excited about self-patching capabilities, freeing up their DBAs...

With Data Safe Activity Auditing, you can monitor user activities on Oracle Cloud databases, collect and retain audit records (per industry and regulatory compliance requirements), and trigger alerts for unusual activity. You can audit sensitive data changes, administrator and user activities, and other activities recommended by the Center for Internet Security.

With Data Safe Activity Auditing, you can monitor user activities on Oracle Cloud databases, collect and retain audit records (per industry and regulatory compliance requirements), and trigger alerts...

Do you want to extract actionable insights from your data? Do you want to make smarter business decisions and gain strategic advantage over your competitors? Do you worry about how to maximize the value of your data without putting it at risk and increasing the compliance boundary? If so, join our upcoming webcast, Eliminating Risk from Non-Production Databases with Oracle

Do you want to extract actionable insights from your data? Do you want to make smarter business decisions and gain strategic advantage over your competitors? Do you worry about how to maximize the...

In our virtual workshop, we’ll take a look at how to use Identity Cloud Service to integrate Oracle SaaS apps with your existing SSO infrastructure to ensure the right access for ERP users, protect the application from unauthorized access, and enforce strong authentication.

In our virtual workshop, we’ll take a look at how to use Identity Cloud Service to integrate Oracle SaaS apps with your existing SSO infrastructure to ensure the right access for ERP users, protect...

I would like to share the unique advantages of building a zero-trust environment and a trusted applications environment when you have control of the entire stack.  Let’s discuss what are some of the unique advantages of using a building and managing an application stack on a tightly controlled platform.   

I would like to share the unique advantages of building a zero-trust environment and a trusted applications environment when you have control of the entire stack.  Let’s discuss what are some of the...

In Part 5 of the Enhancing EBS series, we discuss the benefits of the Oracle Database and the security capabilities built into the database as well as additional security options that will help you mitigate risks.

In Part 5 of the Enhancing EBS series, we discuss the benefits of the Oracle Database and the security capabilities built into the database as well as additional security options that will help...

Oracle and McAfee have entered into a critical partnership to ensure Oracle SaaS customers have the highest degree of visibility and security, while also enabling McAfee to scale to the cloud needs of their own customers. 

Oracle and McAfee have entered into a critical partnership to ensure Oracle SaaS customers have the highest degree of visibility and security, while also enabling McAfee to scale to the cloud needs of...

The multi-cloud integration between Oracle Cloud Infrastructure and Microsoft Azure that initially connected regions in the Eastern US is now generally available in London as well.

The multi-cloud integration between Oracle Cloud Infrastructure and Microsoft Azure that initially connected regions in the Eastern US is now generally available in London as well.

The first step in securing a database is understanding the current state of that database.You need to know how it is configured, who the users are, and what kind of data the system contains.  Oracle Data Safe helps with that, allowing you to easily analyze your database’s configuration, survey your database users for risk, discover what types of sensitive data are in your database, and how much of that data is being stored. This blog will focus on the assessment capabilities of Data Safe – we’ll cover sensitive data discovery another day.

The first step in securing a database is understanding the current state of that database.You need to know how it is configured, who the users are, and what kind of data the system contains.  Oracle...

I’m sure everyone is aware of how cyber security in the cloud is a constant battle and attackers are continuously becoming more sophisticated and agile in their techniques. However, operating and innovating the security infrastructure in a cloud environment is an advantage that next-generation cloud providers have in the fast-moving business environment.

I’m sure everyone is aware of how cyber security in the cloud is a constant battle and attackers are continuously becoming more sophisticated and agile in their techniques. However, operating...

In part 4 of the Enhancing EBS Security on OCI series, we explore detective controls that all organizations should consider to protect their EBS.

In part 4 of the Enhancing EBS Security on OCI series, we explore detective controls that all organizations should consider to protect their EBS.

Organizations using Oracle Identity 11G have many reasons to upgrade to 12c, read here to learn more about the latest capabilities you can access with 12c.

