Oracle Introduces Two Security Services To Help Cloud Customers Avoid Data Breaches
Oracle Security Zones and Oracle Cloud Guard, both free, enable customers to ensure they’re following best practices in avoiding configuration errors that open the doors to intruders.
Oracle on Monday introduced two security services aimed at helping its cloud customers avoid configuration mistakes that lead to costly data breaches.
Oracle Security Zones ensures best security practices are implemented at the outset and Oracle Cloud Guard maintains those proper postures throughout day-to-day operations.
The two services, free and recommended to all cloud customers, benefit from Oracle’s deep visibility into Oracle Cloud Infrastructure as well as its expertise at the application and database layers of the cloud stack, Fred Kost, Oracle’s global vice president for security and analytics, told CRN.
[Related: New Oracle Cloud Chief Clay Magouyrk: ‘We’ve Thrown Everything Behind The Cloud’]
Most recent data breaches have resulted from a simple user error—typically either a bad initial configuration or configuration drift into a compromised state.
“We need to help customers with that, not get into a blame-game because they misconfigured,” Kost said.
Those errors often stem from confusion around the shared responsibility model that divides accountability for avoiding vulnerabilities between the cloud provider and user accounts.
While a cloud infrastructure provider can secure the foundation, customers need a better understanding of their responsibility under that model, Kost said, so they know “who owns what.”
That dynamic is driving an emerging sector of the security industry called Cloud Security Posture Management, CSPM, that provides tools ensuring consistent policies and procedures are applied across accounts and platforms.
While a number of third-party solutions are coming to market, Oracle was motivated to build its own CSPM services because it can look deeper than any ISV into its own compute, storage and networking infrastructure.
“We can peer deeply into our infrastructure and build detectors to get data out,” Kost said.
Oracle Security Zones allows customers to select a specific zone that meets the requirements of their workloads, and then automatically implements best practices based on that zone’s policy and compliance constraints.
“When you bring a workload to Oracle, we can enforce certain policies so you don’t misconfigure it. You can put something into a security zone, it’s preconfigured, hardened, you’re not going to forget to turn on encryption,” Kost said.
The product launches with a single Maximum Security zone, but more variants will come to support workloads for which that one is too restrictive.
Oracle Cloud Guard then monitors those workloads, either inside or outside a security zone, through a detect-and-response framework that can automatically remediate problems. The continuous assessment service aggregates logs and events in assessing vulnerabilities like exposure of data buckets through public IP addresses or permissions to talk to Tor nodes.
Cloud Guard “presents where problems are, where critical issues are, and in many cases automatically remediates them so you don’t have to do anything,” Kost said.
The goal of both Security Zones and Cloud Guard is making it easier for customers to implement and maintain proper security, “so anyone can do it,” he told CRN.
Oracle provides tools to onboard customers on those products.
In addition to preventing breaches, use of the two new services can help customers anticipate compliance challenges that will become more relevant to their businesses in the future.
Oracle’s channel partners will see the benefit of the two services, Kost said.
“For a partner, it actually helps them deploy a customer with these services in the cloud without having to spend more time training security people and buy new products,” he told CRN.
One Oracle customer already using both products internally to support its IT organization is consulting giant Accenture, he said.