Cloud Security Perspectives and Insights

  • News
    September 15, 2019

Introducing Automated SaaS Cloud Security Services

David B. Cross
SVP SaaS Security

This week is Oracle OpenWorld in San Francisco, and I am personally quite excited to be speaking for the first time about how we build Oracle SaaS in a zero-trust cloud environment. It’s common knowledge that organizations are storing and using more business-critical data in the cloud than ever before. The rapid shift to cloud has naturally driven the need for a new approach in monitoring, not only for the threats of external attackers, but also for the risk of a known user misusing their identity or access entitlements.

This is why we have built a zero-trust environment for all of our applications to rely upon. This environment delivers next-generation security innovation that is specifically designed for application threats. These threats are often very different in scope, approach, or technique compared to an underlying operating system or hypervisor layer. A zero-trust environment is based on strict identity management, access controls and holistic security monitoring, analysis, and alerting. 

In Oracle SaaS, we rely upon multiple technologies, automatic deployment, and end-to-end scenario analysis for all properties and services by default. Some of the examples of the automated Oracle SaaS Cloud Security Services that are implemented by default for all Oracle SaaS applications include:

  • Automated detection of malicious actions, behaviors, and unauthorized changesComprehensive IAM suite to ensure least privilege and authorized access to all services
  • ML/AI-based activity analysis of SaaS application logs and activities
  • Continuous asset discovery, scanning, and management to ensure consistent configuration, compliance and operations
  • Advanced security incident and event system with workflows, alerting, and rapid analysis
  • Holistic system-endpoint protection and integrity management across all operating systems, platforms, and application stacks

These security systems are automatically in place for all applications and customers in the Oracle Cloud to ensure both protection of data, as well as availability of systems by default. I like to refer to this as ASCSS: the Automated SaaS Cloud Security Services. We are constantly expanding and integrating new security systems based on the emerging Oracle Cloud security platform innovation, which you will also get to learn more about next week at Oracle OpenWorld. 

If you are attending OpenWorld, I look forward to sharing our latest updates and meeting you at my session on Wednesday at 9am, please take a moment to register if you would like to join. If you are not able to attend, please use this as a preview of future blogs and information I will be sharing for SaaS Cloud Security over the next few months.


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.