Organizations using Oracle Identity 11G have many reasons to upgrade to 12c, read here to learn more about the latest capabilities you can access with 12c.

Oracle Data Safe provides users with a set of five essential data security features in a single, integrated cloud service which is easy to use and needs no on-premises deployment. In this post, we take a look at each of these features.

Oracle Data Safe provides users with a set of five essential data security features in a single, integrated cloud service which is easy to use and needs no on-premises deployment. In this post,...

Welcome to the third article in my series on “Enhancing EBS Security on OCI”. In the first article, I looked at the threats and risks associated with moving an application like EBS to the Cloud, and also discussed the first attack vector, Infrastructure Attack. The second article then looked at enhancing user security. In this article, I am going to talk about the threats to EBS itself, as an application exposed to the internet. I’ll then look at how you can apply Cloud-based security controls to minimise this risk.

Welcome to the third article in my series on “Enhancing EBS Security on OCI”. In the first article, I looked at the threats and risks associated with moving an application like EBS to the Cloud, and...

One of the Oracle Cloud’s most popular offerings is our bare metal instance product. This offering allows customers to provision and deploy their workloads in Oracle public cloud infrastructure (OCI) while having direct access to the underlying hardware on which their code runs.

One of the Oracle Cloud’s most popular offerings is our bare metal instance product. This offering allows customers to provision and deploy their workloads in Oracle public cloud infrastructure...

In today's world, every piece of data is online and available 24 X 7. And hackers are always looking to exploit any weakness. In response, Oracle has built multiple security technologies for protecting data at the source – within the database.

In today's world, every piece of data is online and available 24 X 7. And hackers are always looking to exploit any weakness. In response, Oracle has built multiple security technologies...

We are already at the halfway point of the conference and the week! The days have been flying by, but I hope you've had the opportunity to soak up some great information, meet with fellow industry folks, and perhaps catch a demo in the Exchange! Wednesday is also a special day, because it is CloudFest.19!

We are already at the halfway point of the conference and the week! The days have been flying by, but I hope you've had the opportunity to soak up some great information, meet with fellow industry...

If you’re in San Francisco at OpenWorld and stopped by Moscone South - Esplanade Ballroom, you may have thought you joined a silent disco.  No, nobody was dancing to silent music through those multi-colored headsets.  Instead, OpenWorld San Francisco appears to have embraced a new trend in conferences, with open-air presentation rooms and attendees listening to the sessions via headsets. I’m looking forward to our session on Wednesday, when I have the honor to present with Bill Kleyman from Switch, Simon Pane from Pythian, and Hamid Habet from Allianz to present about Oracle Autonomous Database security.  There have been some great announcements already from Larry Ellison and our latest press release.  Join us in our session as we unpack more about the announcements, the latest security updates to Autonomous Database security and hear directly from Allianz and Pythian about their experiences with Data Safe today!  And, if we’re lucky, maybe we’ll have some disco music too.  See you Wednesday at the session: Mitigating Risk with Oracle Autonomous Database [PRO4944] Wednesday, September 18, 04:45 PM - 05:30 PM Moscone South (Esplanade Ballroom) –   156C

If you’re in San Francisco at OpenWorld and stopped by Moscone South - Esplanade Ballroom, you may have thought you joined a silent disco.  No, nobody was dancing to silent music through those...

In this series we would like to explore several of the cutting-edge security architectures enabling Oracle's Gen 2 Cloud Infrastructure. Oracle's Gen 2 Cloud, Oracle Cloud Infrastructure (OCI), is designed around several modern security principles. Specifically, zero-trust, least privilege networking that results from the assumption that any host or network device could be compromised. One of the primary ways we accomplish this at OCI is via Isolated Network Virtualization. By isolating and virtualizing the network with an innovative software-defined networking architecture, OCI provides a stronger base security posture to the cloud tenancy without performance cost to the instance. In this post, I'd like to introduce some of the threats that Isolated Network Virtualization was designed to mitigate, and how it does so.

