Oracle announced the availability of Oracle Cloud Guard and Oracle Maximum Security Zones. With Oracle Maximum Security Zones, Oracle is the first public cloud provider to activate security policy enforcement of best practices automatically from day one so customers can prevent misconfiguration errors and deploy workloads securely.
For day-to-day operations, Oracle Cloud Guard continuously monitors configurations and activities to identify threats and automatically acts to remediate them across all Oracle Cloud global regions.
With these capabilities, Oracle is the only cloud service provider to offer a cloud security posture management dashboard at no additional cost, with numerous pre-built tools that automate response to reduce customer risk quickly and efficiently.
Companies are moving more business-critical workloads to the cloud than ever before. The increase in cloud adoption has created new security “blind spots” that have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records.
Gartner forecasts that “through 2025, 99 percent of cloud security failures will be the customer’s fault.” Cloud users and administrators are now expected to know how cloud security services work, configure them correctly, and maintain their cloud deployments.
Organizations that have experienced data breaches due to misconfigurations have suffered brand damage, recovery costs and fines. Oracle Maximum Security Zones and Oracle Cloud Guard embed decades of enterprise security expertise and best practices into the Oracle public cloud in an autonomous fashion, accelerating customers’ ability to ramp up to their cloud estate securely from inception.
“Security has been a critical design consideration across Oracle Cloud for years. We believe security should be foundational and built in, and customers shouldn’t be forced to make tradeoffs between security and cost,” said Clay Magouyrk, executive vice president, Oracle Cloud Infrastructure.
“With Oracle Cloud Guard and Oracle Maximum Security Zones’ security automation and embedded expertise, customers can feel confident running their business-critical workloads on Oracle Cloud.”
Now available in all Oracle Cloud commercial regions, Oracle Cloud Guard acts as a log and events aggregator that directly integrates with all major Oracle Cloud Infrastructure services – Compute, Networking, Storage – and automatically implements unique components called targets, detectors, and responders.
Targets set the scope of resources to be examined, such as compartments and their descendent structures within Oracle Cloud Infrastructure. Detectors identify issues with resources or user actions and alert when an issue is found, such as a TOR login or public bucket.
Responders provide notifications and corrective actions to security problems by automatically stopping the instance, suspending the user, or disabling the bucket. As a result, Oracle Cloud Guard provides security administrators the cloud detect-and-response framework needed to lower the mean time to respond to security misconfigurations and scale out security operations centers.
Oracle Maximum Security Zones extends IaaS access management to restrict insecure actions or configurations using a new policy definition that applies to designated cloud compartments. This new Oracle Cloud Infrastructure service helps ensure resources are secure from inception by enforcing rigorous security best practices for highly sensitive workloads.
Oracle Maximum Security Zones includes policies for several core Oracle Cloud Infrastructure Services, including Object Storage, Networking, Encryption, DBaaS, and File Storage.
These new services work in tandem to further Oracle’s second-generation public cloud, which is built with security as a critical foundation. Oracle Cloud is distinguished for bedrock design primitives, including high customer isolation, clean host hardware, default encryption, no downtime patching, and sophisticated data protection.
“As workloads transition to the cloud, organizations are looking for a supplier where security technology is designed-in throughout the complete hardware/software stack,” said Jay Bretzmann, program director, IDC cybersecurity research.
“Oracle’s new cloud security services will help automate and simplify the management of increasingly critical applications with painfully stringent security and compliance requirements that, until lately, few imagined would ever migrate off premises.”
Customers adopt new built-in security services
Accenture is one of the largest consulting companies in the world, employing about 500,000 people worldwide. “Accelerating the path to value is our key focus area, and Oracle technology and Oracle Cloud is a key factor to deliver on that. We were immediately impressed with Oracle Cloud Guard – the set-up, ease of use, and immediate results about potential misconfigurations,” said Chris Pasternak, managing director, Accenture.
“We appreciate the fact that this capability is available at no cost above the Oracle Cloud Infrastructure investment. It further solidifies the conversations I have with my clients about how Oracle builds Oracle Cloud with security in mind first; Oracle Cloud Guard is a great example of how Oracle continues that heritage.”
ALEF is a laboratory for financial economics and produces solutions to the financial problems of public and private firms, banks, and insurance companies.
“We adopted Oracle Cloud Infrastructure to help us and our customers achieve better, predictable performance for deeper analysis workloads. As part of Oracle Cloud Infrastructure, we found Oracle Cloud Guard to be very powerful in helping us discover complex security issues,” said Pietro Lascari, delivery manager, ALEF.
“Oracle Cloud Guard helped ALEF anticipate the right security posture for upcoming compliance regulations for our customers and implement them quickly using existing tools and APIs. Oracle Cloud Guard is a great tool to anticipate security and compliance concerns before they have even occurred.”
Darling Ingredients, a global developer and producer of sustainable natural ingredients from edible and inedible bio-nutrients, is using Oracle’s new services to evaluate its security posture as the company deploys production instances of business-critical workloads in Oracle Cloud Infrastructure.
“We recently turned on Oracle Cloud Guard, and we’ve been looking at Oracle Maximum Security Zones to see how we’re doing as we deploy the Oracle E-Business Suite production instance into Oracle Cloud Infrastructure,” said Tom Morgan, threat intelligence lead, Cyber Security Group, Darling Ingredients.
“What I like about Oracle Cloud Guard is the fact that it is continuously running and available to a wider group of people, which provides a continuous improvement process in our security posture. It’s also included with Oracle Cloud Infrastructure, which is a really good value.”
Discngine specializes in developing applications for life sciences research. The company relies on Oracle Cloud Infrastructure to enable its researchers to model protein structures and small molecules and uses Oracle Cloud Guard’s embedded rules to continuously monitor the security status of its cloud assets.
“With Oracle Cloud Guard, we were able to analyze each alert and assess the associated security risks,” said Alexandre Gillet-Markowska, cloud security officer, Discngine. “That allowed us to quickly obtain a key security certification by one of our largest customers and freed up valuable time to focus on innovation.”
Siram Veolia, a group that offers sustainable solutions for the management and optimization of environmental resources, adopted Oracle Cloud for its digital transformation program.
“Oracle Cloud Guard is an excellent product to automatically identify and resolve security misconfigurations and unused resources on Oracle Cloud Infrastructure,” said Davide Benedetto, head cloud team, Siram Veolia.
“We were able to activate Oracle Cloud Guard in a few hours, and it has been very easy to manage and configure. As a result, we have been able to improve our Oracle Cloud governance and security with minimal effort.”