New features strengthen defenses in Oracle Cloud Infrastructure (OCI) to help enterprises secure applications and data
Oracle is expanding on Oracle's integrated security services and capabilities. Oracle Cloud Infrastructure (OCI) to help customers protect cloud applications from threats. Five new features round out OCI's already comprehensive security offering, including a new integrated, cloud-native firewall service, as well as enhancements to Oracle Cloud Guard and Oracle Security Zones. These innovations will help ensure that organizations can easily secure cloud deployments and applications with simple, prescriptive, integrated services that, in most cases, require no additional investment.
As organizations across industries from financial services to retail move mission-critical workloads to the cloud, they need more resources to defend against vulnerabilities from inside and outside the firewall, which are resulting in more breaches and exposed data. For example, when highlighting threats that originate within an enterprise, Gartner® estimates that “by 2023, at least 99% of security breaches in the cloud will be customer failure”. To overcome this challenge, it is expected that cloud users and administrators now know how security services work, can configure them correctly, and maintain cloud deployments.
“Looking back, many organizations now believe that critical applications and data can be securely hosted in a cloud environment. So it becomes a matter of adaptation. The design of OCI's cloud infrastructure and new security services is purpose-built and based on other cloud options on the market and the complexities and lack of automation that customers of other providers encounter. Oracle has made it easy for its customers to consume and save cloud security,” said Jay Bretzmann, Director of Security Program, IDC.
OCI Security Innovations
Oracle has made security a fundamental and integrated capability of the OCI to meet regulatory compliance requirements, stay ahead of security threats and concerns, and prevent security-related disruptions. The company is expanding security capabilities in the cloud to provide multiple layers of defense and help quickly identify and combat emerging threats and security breaches. New features include:
• OCI Network Firewall: centralized cyber-attack protection across the OCI with a new cloud-native managed firewall service powered by Next-Generation Firewall (NGFW) from the Palo Alto Networks VM series. The firewall brings security controls, threat prevention, and mitigation features, including custom URL filtering, intrusion prevention and detection (IDS/IPS), and TLS inspection for inbound, outbound, and lateral traffic for client workloads hosted on the OC. With OCI Network Firewall, customers can quickly enable and secure their applications and cloud environment with firewall capabilities and scale security across their entire cloud deployment. OCI Network Firewall is available as a turnkey offering to allow customers to immediately take advantage of the firewall without the need to configure and manage additional security infrastructure.
• Oracle Threat Intelligence Service: aggregates threat intelligence data from many different sources and manages threat detection and prevention in Oracle Cloud Guard and other OCI services. This service provides insights from Oracle security experts, proprietary telemetry, open source feeds such as abuse .ch and Tor output relays, and third-party partners such as CrowdStrike.
• Oracle Cloud Guard Threat Detector: identifies misconfigured resources, unsafe activity, and malicious threat activity. With it, security administrators will have visibility to triage and resolve security issues in the cloud. Security inconsistencies can be automatically corrected with out-of-the-box Cloud Guard security recipes to efficiently scale the operations center.
• Oracle Security Zones: expands Oracle Security Zones with support for customer-defined policies and security posture monitoring integrated with Cloud Guard. Customers can now create custom security zone procedures. Security zone policies can be applied to various types of cloud infrastructure (eg network, compute, storage, database, etc.) to ensure that cloud resources remain secure and prevent incorrect security configurations. Users determine which policies are appropriate for their needs by defining custom security zone policy sets. OCI enforces Security Zone policies as an integrated platform feature that supports a growing number of adjacent OCI security services. Unlike IAM permissions, which are associated with people, Security Zone policies act as security guardrails for resources and define allowed settings.
• Oracle Cloud Guard Fusion Applications Detector: extends Oracle Cloud Guard beyond cloud security posture management for OCI to also monitor Oracle Fusion Cloud Applications and with a consolidated view of IaaS and SaaS security policies. Available first for Oracle Fusion Cloud Human Capital Management and Oracle Fusion Cloud Enterprise Resource Planning, Oracle Cloud Guard Fusion Applications Detector provides pre-configured and customized configurations or “recipes” to monitor potential security breaches in applications. Detectors trigger alerts about sensitive configuration changes related to user privileges that affect access to sensitive data, including adding, deleting or modifying data and role privileges for roles and users and changes to sensitive objects.
“Oracle continues to pave the way for creating cloud services that are natively integrated and feature advanced security features. By choosing to integrate industry-leading technology into the Palo Alto Networks VM Series next-generation firewall, Oracle is offering customers unparalleled security as a native service,” said Anand Oswal, Senior Vice President, Network Security, Palo Alto Networks. “Oracle customers know they have access to many of Palo Alto Networks' network security tools.”
“Oracle has decades of experience guiding customers to protect valuable data and applications in the cloud and on-premises,” said Mahesh Thiagarajan, senior vice president, Security and Developer Services, Oracle Cloud Infrastructure. “With the OCI Network Firewall, powered by industry-leading Palo Alto Networks, we are bringing the platform ecosystem closer. These latest innovations, combined with our existing offerings, provide organizations with a comprehensive set of cloud security services that make it easier to protect customer cloud environments and help them identify potential vulnerabilities more easily.”
Companies from various industries depend on OCI security
Ferguson is the largest US distributor of plumbing supplies, PVF, plumbing systems and fire products. “As we venture into the public cloud, Ferguson Enterprises is focused on cloud security,” said Karen Cake, Cloud Architect, Ferguson Enterprises. “Oracle Security Zones integrated with Oracle Cloud Guard helps Ferguson create secure environments and stay secure with security posture management that trusts and analyzes.”
Northern Illinois University is a nationally recognized, student-centered public research university with experience that benefits not just your region but the entire world, with expertise in diverse fields including science, humanities, arts, business, engineering, education. , health and law. “We turn to Oracle Cloud Guard to easily monitor and remediate security breaches,” said Ruperto Herrera, director, ERP architecture, Northern Illinois University. “Oracle Cloud Guard can allow us to centrally monitor security posture, providing strong governance and control over what is being developed at OCI by our team.”
EN 
PT 