In this series we would like to explore several of the cutting-edge security architectures enabling Oracle's Gen 2 Cloud Infrastructure. Oracle's Gen 2 Cloud, Oracle Cloud Infrastructure (OCI), is...

Hello OpenWorld attendees! I'm writing from the field of Oracle Park with a front row view of Mission: Impossible Fallout! What an exciting event enjoying movie snacks and good company. I hope everyone had an exciting start to OpenWorld and perhaps a few of you reading this were out watching the movie with me. Don't forget to join FitFest.19 this morning to work off the pretzels and popcorn! Tuesday is full of exciting sessions you won't want to miss, but first, I wanted to point out a few of the key announcements and sessions from today! With so much going on at OpenWorld, we know it isn't possible to catch every session, so visit us here each morning for a little recap of the night before and a few key to dos for the day. A few recaps from the day: Announcing Oracle Data Safe Today was an exciting day for Oracle Database Security, the week kicked off with several sessions including Vipin Samar's session, Database Security in 2019: The Innovation Rate Accelerates where Vipin shared that data breaches are up 54% in 2019. Attacks are more pervasive than ever and over 107 countries have now implemented data privacy laws. Oracle is happy to announce Oracle Data Safe.Product Manager, Bettina Schaeumer gave us a first look at Data Safe and there is more to come. Join the Oracle Database team for their Hands-on Labs to get a first look at product hands on and join Michael Mesaros, Director, Database Security Product Management, on Thursday from 9am-9:45am in Moscone South (Espalande Ballroom) Room 155B. The session, Oracle Data Safe: Securing Databases in Oracle Cloud, covers the exciting new cloud service, which provides you with a single pane of glass to assess configuration risk and evaluate database users. We Learned That Security Can Be an Enabler to the Cloud Vice President of Product Marketing for Security, Fred Kost, sat down with a panel of customers and security professionals to hear their perspectives on moving to the cloud securely. It was a great conversation covering what it takes for organizations to move to the cloud, including getting key stakeholders to buy in, considering your compliance needs early, and dreaming big about the possibilities you have in the cloud. The participants in the panel suggested the importance of understanding the shared responsibility model, setting expectations with your cloud provider, and understand your compliance needs across your multi cloud environment. Oracle Cloud Infrastructure Gen2: Stronger Than Ever "It isn't about whether the cloud is secure….it's about how securely you are using it" Laurent Gil, Product Strategy Architect for OCI Development,. A variety of sessions covered the great work customers have been doing with the Oracle Cloud Infrastructure, as innovations continue to be made in industries around the world, Oracle continues to invest money and resources in the best and brightest personnel for the Oracle Cloud Infrastructure. Access our blog covering some of the new announcements for OCI and Oracle Security's press release. Don't miss for Tuesday: Oracle Cloud: A Path and Platform Tuesday,11:15am-12:00pm | YBCA Theater Cloud technologies are beginning to reshape how we think about and interact with the world around us. The opportunities that the cloud presents are real and present today, and they are providing the building blocks for companies to pioneer groundbreaking innovations and disrupt entire industries. Today, we’re seeing emerging technologies and automation permeate every aspect of work and life. The real opportunity of these technologies—which include AI, machine learning, IoT, blockchain, containers and serverless, and human interfaces—is to embrace these technologies on a scale we’ve never before. In this session learn how Oracle Cloud drives new innovation and real change for customers. Securing Business Critical Cloud Workloads: Threats, Implications, and Outcomes Tuesday, 3:15pm - 4pm | Moscone South - Room 209 The next security threat may be something that we have not yet imagined or even considered as a possibility. Beyond attacks against corporations and elections, what other threats exist from nation states, rogue actors, cybercriminals, and others that may threaten our institutions, economy, or way of living? In this session learn about the next security threat and how the direction of technology and the adoption of cloud computing, AI/ML, and other technologies might aid both defenders and attackers. Get a look from the perspective of cloud security and see what’s needed from cloud platforms and security services to protect business-critical workloads and applications as they migrate to cloud platforms. Looking forward to seeing you there! 

