X

Cloud Security Perspectives and Insights

Dao Research Examines How Oracle is Addressing the Cloud Security Readiness Gap

One of the primary value propositions for cloud is that it makes life easier by transferring some of the cost and complexity to the cloud vendor. But that doesn’t always hold up for security professionals. The cloud represents an entirely new attack surface that needs to be understood and protected. Naturally, some confusion is expected as security teams ramp up on new technologies and practices. But not all clouds are created equal. As Dao Research discovered, Oracle Cloud Infrastructure is making it easier than other cloud platforms to navigate security requirements and secure enterprise workloads.

The Oracle and KPMG Cloud Threat Report for 2020 provides excellent insight into what organizations are experiencing with regard to cloud security. The research respondents confirmed that they are moving workloads to cloud and that they care about security. Three quarters believe the cloud to be generally more secure than their own data centers. This makes sense because the order of magnitude that cloud providers operate in make it easier for them to implement wide-scale security than individual organizations. Each of the top cloud providers, for example, offer broad data encryption, role-based access controls, secure networking options, and other expected security functions. But there’s still a big gap in terms of cloud security.

92% of respondents reported a cloud security readiness gap. That means they’re not comfortable with the security implications of moving workloads to cloud even if they believe it’s a secure environment. On average, they support 100 different security mechanisms for their on-premises environment, which is significantly complex and demands a tremendous amount of skills and knowledge. But those skills and that knowledge don’t necessarily translate to cloud. 78% reported that cloud requires different security than on-prem. Intensifying the challenge, only 8% of respondents claimed to fully understand the cloud security shared responsibilities model. That means most don’t even know what they’re responsible for; never mind how to implement the right policies and procedures, hire the right people, or find the right security technologies.

So, securing cloud workloads can be a prohibitively complex and confusing challenge. But lack of security features is not the issue. Each of the major cloud providers offers numerous security services and customers generally believe those platforms to be secure. The problem boils down to complexity and confusion. Oracle is working to address those concerns by removing cloud security complexity. If we can remove the human error, bake-in security by default, automate security wherever possible, and make it all easier, we think you’ll feel more ready to address cloud security challenges and get to that business value.

In a new research paper, Dao Research compares the cloud security capabilities offered by Amazon AWS, Google Cloud Platform, Microsoft Azure, and Oracle Cloud Infrastructure (OCI). They call out several of the steps Oracle has taken to simplify security in OCI. For example, they highlight that:

  • OCI Compartments provide a “much easier way to implement IAM and very strong access control capability.
  • OCI’s “SQL-like syntax for managing IAM policies” makes “programmatic management of IAM policies easier at scale.
  • OCI WAF offers “the most intuitive and user-friendly” policy definition.
  • “Oracle Autonomous Linux is the first of its kind and gives OCI the edge, with automated zero-downtime patching, known exploit detection, and more.”
  • Oracle Data Safe adds several security features at no additional charge for Oracle Cloud databases, including database security assessments, user risk scoring, sensitive data discovery, and data masking. This complements the strong native security features of Oracle databases.

Summarizing, the research concludes that “Oracle has an edge over Amazon, Microsoft, and Google, as it provides a more centralized security configuration and posture management, as well as more automated enforcement of security practices at no additional cost. This allows OCI customers to enhance overall security without requiring additional manual effort, as is the case with AWS, Azure, and GCP.

OCI was designed from the ground up with security-first design principles. There’s a lot of security baked in. But, as highlighted in the Dao Research paper, Oracle’s most impactful decisions about security may be the ones that reduce complexity and effort transferring more of the security responsibilities toward Oracle and away from the customer.

To learn more, download the paper:
Dao Research: Securing Data and Applications in the Cloud

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.