cloud based solutions west midlands

10 proven ways to improve cloud security

Security has always been one of the major hindrances to cloud adoption. The new operating model introduces previously unknown risks into infrastructure planning. But with digital transformation projects gathering pace, the cloud is now an essential aspect of agile operations.

So how can your business minimise cloud security risks effectively? Here are ten key considerations:

1. Security by default

Security controls should be enabled by default by cloud providers – preferably with a zero-trust approach. This will prevent your applications from being left unconfigured (and unprotected) during deployment and operations.

2. Shared responsibility operations

Your cloud provider should deliver platform-level security services as an integral part of their offering. You also need to understand the division of responsibility from the outset to prevent gaps in your defences.

3. Defence-in-depth

Modern cyberattacks work on multiple levels – so you need defences that operate across every layer of your technology stack. From physical hardware to incoming API calls at the software level, every layer must be monitored and secured.

4. Continuous compliance

Although not strictly a security requirement, regulatory compliance is essential. Your cloud provider should offer management tools that allow you to monitor and enforce operational compliance across your entire IT estate (on-premise and in the cloud).

5. Use ML to identify unknown security risks

Staying ahead of cybercriminals means being able to identify and block previously unknown attacks in advance. Machine learning (ML) tools can monitor your cloud activity to identify, and report suspicious activity long before your cybersecurity tools catch up.

6. Automated responses

Identifying threats with ML is just the first step – you then need to coordinate and orchestrate your response as quickly as possible. Your cloud provider should offer advanced tools that automate and accelerate your response to further narrow the window of opportunity for cybercriminals.

7. Identity management tools

To operate effective zero-trust security means having the right tools to manage identity, particularly as the traditional network edge is eroded by ‘work anywhere’ cloud operations. You need tools which control access and privileges for devices, apps and users across your entire IT estate.

8. Separation of duties and access

Preventing individuals from having excessive admin rights is crucial to limiting potential damage in the event of credential compromise. Separating duties and access also ensures that data is properly protected against improper access by ensuring individuals cannot access sensitive information without additional authorisation.

9. End-to-end visibility

Now that hybrid cloud operations are the norm, you need tools that extend visibility and control across the whole IT environment. Cloud access security broker (CASB) and cloud security posture management (CSPM) tools provide those tools, ensuring complete oversight of your platform as a whole.

10. Scalability

Much of the power of the cloud lies in its infinite scalability. But you must ensure that your security defences and tools can scale effectively in line with your operations.

Ask the tough questions

Unless a cloud provider can meet all ten of these requirements, they will never be able to properly reduce your security risk profile. Do not be afraid to ask the tough questions of a potential provider – or to walk away if they are unable to fully address your needs.

If you’d like to learn more about how to properly secure your cloud infrastructure, please give us a call .

cloud based solutions birmingham

Understanding Oracle Cloud Security

Unlike other hyperscalers, Oracle has built their cloud platforms to include multi-layer security from the outset. This ensures that systems and services hosted in Oracle Cloud are secured against many of the flaws and weaknesses that have affected other providers.

Zero Trust as standard

At the heart of Oracle security is the concept of ‘zero trust’ – no application, connection or user is permitted access to any resource until their credentials and permissions have been checked and verified. This means that everything is denied access as the default unless explicitly allowed.

Because Oracle Cloud is built on a pure Oracle tech stack, hardware and software work together to enforce these security settings.

Four defence layers protect Oracle Cloud users

Effective cybersecurity requires a multi-layer approach, and Oracle apply four layers of security defence in the cloud:

1. Preventative controls that block unauthorised access to sensitive systems and data.

2. Detective controls that audit, monitor and report on activity to expose unauthorised system access or data changes.

3. Automated controls that prevent, detect and respond to security updates that are highlighted by Oracle.

4. Administrative controls that apply and enforce security policies, standard, practices and procedures.

Working together, these four layers offer proactive and reactive responses to potential security issues.

