Cloud Security Perspectives and Insights
-
News
March 21, 2019
Is the Cloud Secure?
Are differing opinions about cloud cyber security an indication of a major unchecked risk, or just two different sides of the same valuable coin?
Security leads are confident about cloud security and are planning to house more and more of their sensitive data in the cloud. Recent data indicates a 3.5x increase in the amount of data expected to be stored on the public cloud from 2018 – 2020, according to the Oracle and KPMG Cloud Threat Report 2019.
However, at the same time, many practitioners question the inherent security of the cloud, even as they are directed to make the move by these leaders. One recent Twitter poll of IT practitioners (versus leaders) showed a distinct lack of confidence in cloud-based security.
And in defense of these practitioners, some breaches have occurred as a result of the move to the cloud. (One that comes to mind — the Amazon GoDaddy breach — was due to a misconfiguration of the AWS S3 buckets.)
So, is there something fundamentally insecure about today’s cloud services and infrastructure?
The short answer is “no”. But like many complex issues, the answer depends on the context. To fully unpack this issue requires taking a short detour into the history of cloud migration and observing how the first generation of cloud computing was created.
Generation 1 Infrastructure
In the first generation (this includes AWS, Microsoft Azure, and Google Cloud) the same servers that hosted control code were shared with customer data and code. This created a vulnerability, and ultimately prompted the need for another generation of cloud computing.
Generation 2 is different, however, and takes the idea of isolation very seriously.
Separation of Church and State
Oracle was second to the cloud infrastructure offering. While this may have been, in some respects, disadvantageous, ultimately it has allowed Oracle to learn from others’ mistakes and design a cloud infrastructure with security in mind, from the ground up. In a recent video clip, Oracle security execs, Eran Feigenbaum and Johnnie Konstantas, discuss how the initial weakness turned into an advantage.
In a security keynote at Oracle Open World last year, Larry Ellison explained that customers may have their own bare metal server or may share them amongst each other for economic reasons. However, they will never share the same server that houses cloud control code.
“We will never put our cloud control code on the same computer that houses customer code — this creates an incredible vulnerability….” — Larry Ellison
An excerpt from Larry Ellison’s Keynote comparing Gen 1 and Gen 2 cloud infrastructures.
2nd Generation Infrastructure
In Gen 2, Oracle made the decision to add a completely different layer of computer networks to house the cloud control code and has kept it separate from the tenant infrastructure.
In Larry Ellison’s Gen 2 Cloud Keynote at Open World 2018, Ellison talked about two things:
- An Impenetrable Barrier — dedicated network of cloud control computers to ensure one user can’t access another user’s data
- Autonomous Robots — Bots that find and kill threats
These two things have fundamentally change the security posture of tenants using cloud infrastructure.
Staying Safe in the Cloud
So, to answer the question: “Is the cloud more secure than on premises”, we can provide a resounding “yes,” but only when adhering to the following requirements:
- Know your responsibility — Although we didn’t dive into this any detail here, it’s an important consideration. Many people don’t realize that they have a security responsibility when taking tenancy in a cloud infrastructure setting. Make sure you’re aware of your responsibility and if you subscribe to a bare metal service, you have more responsibility than if, for example, you were subscribing to a SaaS offering. To learn more, read our blog on the Shared Responsibility Model.
- Use Gen 2, not Gen 1 — make sure your cloud infrastructure is designed from the ground up with security in mind, and this means, by necessity, Gen 2 or higher.
- Automation — ensure that the best AI and ML-based security tools are employed in your cloud infrastructure so that threats will be identified and stopped before they access (or worst yet, exfiltrate) your data.
So, whether you’re leading your organization full tilt to the cloud, or you’re an IT practitioner concerned about the underlying architecture of the service in which you’re about to take tenancy, rest assured, Oracle has you covered. This means not only has the infrastructure been designed from the ground up to be secure, but also the services that ride on top of it (like, for example, Oracle Autonomous Database) are also clad with an additional layer of security.
To learn more about how Oracle secures your most vulnerable and sensitive data assets, visit Oracle Database Security.