Oracle is strengthening Oracle Cloud Infrastructure (OCI) security services and capabilities to assist clients safeguard their cloud apps and data from emerging threats. A new built-in and cloud-native firewall service, as well as upgrades to Oracle Cloud Guard and Oracle Security Zones, complete out OCI’s already robust security offering. These advancements will also help enterprises protect their cloud deployments and apps with easy, prescriptive, and integrated services that do not require additional investment in most circumstances.
As businesses of all sizes, from financial services to retail, transfer mission-critical workloads to the cloud, they must protect themselves from security flaws both inside and beyond the firewall, which are leading to increasing data breaches and exposure. Gartner® believes that “at least 99 percent of cloud security failures will be the customer’s responsibility until 2023,” highlighting dangers that come from within a company. 1 To address this issue, cloud users and administrators must now understand how cloud security services function, how to configure them properly, and how to manage their cloud deployments.
Organizations are confident that their mission-critical applications and data can be securely hosted on premises as well as in the cloud. So, the question becomes one of the most pertinent ones. OCI’s cloud infrastructure design and new security services are highly focused and directive, based on a retrospective view of the complexity and lack of automation experienced by other vendor customers and other cloud computing options on the market. Oracle now makes cloud security easy and affordable for our customers.” Jay Bretzmann, Security Program director, IDC
New OCI Security Innovations
Oracle has built security fundamentals and integrations for OCI customers to help them meet regulatory compliance requirements, track security threats and issues, and prevent security-related incidents. Oracle extends its cloud security capabilities to provide multiple layers of defense to help identify and rapidly defeat emerging threats and security breaches. New features include:
- OCI Network Firewall: Provide centralized protection against network attacks over OCI with a new managed cloud-native firewall service powered by Palo Alto Networks VMSeries Next Generation Firewall (NGFW) technology. Firewalls provide security control, threat prevention and mitigation features, including custom URL filtering, intrusion prevention and detection (IDS/IPS), and TLS inspection for incoming traffic, out and side to client workloads hosted on OCI. With OCI Network Firewall, customers can quickly activate and secure their applications and cloud environments with firewall capabilities and extend security across their entire cloud deployment. OCI Network Firewall is available as a turnkey, allowing customers to take advantage of the firewall instantly, without the need to configure and manage additional security infrastructure.
- Oracle Threat Intelligence Service: Aggregates threat intelligence data from disparate sources and manages this data to provide useful insights for threat detection and prevention in Oracle Cloud Guard and other OCI services. The service provides insights from Oracle’s unique telemetry, open-source feeds such as abuse.ch and Tor exit relays, and third-party partners, such as CrowdStrike.
- Oracle Cloud Guard Threat Detector: Identify misconfigured resources, unsafe activity in customer environments, and potentially malicious activity. It gives security administrators the visibility they need to categorize and resolve cloud security issues. Security conflicts can be automatically remedied with Cloud Guard’s built-in security formulas to effectively scale up security operations centers.
- Oracle Security Zones: Expands Oracle Security Zones with help for customer-described coverage units and incorporates safety posture tracking with Cloud Guard. Now clients can create custom safety region coverage units to save you movements that would weaken a customer’s safety posture. Security Zone rules may be implemented on numerous cloud infrastructure types (e.g., network, computer, storage, database, etc.) to make sure cloud sources are stable and save you safety misconfigurations. Users decide which rules are suitable for his or her desires via defining custom safety region coverage units. OCI enforces Security Zone rules as an incorporated platform characteristic that helps develop the quantity of adjoining OCI Security services. In comparison to IAM permissions, that are related to people, Security Zone rules act as safety guardrails for sources and outline allowable configurations.
- Oracle Cloud Guard Fusion Application Detector: Extends Oracle Cloud Guard beyond cloud security posture management for OCI to monitor Oracle Fusion Cloud applications and provide customers with a consolidated view of security policies. First available for Oracle Fusion Cloud Human Resource Management and Oracle Cloud Enterprise Resource Planning, Oracle Cloud Guard Fusion Application Detection Kit provides preconfigured configurations or “recipes” and customized to track potential security breaches in applications. Detector triggers alerts about sensitive configuration changes related to user privileges affecting access to critical data, including adding, removing, or modifying data and functional privileges for roles and users, as well as changes to sensitive objects.
Oracle continues to lead the way in building cloud services with built-in, feature-rich security. By choosing to integrate Palo Alto Networks’ industry-leading VMSeries next-generation firewall technology, Oracle is offering its customers the same incredible security as the original, Oracle customers can rest easy knowing that they have access to a variety of network security tools from Palo Alto Networks.” Anand Oswal, Svp, Network Security, Palo Alto Networks
Oracle has decades of experience helping customers secure their valuable data and applications in the cloud and on-premises. With the OCI Network Firewall, powered by industry-leading Palo Alto Networks, we are bringing the ecosystem closer to these latest offerings. The set of cloud security services lowers the barrier to customers’ cloud security and makes it easier for them to identify more potential vulnerabilities.” Mahesh Thiagarajan, svp, Security and Developer Services, Oracle Cloud Infrastructure
Customers Across Industries Rely on OCI Security
Ferguson Enterprises is the largest U.S. distributor of plumbing supplies, PDF, water systems, and manufacturing and firefighting products.
As we entered the public cloud, Ferguson Enterprises focused on cloud security, Oracle Security Zones were integrated with Oracle Cloud Guard, helping Ferguson build a secure environment and stay secure with cloud management. Cloud really trusts and verifies security.” Karen Cake, Cloud Architect, Ferguson Enterprises
Northern Illinois University is a nationally recognized, student-centred public research university with expertise that benefits the region and reaches globally in a variety of fields, including science, humanities, arts, business, engineering, education, health, and law.
We turned to Oracle Cloud Guard to easily track and remediate security breaches, Oracle Cloud Guard can allow us to centrally monitor security, providing strong governance and control to what our team built into OCI.” Ruperto Herrera, director, ERP Architecture, Northern Illinois University