World class application cloud security

December 5, 2022 | 3 minute read
David B. Cross
SVP SaaS Security
Text Size 100%:

At Oracle, we engineer the best-in-class security for all SaaS products and services in the Oracle Cloud. Recently at Oracle CloudWorld, we presented how we continually through automation provide a defense-in-depth approach to our cloud-based applications. Here is a high-level summary of our announcements in each of our major pillars from the conference this year.

World Class Application Cloud Security

Foundational Controls

The SaaS Cloud Security (SCS) uses our Automated SaaS Cloud Security Services (ASCSS) infrastructure to engineer and automate our security infrastructure that is built on top of and integrated with the innovative Oracle Cloud platform. Let’s drill into each of the core areas that are a foundation for our applications and services:

  • Next Generation Security Tools and Controls – The ASCSS infrastructure embraces new security technology, tools, and features to help reduce risks throughout the SaaS architecture.  We build security into every layer of the stack from the beginning of its development process.
  • Machine Learning/AI-Based Automated Detections – We have integrated ML and AI based analysis with Oracle’s internal Security Information and Event Management (SIEM) architecture for automated log correlation and rapid resolutions. With our cutting-edge ML based technology, we can identify and predict attack patterns to help protect against any imminent attacks and to quickly respond.
  • Continuous Monitoring – The Oracle global support model works to help ensure our customers have the appropriate support whenever they need it. We operate 24x7 across all regions and environments to help you address your needs and regulations. We proactively perform continuous automated Scanning, Analysis, and Event Correlation from all sources for rapid detection and correlation of both suspicious events as well as configuration and deployment information.
  • Oracle Software Security Assurance (OSSA) – Oracle established and adheres to the OSSA process and philosophy helping ensure security is built into every aspect of the development lifecycle.  We leverage industry leading Secure Coding practices, continuous employee education, and Ethical hacking practices that are enforced throughout the development process.
  • End-to-End Stack Control – Oracle can offer full control of the hardware, firmware, hypervisor, OS, network, database, middleware, and applications components, giving our customers a distinct security, integration, and performance advantage.

Next Generation Application Security

Also at Oracle CloudWorld, we announced and shared the initial details of our next generation application security controls for the Oracle Fusion Cloud Applications:

  • Web Application Firewall (WAF) for Fusion – WAF for Fusion is an Oracle-managed, second-generation, enterprise cloud-based security solution that works as an additional security control providing always-on layer-7 protection against targeted attacks. Specifically, WAF for Fusion can monitor and detect malicious HTTP and HTTPS traffic sources to help safeguard your Fusion applications, workloads, and critical data from DDoS attacks and other threats, including the Open Web Application Security Project (OWASP) Top 10 vulnerability risks.


  • Cloud Guard Fusion Applications Detector – In the shared responsibility model, customers have the responsibility to manage and monitor security for the application, data, and identity layers of the stack. Cloud Guard Fusion Applications Detector helps customers monitor and alert security violations in Oracle Cloud HCM and Oracle Cloud ERP. It provides pre-configured detector recipes triggered by configuration changes related to user privileges that impact sensitive data, such as adding, deleting, or modifying data or function privileges. Fusion Applications Detector will be released in early 2023.


In summary, Oracle’s Defense-in-Depth architecture and least-privilege/zero-trust philosophy give customers the assurance that their data is well protected and hosted in a World Class Application Cloud Security platform.

Please check out our session at Oracle CloudWorld and our associated blogs to learn more about all our advancements and new capabilities.



David B. Cross

SVP SaaS Security

David is the Senior Vice President for the Oracle SaaS Cloud Security engineering and operations organization.  Previously, David was the public Cloud Security Engineering Director in the Google Security and Privacy organization and his preceding 18 years were spent with Microsoft in numerous security cloud, product and engineering leadership roles.  David holds a B.S. in Computer Information Systems as well as an MBA with a Management Information Systems concentration and is a longtime advocate of security application and technology stemming back to his US military service.

Previous Post

AT&T, Albertsons, Macquarie share stories of digital finance transformation

Lynne Sampson | 6 min read

Next Post

6 steps to designing enterprise applications your organization will love

Hillel Cooperman | 6 min read