Hello OpenWorld attendees! I'm writing from the field of Oracle Park with a front row view of Mission: Impossible Fallout! What an exciting event enjoying movie snacks and good company. I hope...

Oracle OpenWorld 2019 has had groundbreaking news related to cloud security. Discover the core of Oracle's new approach to cloud security and how we are working to provide customers an easier path to protecting their data and applications.

Oracle OpenWorld 2019 has had groundbreaking news related to cloud security. Discover the core of Oracle's new approach to cloud security and how we are working to provide customers an easier path to...

Data is one of your most valuable assets. If you don’t protect it properly, this same data can become your biggest liability. Just ask any of the companies who have been in the news after they experienced a large breach.

Data is one of your most valuable assets. If you don’t protect it properly, this same data can become your biggest liability. Just ask any of the companies who have been in the news after...

Most enterprises today place security as a top priority and enabler and most organizations agree that moving to the cloud is key to accomplishing the security imperative.While there may now be a broad and implicit understanding that the public cloud is more secure than traditional data centers, it is nevertheless important to enumerate all the reasons why this is so.

Most enterprises today place security as a top priority and enabler and most organizations agree that moving to the cloud is key to accomplishing the security imperative.While there may now be a broad...

If you are joining us at Oracle OpenWorld today, start your week off with some of these must see sessions and activities! Each day this week, we will publish a morning report of exciting news and recaps from the previous day. To start things off, I'd like to point out a few exciting sessions that we recommend. Be sure to grab your morning coffee and enjoy the sessions!  Cloud Adoption:Getting Everyone On Board Securely  Monday, 09:00 AM - 09:45 AM | Moscone South (Esplanade Ballroom) - Room 156C Migrating applications, data, or workloads to the cloud is not usually a solitary decision, and doing it securely can definitively become a team sport. In this session examine real-world successes and failures with cloud migration from the perspectives of several different enterprise stakeholders. Learn best practices and see how the security conversation can progress in terms that all parties can understand and allow them to pursue their individual objectives and ensure a successful cloud deployment. Hear speakers from not only different functional roles, but at different stages in a cloud journey. Their shared experiences and insights can help you plan and execute a safe and smooth migration of workloads to the cloud. Database Security in 2019: The Innovation Rate Accelerates  Monday, 12:15 PM - 01:00 PM | Moscone South - Room 211 Database security is job #1 in today’s age of data breaches. Join this session to discuss the latest attacks and hear how innovations in Oracle Database security can help protect databases against adversaries. Learn about Oracle Data Safe, a new data security cloud service, and new updated releases of Oracle Key Vault, Oracle Database Security Assessment Tool, and Oracle Audit Vault and Database Firewall. See top security innovations in recent and upcoming database releases. Don’t leave Oracle OpenWorld without learning about the latest security innovations. Read more here in our recent blog.  Oracle Data Safe: Securing Databases in the Oracle Cloud  Monday, 01:45 PM - 02:05 PM | The Exchange (Moscone South) - Theater 3 Join Michael Mesaros, Director, Database Security Product Management, in a session to learn more about this exciting new cloud service. Oracle Data Safe gives you a single pane of glass to assess configuration risk, evaluate database users, manage audit settings, report on database activity, discover sensitive data, and remove sensitive data from non-production copies of the database. Oracle Cloud End-to-End Security: An Overview of Gen2 Protections  Monday, 2:45 PM - 03:30 PM | Moscone South (Esplanade Ballroom) - Room 152A Oracle Cloud Infrastructure is a showcase of Gen2 cloud architecture. This is most evident in the security implications of this evolved design, which is highly differentiated in the market. In this session gain insight to the protections built in to Oracle Cloud Infrastructure and learn about the security operations and applications used in daily defense. Learn about the architecture, its elements, and how they are deployed for tighter tenant isolation, reduced cross-host risk, and greater defense in depth than what is available in legacy clouds. Keynote: Gen2 Cloud-- Autonomous Infrastructure  Monday, 03:45 PM - 05:30 PM | Moscone North - Hall F Join Larry Ellison, Chairman of the Board and Chief Technology Officer, for the Openworld 2019 opening keynote.  If you are looking for even more security related sessions, you are in luck, there are 89 security related sessions at this year's OpenWorld. We have opportunities for customers to try out new products in our hands on labs and hear from customers in a number of panel sessions as well. We look forward to a great start to OpenWorld this year!   