Four other security features of the Oracle Cloud

Providing defence in depth goes beyond the tech stack too. Oracle employ four layers to provide 360º protection for customer data:

1. People – 38,000 developers and engineers trained to Oracle’s rigorous coding standards. A further 10,000 customer support specialists are on hand to assist with problems and queries

2. Process – Security policies have been formulated to govern people, technology and physical data centre assets. These include OSSA methodology to enforce secure coding standards along with support for other open standards like OAuth, System for Cross-domain Identity Management (SCIM) and more.

3. Technology – Cutting-edge tools that ensure security is enforced across IaaS, PaaS and SaaS, from server CPU to application layers. These safeguards include high customer isolation secure cloud architecture, data encryption and redaction, ML and AI for automated threat discovery and more.

4. Physical – Multi-layered physical defences to prevent unauthorised people from accessing cloud systems. Each Oracle Cloud data centre features Tier-3 redundancy, physical access controls on site (including access cards and biometrics) and surveillance alerts to detect unauthorised ingress or power supply issues.

By combining these eight factors, Oracle has created a cloud platform that is hardened against current and future attacks at every level. From encrypted data entering the CPU to the ports located on the back of the physical server, Oracle Cloud is designed to restrict access to authorised users and services.

To learn more about Oracle Cloud’s defence in-depth approach, and how it can help to keep your hosted operations safe and secure, please give the WTL team a call .

Shows opened padlock to represent security threat

Why automation will become the most reliable way of preventing, detecting, and mitigating security threats

Modern organisations are taking advantage of new and innovative technology, transforming their business operations, continuously improving efficiencies, delivering high levels of customer service, and unearthing new opportunities for products and services that wouldn’t have been conceivable 5-10 years ago. This transformation comes at a price however, and the same technologies used to drive businesses forward are also being deployed maliciously, primarily for financial gain (71% of data breaches were financially motivated, according to Verizon’s 2019 Data Breach Investigations Report) or to gain a strategic advantage. Businesses face greater numbers of security related events more frequently and in different guises than they did five years ago, with attacks on individuals using social channels becoming more prevalent. Alongside this, workforces are hypermobile, well used to downloading applications and accessing, storing and transmitting corporate data anywhere and on any device. In order to keep this edge data secure, businesses must now do more than simply protect against attacks, they must try and prevent them from happening in the first place, wherever the user happens to be and whatever device they happen to be using.

So how do you do that?

The first step is to identify genuine threats from the vast swathes of security incident data that is collected for analysis from a myriad of different sources. They are deliberately not easy to spot, and attackers will use next generation technologies such as AI to hide amongst legitimate traffic. However, some AI and machine learning driven security solutions can analyse massive amounts of data from across any number of data sources, using the power of the cloud to process the analysis right across the organisation, from the edge to the core.

Oracle is one such security solution, enabling businesses to secure modern hybrid clouds with a set of security and management cloud solutions, which draw on data gathered from logs, security events, external threat feeds, database transactions and applications. It uses AI and machine learning technology to detect malicious intentions, then automates the process of finding available security patches and applying them, and all without downtime.

In addition, Oracle’s automated services encrypt production data and enforce user controls, so you don’t have to do it manually.

As we’ve mentioned, to protect data from edge to core, organisations must implement a multi-layered strategy, and when using the cloud, don’t assume that all data protection responsibility lies with the cloud provider. Most cloud providers assume a shared responsibility model, where they offer assurances around the security of the data held on their infrastructure, but access to that data and SaaS data is usually the responsibility of the customer. Consider layering your security solutions to protect every layer of data and each access point, including a Cloud Access Security Broker and Identity Access Manager which will monitor, detect threats, automate the identity management process, sending alerts if anomalous behaviour occurs and remediate wherever possible, without the need for human intervention. Making this work across heterogenous technology on different platforms, on-premises, in the public cloud and in private clouds, is the trickiest part, but Oracle has got it absolutely spot on. Consider the manual alternative, thousands or even millions of security alerts coming into different management consoles, to be sifted through, users to be authorised and behaviour to be monitored and analysed, patches sought and applied and data to be encrypted. It doesn’t bear thinking about.

