X

Cloud Security Perspectives and Insights

Enable Secure Access to Remote Workforce using Oracle Cloud Infrastructure - Part 2

Dragan Petkovic
EMEA BDM - Security

In the first part of the remote workforce blog series, we described high-level architecture and covered detail around Identity Cloud Services, which is the solution's key component. In this entry, we will look into the more detailed architecture and other elements.

The continuous evaluation model in Oracle Identity Cloud Service keeps track of user’s activity in the system and can gather risk data from external sources. Customers can define policies that contain context-based rules and actions. These rules leverage the user, application, device, risk and request context to dynamically determine; if a user is allowed access, denied access or needs to be prompted for Multi-Factor Authentication (MFA). Identity Cloud Service provides full flexibility by integrating with existing PAM, SIEM, UEBA, or access certification solutions, thus protecting existing security investments.

           

Deployment of a Web Application Firewall (WAF) is critical to securing newly exposed web applications. It is a best practice to secure all resources appropriately, regardless of whether they have public access, but this is not always the case for the internal applications. Access control, hardening, and patching are critical challenges, and WAF comes handy when protecting from the top 10 threats. WAF provides full access control based on explicit rules or reputation scoring. For example, if the organization spans across specific geography, it is wise to restrict the access only to the territory it operates. However, this functionality does not limit usability and the exemptions to the rule have to be stated explicitly. WAF also secures from DoS and DDoS type of attacks and provides bot protection. An additional benefit of the solution is caching; as most of the content served to business users is static. Caching provides significant bandwidth improvements, a feature that VPN by design cannot.

A load balancer provides high availability of the solution across multiple regions with traffic acceleration. This feature would be particularly useful to global organizations as traffic will be routed through the optimal load AppGate, thus minimizing latency.

Oracle’s FastConnect enables customers to integrate their datacenters with OCI datacenters, which are available in all regions, very quickly. Without changing the underlying architecture, on-premises enterprise applications can be accessed by remote workforce via internet. In the future, customers can plan to move these enterprise applications into OCI completely as part of their cloud adoption strategy with no disruption to their business. Here is a sample topology diagram explaining all components: 

             

Validity of the Solution
Web access management solutions have been around since the dawn of dotcom, and Oracle is one of the early pioneers with the acquisition of Oblix. The innovation is in deploying the AppGate in the cloud, thus maximizing its performance.  The solution is holistic and unique by providing all the required components from a single vendor. Our customers have been able to successfully deploy this solution in a matter of days. Organizations can focus on their core business and enable their remote workforce quickly without being integrators of piecemeal components.

Oracle's solution benefits:

  • Complete solution with WAF, Load balancer, IDCS Application Gateway and FastConenct
  • Quick deployment and faster time to success
  • Single point of control for access to all web resources, regardless of location
  • Multi-factor authentication with adaptive security for remote access
  • Enforce authentication, authorizations and API security for all legacy, enterprise, and modern workloads
  • Web application firewall for the protection of newly exposed workloads
  • Single point for audit targeted for enterprise resources only to meet privacy requirements
  • Seamless integration with on premises Active Directory / LDAP eliminates requirement for additional provisioning.
  • Optional SSO or reauthentication for the back-end resources

Conclusion
Oracle's solution for the remote workforce provides quick and secure access and hits the nail on the head as an immediate solution for the new normal. Options for remote working will become part of revised business continuity plans. The ability to spin up and roll out quickly with a minimal upfront financial commitment makes the solution a sensible choice for midterm business continuity plans. If the organization plans on moving its workloads to the cloud, it will be able to do it seamlessly without any disruption. The front end security controls required for lift-and-shift to OCI are the same, thus protecting the investment. State of the art security solutions should be able to address workloads regardless of where they are, and this one certainly can.

GETTING STARTED WITh a Remote workforce solution using Oracle:

For a quick overview of IDCS MFA go here

For steps on how to use Application Gateway go here

Visit our webpages for more information on WAF, Identity Cloud Service, and OCI Networking solutions

To get a trial Oracle cloud account go here

Watch webinar : IDCS for Enterprise Apps

 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.