Cloud Security Perspectives and Insights

  • News
    September 16, 2019

Step Change in Cloud Security Led by Oracle

Johnnie Konstantas
Sr. Director, Security Product Management

This year’s Oracle OpenWorld has had groundbreaking news related to cloud security that I’m tremendously excited about. We have been busy, and while security-first has been a core operating tenet for Oracle since the inception of our Generation 2 Cloud, our latest body of work introduces significant changes in the way that public clouds address protection of critical workloads.

At the forefront of our announcements is security automation. The consensus among experts and analysts is that security misconfiguration is the most common cause of breaches and data theft on cloud. Most IT professionals agree that the cloud is secure but the big question is whether customers of the cloud are using it securely.

A simple search on “cloud misconfiguration” will yield article after article with sobering statistics like this piece citing the “Scourge of Misconfiguration”. The truth is that most clouds are highly resilient to attacks but customers often lack the resources and expertise to use all the security tools and controls that cloud providers make available. Even when teams have cyberskills depth and know-how, security best practices and configurations can drift over time, leaving systems unpatched for common vulnerabilities, and permissions to access ranging from too broad to non-existent. Customers want more than tooling to manage access, traffic ingress and application use. They need security to be easier to implement and maintain. This is at the core of Oracle’s new approach to cloud security, enabled by the following brand-new offerings:

Maximum Security Zones: Enclaves within a customer’s environment where security is mandatory and always on. Maximum Security Zones provide a combination of preventative and detective controls to enforce security controls and best practices to customer defined configurations of Oracle Cloud resources. Customers effectively lock down resources to known secure configurations, automatically prevent any insecure configuration changes, and continuously monitor and block anomalous activities. Maximum Security Zones are enforced though the automated activation of all relevant and preconfigured security services, including application security and Cloud Guard among others.

Oracle Cloud Guard: A unified security solution that provides global and centralized protection of all customer’s cloud assets. It analyzes data, detects threats and misconfigurations automatically, then hunts and kills those security threats. Oracle Cloud Guard proactively protects customer assets at all times and automatically intervenes without human intervention. Oracle Cloud Guard constantly watches and collects data from every part of the infrastructure and application stack, including audit logs, Oracle Data Safe, Oracle OS Management Service, as well as third-party products. Oracle Cloud Guard proactively detects and stops anomalous activity automatically, shutting down a malicious instance automatically, and proactively revoking user permissions when it detects anomalous user behavior.

Data Safe: Leveraging Oracle's decades of database security experience, Oracle Data Safe detects gaps in the defensive posture of database implementations and gives visibility to security issues with data, users, and configurations. A unified database security control center, Data Safe helps automate the protection of customers’ data including monitoring database activity, sensitive data discovery, and data masking and provides actionable recommendations on how to mitigate security risks. Oracle Data Safe can be used with Oracle Database Cloud services, including Autonomous Database, and complements the self-securing security features of the Oracle Autonomous Database, such as always-on encryption and automated patching.

Taken together, these new services make security enforceable by default and further centralize cloud and data security posture management. No other cloud vendors have automated the enforcement of security best practices and the detection and resolution of issues. It represents a complete rethink of the cloud responsibility matrix.  If a customer wants our help to secure their critical workloads, we will provide it as a clickable option that gives them the highest levels of protection available on Oracle Cloud without the human intervention to choose individual features or maintain security settings.

And that’s not all.  In total, there are over a dozen new security features including our new Logging Service, Dedicated Autonomous Database, Dedicated VM Hosts, enhancements to the Key Management Service, identity and access management as well as defense in depth with Web Application Firewall (WAF) updates, micro-segmentation support in network security, and a host of security partnerships with market leaders.

We believe that we’re making Oracle Cloud the most secure place for critical enterprise workloads.   We’re operating with a philosophy that cloud customers should be easily able to protect their data and applications according to best practices, rather than be left on their own to piece together custom security architectures, and face negative consequences from misconfiguration. To learn more, visit our comprehensive Oracle Cloud Security page or talk to us to get more information.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.