Security leads are confident about cloud security and are planning to house more and more of their sensitive data in the cloud. Recent data indicates a 3.5x increase in the amount of data expected to be stored on the public cloud from 2018 – 2020, according to the Oracle and KPMG Cloud Threat Report 2019.
However, at the same time, many practitioners question the inherent security of the cloud, even as they are directed to make the move by these leaders. One recent Twitter poll of IT practitioners (versus leaders) showed a distinct lack of confidence in cloud-based security.
And in defense of these practitioners, some breaches have occurred as a result of the move to the cloud. (One that comes to mind — the Amazon GoDaddy breach — was due to a misconfiguration of the AWS S3 buckets.)
So, is there something fundamentally insecure about today’s cloud services and infrastructure?
The short answer is “no”. But like many complex issues, the answer depends on the context. To fully unpack this issue requires taking a short detour into the history of cloud migration and observing how the first generation of cloud computing was created.
In the first generation (this includes AWS, Microsoft Azure, and Google Cloud) the same servers that hosted control code were shared with customer data and code. This created a vulnerability, and ultimately prompted the need for another generation of cloud computing.
Generation 2 is different, however, and takes the idea of isolation very seriously.
Oracle was second to the cloud infrastructure offering. While this may have been, in some respects, disadvantageous, ultimately it has allowed Oracle to learn from others’ mistakes and design a cloud infrastructure with security in mind, from the ground up. In a recent video clip, Oracle security execs, Eran Feigenbaum and Johnnie Konstantas, discuss how the initial weakness turned into an advantage.
In a security keynote at Oracle Open World last year, Larry Ellison explained that customers may have their own bare metal server or may share them amongst each other for economic reasons. However, they will never share the same server that houses cloud control code.
An excerpt from Larry Ellison’s Keynote comparing Gen 1 and Gen 2 cloud infrastructures.
In Gen 2, Oracle made the decision to add a completely different layer of computer networks to house the cloud control code and has kept it separate from the tenant infrastructure.
In Larry Ellison’s Gen 2 Cloud Keynote at Open World 2018, Ellison talked about two things:
These two things have fundamentally change the security posture of tenants using cloud infrastructure.
So, to answer the question: “Is the cloud more secure than on premises”, we can provide a resounding “yes,” but only when adhering to the following requirements:
So, whether you’re leading your organization full tilt to the cloud, or you’re an IT practitioner concerned about the underlying architecture of the service in which you’re about to take tenancy, rest assured, Oracle has you covered. This means not only has the infrastructure been designed from the ground up to be secure, but also the services that ride on top of it (like, for example, Oracle Autonomous Database) are also clad with an additional layer of security.
To learn more about how Oracle secures your most vulnerable and sensitive data assets, visit Oracle Database Security.