If you are joining us at Oracle OpenWorld today, start your week off with some of these must see sessions and activities! Each day this week, we will publish a morning report of exciting news and...

On the night before OpenWorld officially begins, there is a great energy building around the Moscone center. Visitors have been flying in from across the globe and San Francisco has its usual buzzing charm. As we gear up to begin the week, take a look at the top five activities you won't want to miss at this year's Openworld. Welcome and enjoy! 1) Hear real stories from real customers Openworld provides customers the opportunity to hear about the latest product releases, updates to functionality, and most importantly- understand what businesses like them are doing to improve their organizations with Oracle technology. This year there are a variety of customers from every industry and many different countries here to share their stories of success, roadblocks they've experienced along the way, and what's next for them. Take a look at the Openworld session catalog and be sure to stop by a customer panel to catch these real stories. 2) Learn by doing with Hands-on Labs There are so many sessions to choose from each year, but for some, the best way to learn is by doing. The hands-on lab sessions give you a unique experience to try out a product with the experts who helped build it in the same room! Take a moment to join one of our Database Security Hands-on labs sessions and search up additional topics that interests you. 3) Stay connected with social media OpenWorld can often be a whirlwind week, filled with hundreds of sessions, keynotes, and social activities. Stay grounded with the latest updates on our Twitter account @OracleSecurity. We will be live tweeting key security sessions, alerting you on any changes, and unveiling very exciting release information. Also, be sure to check the Oracle Cloud Security Blog each morning as we post insights throughout the week and beyond OpenWorld. Be sure to take plenty of photos and to use #OOW19, we look forward to connecting! 4) Must see sessions Some of the top security sessions include topics surrounding new features and products as well as thought leadership and customer panels. With 89 security related sessions this year, you can't go wrong, but you can't see everything! Security is big this year, don't miss out. 5) Take some time to relax and socialize All work and no play is no fun! Be sure to mix in a few events during your time here in San Francisco. This year, OpenWorld has kicked it up a notch and is providing a lot of relaxation activities for attendees. Oracle Park will be home to several of these activities, including a movie night on Monday, FitFest.19 which offers attendees the chance to sweat it out on their field at Oracle Park in a yoga or bootcamp style class, or make a new furry friend at the "Paws and Relax" experience located in the Exchange. And of course, don’t forget to bring your dancing shoes for CloudFest.19 featuring John Mayer with Flo Rida. You can learn more about most of these events at the Oracle Park Be Well Hub around the corner from the Moscone South entrance on 3rd. Street. Or here at the event highlights page.  Whether this is your first experience at OpenWorld or you've been coming for years, there is sure to be a week full of exciting experiences, announcements, and networking. Don't forget to stay tuned for more content throughout the week and most importantly, have a great time!

On the night before OpenWorld officially begins, there is a great energy building around the Moscone center. Visitors have been flying in from across the globe and San Francisco has its usual buzzing...

It’s common knowledge that organizations are storing and using more business-critical data in the cloud than ever before. The rapid shift to cloud has naturally driven the need for a new approach in monitoring, not only for the threats of external attackers, but also for the risk of a known user misusing their identity or access entitlements. Take a moment to learn how we build Oracle SaaS in a zero-trust cloud environment.

