This year’s Oracle OpenWorld has had groundbreaking news related to cloud security that I’m tremendously excited about. We have been busy, and while security-first has been a core operating tenet for Oracle since the inception of our Generation 2 Cloud, our latest body of work introduces significant changes in the way that public clouds address protection of critical workloads.
At the forefront of our announcements is security automation. The consensus among experts and analysts is that security misconfiguration is the most common cause of breaches and data theft on cloud. Most IT professionals agree that the cloud is secure but the big question is whether customers of the cloud are using it securely.
A simple search on “cloud misconfiguration” will yield article after article with sobering statistics like piece citing the “Scourge of Misconfiguration”. The truth is that most clouds are highly resilient to attacks but customers often lack the resources and expertise to use all the security tools and controls that cloud providers make available. Even when teams have cyberskills depth and know-how, security best practices and configurations can drift over time, leaving systems unpatched for common vulnerabilities, and permissions to access ranging from too broad to non-existent. Customers want more than tooling to manage access, traffic ingress and application use. They need security to be easier to implement and maintain. This is at the core of Oracle’s new approach to cloud security, enabled by the following brand-new offerings:
Maximum Security Zones: Enclaves within a customer’s environment where security is mandatory and always on. Maximum Security Zones provide a combination of preventative and detective controls to enforce security controls and best practices to customer defined configurations of Oracle Cloud resources. Customers effectively lock down resources to known secure configurations, automatically prevent any insecure configuration changes, and continuously monitor and block anomalous activities. Maximum Security Zones are enforced though the automated activation of all relevant and preconfigured security services, including application security and Cloud Guard among others.
Oracle Cloud Guard: A unified security solution that provides global and centralized protection of all customer’s cloud assets. It analyzes data, detects threats and misconfigurations automatically, then hunts and kills those security threats. Oracle Cloud Guard proactively protects customer assets at all times and automatically intervenes without human intervention. Oracle Cloud Guard constantly watches and collects data from every part of the infrastructure and application stack, including audit logs, Oracle Data Safe, Oracle OS Management Service, as well as third-party products. Oracle Cloud Guard proactively detects and stops anomalous activity automatically, shutting down a malicious instance automatically, and proactively revoking user permissions when it detects anomalous user behavior.
Data Safe: Leveraging Oracle's decades of database security experience, Oracle Data Safe detects gaps in the defensive posture of database implementations and gives visibility to security issues with data, users, and configurations. A unified database security control center, Data Safe helps automate the protection of customers’ data including monitoring database activity, sensitive data discovery, and data masking and provides actionable recommendations on how to mitigate security risks. Oracle Data Safe can be used with Oracle Database Cloud services, including Autonomous Database, and complements the self-securing security features of the Oracle Autonomous Database, such as always-on encryption and automated patching.
Taken together, these new services make security enforceable by default and further centralize cloud and data security posture management. No other cloud vendors have automated the enforcement of security best practices and the detection and resolution of issues. It represents a complete rethink of the cloud responsibility matrix. If a customer wants our help to secure their critical workloads, we will provide it as a clickable option that gives them the highest levels of protection available on Oracle Cloud without the human intervention to choose individual features or maintain security settings.
And that’s not all. In total, there are over a dozen new security features including our new Logging Service, Dedicated Autonomous Database, Dedicated VM Hosts, enhancements to the , as well as defense in depth with updates, micro-segmentation support in network security, and a host of security partnerships with market leaders.
We believe that we’re making Oracle Cloud the most secure place for critical enterprise workloads. We’re operating with a philosophy that cloud customers should be easily able to protect their data and applications according to best practices, rather than be left on their own to piece together custom security architectures, and face negative consequences from misconfiguration. To learn more, visit our comprehensive or to get more information.