WTL offer a range cybersecurity solutions which employ next-generation features to ensure you remain one step ahead of the cybercriminals.

Useful Links

Verizon’s 2019 Data Breach Investigations Report

Oracle Cloud Essentials – Secure and Manage Hybrid Clouds

Oracle’s Top 10 Cloud Predictions 2019

Oracle Cloud – everything you need to know

Why Cloud?

It’s a well-publicised fact that cloud adoption is rising at a speedy rate, but why? Essentially, there are three main reasons customers adopt cloud. Firstly, they are looking at ways of reducing the cost and complexity of their on-premises infrastructure. Secondly they would like to accelerate IT delivery by using the cloud for specific projects and finally, they want to create versatile business models to gain a competition edge or disrupt the market.

We’ve all heard of the main public cloud providers, but Oracle Cloud is gaining popularity amongst enterprise customers for a number of reasons.

Why Oracle Cloud?

Oracle Cloud is a next-generation public cloud architected that has been designed specifically to run enterprise applications and databases. It is as elastic and flexible as the first-generation public clouds, but allows additional control, security, performance and predictability which rival those of an on premises deployment. In fact, alongside public cloud and hybrid cloud deployments, Oracle also offers an option called Oracle Cloud at Customer which allows customers to deploy Oracle cloud as a private cloud behind their own firewall.

Oracle’s native toolset enables developers to build their own next-generation, cloud native and mobile apps in the cloud, and allow them to run traditional enterprise apps alongside cloud native apps. Oracle cloud users can strip right back to the bare metal infrastructure to install the exact operating systems, middleware and databases they need.

The toolset includes migration tools to move existing apps to the cloud without the need to rearchitect the apps, even those that have been customised. With any migration we perform though, skilled consultants from WTL and Oracle are on hand for trickier applications.

High Performance

Customers with high performance computing workloads like crash tests, real time analytics, modelling insurance risks or testing new manufacturing materials can rest easy that Oracle cloud can handle the workloads. It offers powerful CPU options, massive memory capabilities and dense storage capacity.

High bandwidth, low latency networks connect servers to file, block and object storage resources making Oracle ideal for customers who need the highest levels of performance. In fact, it can perform up to 5 million I/O operations per second for the most demanding tasks.

But where could Oracle cloud be used to best effect? For customers looking for a DevTest cloud environment, Oracle cloud allows them to test new app versions, validate security patches and test cloud native architectures and features.

For customers using the cloud for production applications, the single tenant, high performance bare metal servers are ideal for high performance computing and are highly available because of the load balancing, real application clustering and multiple availability domains.

Some customers use Oracle cloud for their backup and DR processes, because of its built-in storage resiliency, availability and security and automated backup features.

Finally, Oracle is ideal for extending a serviceable on premises environment to the cloud, without decommissioning the legacy equipment. On premises infrastructure can be connect to the new cloud infrastructure with a VPN or FastConnect, for seamless movement between the two.

Security

With the use of cloud in enterprise computing comes much concern about security, so this is a key area of concern for Oracle. Users access Oracle cloud resources via Oracle Identity and Access Management technology which allows role-based access controls and granular allocation and auditing features. Access to specific cloud compartments can be granted per person, per project or per group, as needed for additional security.

The whole cloud infrastructure is built with security embedded at every level, and the whole environment is monitored and protected by a 24/7 network operation centre staffed by skilled security professionals.

All great features, but how is it different to first generation cloud vendor solutions? Oracle Cloud moves the virtualisation layer to the physical network, utilising what’s known as off box virtualisation and creating single tenant servers. Customers use a virtual cloud network which is isolated from other customers for added security.

Oracle cloud is not just great for Oracle applications, although of course it IS fully optimised to run Oracle enterprise databases and applications, it is ideal for any business running any mixed workloads, regardless of throughput or security requirements.

Useful Links

Oracle Cloud Infrastructure Purpose-Built for the Enterprise

Next-Generation Cloud Delivers Enterprise Scale