Cloud Security Perspectives and Insights

Enable Secure Access to Remote Workforce using Oracle Cloud Infrastructure

Dragan Petkovic
EMEA BDM - Security

Business continuity plans have been improving for years. They address almost every possible scenario from electricity loss to major disasters such as earthquakes, fires, or floods. The primary focus of disaster recovery plans has traditionally been real estate; if the primary physical site is unavailable, the business should be able to rebound from another site with as little disruption as possible. Over the past few months, however, we've experienced a different kind of disaster that forced employees around the world into a work-from-home model. Working from home has become the new standard for many organizations, and we'll likely see it continue for years to come.  

The widespread adoption of work-from-home was an eye-opener for many executives. Not only did employees not abuse the situation as a sabbatical opportunity, but they also worked longer and harder than in the office. Some roles and responsibilities will never be possible to be taken remotely, but there is a significant percentage that will continue working remotely regardless of future developments. Major analyst's consensus is that between 5 and 20 percent of the office-based positions will likely remain working remotely at 74% of the organizations. 

Organizations where most of the workforce is mobile, are in a better position to adapt to the new normal. Many have a majority of services already in the cloud, while others rely on virtual private networks (VPN) for remote access. One commonality is that most have collaboration and self-service readily available from anywhere.

Many other organizations are not that lucky and face a steep learning curve while quickly adapting to the new normal. Directly exposing internal services to the internet proved nearly catastrophic to some. Weak authentication, poor access control, and unpatched software make a data breach almost guaranteed. While VPNs offer a generally trusted solution, they come with shortfalls too; most organizations will struggle with the procurement of hardware, configuration, and additional bandwidth requirements. The secure deployment of a VPN is a time-consuming task. In general, VPNs do not scale well and are prone to DDoS type of attacks.

Oracle's solution for the remote workforce is based on zero trust architecture. It comprises Identity Cloud ServicesWeb Application Firewall, and the load balancer, all part of Oracle Cloud Infrastructure (OCI).  The critical component of the solution is the AppGate, part of the IDCS.  AppGate provides single sign-on to on-premise web applications by consuming IDCS authentication tokens, thus reducing the requirement for on-premise access management solutions while maintaining data residency where required. Based on reverse proxy technology, it finds new usage by being deployed in Oracle's cloud to interface between remote users and back end applications. The architecture provides a clear cut between on-premise and cloud while keeping the benefits of both. 

Oracle Identity Cloud Service provides additional critical functionality to secure the solution. Password-based authentication is not sufficient for access to business-critical applications, which is effectively corrected with MFA provided by IDCS. Adaptive and risk-based authentication strengthens the solution further by providing device and browser fingerprinting and granular policies for authentication that meet the organization's business model. The protection is not limited to browser-based applications, as any web service API can be protected. If user preference is access via mobile apps, it is provided transparently with the same security posture. 

Authorization and audit capabilities of IDCS reduce time to value by removing otherwise required mapping between VPN access log and target web applications. 

In the recently released Oracle and KPMG Cloud Threat Report 2020, proven attack types such as phishing persisted, and 44% of organizations reported being a target in the past 24 months. Targeting high worth assets, also known as spear phishing, is on a particular rise. Recent reports in various publications corroborate Oracle's and KPMG's findings. PC Mag reports a 350% increase of phishing attacks based on data from a major webmail site while niche security vendors report up to 300x rise in attacks based on recent events. In addition to identity and access management and adaptive access management, Oracle and KPMG Cloud Threat Report recommends MFA as an essential security control. 

In the next week’s post, we will describe the components into more detail and provide recommended deployment topology. Stay tuned.



For a quick overview of IDCS MFA go here.

For steps on how to use the Application Gateway go here.

For more information on IDCS go here.

For more information on WAF go here.

For more information on OCI Networking solutions go here.

You can get a trial Oracle cloud account here.

Watch the webinar: IDCS for Enterprise Apps

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.