It’s common knowledge that organizations are storing and using more business-critical data in the cloud than ever before. The rapid shift to cloud has naturally driven the need for a new approach...

Imagine having a separate set of usernames and passwords for every bit of hardware and software in your organization and having to rotate the passwords on all of them periodically – what a nightmare! Join Alan Williams on Monday at OpenWorld to learn how the Oracle Database handles this challenge. 

Imagine having a separate set of usernames and passwords for every bit of hardware and software in your organization and having to rotate the passwords on all of them periodically – what a nightmare!...

Attending Oracle OpenWorld 2019? Join Oracle's SVP of Database Security, Vipin Samar, in his Database Security Session as a kick off to a great OpenWorld.

Attending Oracle OpenWorld 2019? Join Oracle's SVP of Database Security, Vipin Samar, in his Database Security Session as a kick off to a great OpenWorld.

So by now, many of you are already seeing that there is something new this year at Oracle’s OpenWorld. A new look! Oracle is venturing into a new area of our brand that extends us beyond the cold boardrooms of yesterday into a look and a message that will start to unfold next week that will allow our customers to experience the new Oracle. One filled with passion for what we do. Produce amazing solutions for our customers around the globe, across our communities and that touch many lives. We are excited for you to see this. Some things have not changed, but continue to grow and expand, and that is our commitment to relationships such as those like our partner KPMG.  With cloud deployments moving from business enablement to business critical, there is a heightened need for a coordinated, layered security strategy. If you are attending #OOW19 this year and looking to learn how to minimize risk, increase data protection, and balance both with enhanced user access and capabilities of cloud and on-premise applications, then I encourage you to register for the following sessions with KPMG. Attend The Art of Risk Aversion and Threat Mitigation in the Cloud [CAS6671] Wednesday, September 18, 04:45 PM - 05:30 PM | Moscone South - Room 151A Today’s C-suite is responsible for establishing security and privacy goals and ultimately held accountable for the impacts of policy failures. In leveraging the cloud as an enabler to your business goals and objectives, you need answers to questions like: What are the IT, security, and privacy challenges caused by this shift? How can you maximize relationships with key influencers to achieve business goals? Attend this session to learn about risk aversion and threat mitigation and gain deeper insights into challenges and leading practices you can employ in your organization. Leading this session are Greg Jensen, senior director of security, Oracle, and Brian Jensen, managing director, KPMG LLP, authors of the Oracle and KPMG Cloud Threat Report 2019. Attend Why Cloud Application Security Is So Difficult to Manage [CAS6680] Monday, September 16, 01:45 PM - 02:30 PM | Moscone West - Room 2022A Cloud technology can transform an organization and its processes, but securing the cloud in an enterprise can be complex given the number of applications involved. Attend this session to learn about a strategic risk management approach to deploy cross-application security and controls solutions, which address application risks and privacy and compliance requirements. You’ll also gain insights into leading practices that enable cloud users while protecting sensitive data and transactions. Join Brian Jensen, managing director and Nick Seeman, managing director advisory, KPMG LLP and client John Rothka, chief accounting officer, Consol Energy for the discussion.   Join KPMG for breakfast Wednesday, September 18, 07:30 AM–09:00AM | The Palace Hotel - Second floor: Twin Peaks Jump start your day with a five-star breakfast and networking with your peers and KPMG to learn and discuss how applications, risk mitigation, and compliance are a balancing act for peak business performance. You’re invited to attend. Register here. There’s more… KPMG is a proud Platinum Sponsor of Oracle OpenWorld 2019. Stop by their booth (#404) in the Oracle OpenWorld Exchange, visit them at the Palace Hotel for a demo, or request a 1:1 meeting to discuss your current technology initiatives with their team. For more information, visit KPMG at Oracle OpenWorld.

So by now, many of you are already seeing that there is something new this year at Oracle’s OpenWorld. A new look! Oracle is venturing into a new area of our brand that extends us beyond the cold...