Oracle OpenWorld 2018 - the cloud security story
- Summary:
- Oracle is beefing up security for its cloud offerings. Here's what's coming.
Today I want to talk about the second generation of our cloud, featuring Star Wars cyber defences to protect our Generation 2 platform. We’ve had to re-architect it from the ground up. We’ve introduced Star Wars defences, impenetrable barriers, and autonomous robots. The combination of those things protect your data and protect our Generation 2 Cloud.
Here are some of those details:
- Web Application Firewall (WAF). The native WAF is designed to protect next generation Oracle Cloud Infrastructure applications against botnets, application attacks and DDoS attacks. The platform can then automatically respond to threats by blocking them and alerting security operations teams for further investigation.
- Distributed Denial of Service (DDoS) Protection. As part of the next generation of Oracle Cloud Infrastructure, all Oracle data centers get automated DDoS attack detection and mitigation of high volume, Layer 3/4 DDoS attacks. This helps ensure the availability of Oracle network resources even when under sustained attack.
- Cloud Access Security Broker (CASB). Keeping a cloud environment secure requires constant monitoring and enforcement to ensure that no one has set up an insecure network or left data unprotected. Oracle Cloud Access Security Broker (CASB) constantly checks OCI environments to help make sure that corporate security practices are being followed. It comes with preconfigured policies and controls so that customers can deploy applications faster while reducing security and operational risk. CASB also leverages machine learning-based behavioral analytics to predict threats.
- Key Management Service. Oracle Key Management enables enterprises to encrypt data using keys that they control and offers centralized key management and key lifecycle monitoring capabilities. The solution delivers partitions in highly available and certified Hardware Security Modules that are isolated per customer. It is ideal for organizations that need to verify for regulatory compliance and security governance purposes that their data is encrypted where it is stored.
From my conversation with Kyle York, Vice President, Product Strategy and General Manager Oracle Cloud Infrastructure I learned that Oracle is positioning these services as best in class, enterprise-grade. All well and good and I certainly admire the ambition. But I wonder whether Oracle runs the risk of putting a target on its back of a kind that is normally reserved for Microsoft and Amazon.
When you're doing business on the cloud and you are moving from a licensed software shipped to run inside the data center of your client to a globally scaled multi-tenant environment then you're naturally going to invest aggressively in security, monitoring, risk mitigation, defenses, procedures and playbooks that harden the capability set through a totally different distribution model. I think that's absolutely part of the overall Oracle transformation story of its business move to the cloud all the way from infrastructure all the way up to the application layer which is fundamentally different to others. We have invested in a different class of talent for exactly those reasons. We've aldo doubled down with our lreationship with the Cloud Security Alliance.
My take
Like my colleague Derek duPreez, I 'get it' and understand the importance of these essential measures. It is right that Oracle makes that clear to the market since it is bound to be part of wider IT decision making conversations, and especially those where there is significant complexity.; That's because the more complex the environment, the greater the number of points of potential weakness.
Cynics will likely argue that it speaks volumes about what Oracle was not doing prior to these announcements. That's too simplistic. We should remember that Oracle counts the U.S. Federal and State governments among its most important customers and those folk don't mess around with sub-par security specifications.