cloud based solutions birmingham

Understanding Oracle Cloud Security

Unlike other hyperscalers, Oracle has built their cloud platforms to include multi-layer security from the outset. This ensures that systems and services hosted in Oracle Cloud are secured against many of the flaws and weaknesses that have affected other providers.

Zero Trust as standard

At the heart of Oracle security is the concept of ‘zero trust’ – no application, connection or user is permitted access to any resource until their credentials and permissions have been checked and verified. This means that everything is denied access as the default unless explicitly allowed.

Because Oracle Cloud is built on a pure Oracle tech stack, hardware and software work together to enforce these security settings.

Four defence layers protect Oracle Cloud users

Effective cybersecurity requires a multi-layer approach, and Oracle apply four layers of security defence in the cloud:

1. Preventative controls that block unauthorised access to sensitive systems and data.

2. Detective controls that audit, monitor and report on activity to expose unauthorised system access or data changes.

3. Automated controls that prevent, detect and respond to security updates that are highlighted by Oracle.

4. Administrative controls that apply and enforce security policies, standard, practices and procedures.

Working together, these four layers offer proactive and reactive responses to potential security issues.

Four other security features of the Oracle Cloud

Providing defence in depth goes beyond the tech stack too. Oracle employ four layers to provide 360º protection for customer data:

1. People – 38,000 developers and engineers trained to Oracle’s rigorous coding standards. A further 10,000 customer support specialists are on hand to assist with problems and queries

2. Process – Security policies have been formulated to govern people, technology and physical data centre assets. These include OSSA methodology to enforce secure coding standards along with support for other open standards like OAuth, System for Cross-domain Identity Management (SCIM) and more.

3. Technology – Cutting-edge tools that ensure security is enforced across IaaS, PaaS and SaaS, from server CPU to application layers. These safeguards include high customer isolation secure cloud architecture, data encryption and redaction, ML and AI for automated threat discovery and more.

4. Physical – Multi-layered physical defences to prevent unauthorised people from accessing cloud systems. Each Oracle Cloud data centre features Tier-3 redundancy, physical access controls on site (including access cards and biometrics) and surveillance alerts to detect unauthorised ingress or power supply issues.

By combining these eight factors, Oracle has created a cloud platform that is hardened against current and future attacks at every level. From encrypted data entering the CPU to the ports located on the back of the physical server, Oracle Cloud is designed to restrict access to authorised users and services.

To learn more about Oracle Cloud’s defence in-depth approach, and how it can help to keep your hosted operations safe and secure, please give the WTL team a call .

Data Management Assessment West Midlands

3 Security Issues That Will Affect Your Digital Transformation Outcomes

Digital transformation is supposed to make business faster and more efficient. But if those changes come at the expense of security, any gains made could quickly be reversed.

According to research by HPE, those businesses that achieve a successful operating model have security built into the very foundation of their transformation model. Their security efforts are focused on three key areas:

1. Risk and compliance

Infrastructure as Code methodologies has evolved with the specific goal of accelerating development. The software development pipeline can be automated, allowing new applications and code to be delivered quickly.

For digital leaders, the pipeline is accompanied by a robust logging and monitoring solution that automatically scales alongside their environment. This allows them to embed security into their processes and to assess compliance with necessary protocols – without decreasing development velocity.

Leaders’ systems continuously monitor the production environment, conducting compliance and pipeline checks and automatically notifying stakeholders of issues that require remediation.

2. Security controls

Traditional security controls do still work in the cloud – but the way they are implemented must change. On-premise tools, however, do not work because they are not designed for use in a hybrid or cloud-native estate.

HPE cites the example of endpoint security, where locally installed anti-malware periodically updates itself from a central repository. In the cloud, where machine images spin up and down as required (sometimes for just a matter of minutes), this model does not work because the updates do not complete in that narrow timeframe. This leaves elements of the environment unprotected because they do not keep pace with changes in the threat landscape.

Leaders apply their proven security controls using hybrid tools that can cope with the realities of the cloud model. They will also integrate these tools across their entire ecosystem, such as scanning container images at the end of the development pipeline to improve security compliance standards across the organisation.

3. Governance

The spin-up spin-down approach to resource usage may be completely different to the traditional three-tier data centre architecture, but the compliance requirements of your business do not change. Approaching governance using the same techniques as on-premise applications will create risk for your cloud environment.

Cloud transformation leaders understand the fundamental differences in approach and retrain their security teams accordingly. Rather than attempting to create a hardened perimeter that protects corporate resources, these organisations ensure their staff can think in terms of zero-trust operations that creates a network of secure devices.

How can you catch the leaders?

It is clear from the example of cloud transformation leaders that successful change is a combination of technology and culture. These organisations balance business objectives with risk objectives, ensuring that rapid development and deployment do  come at the cost of data security.

At the most basic level, leaders can put in place the people, processes and tool changes necessary to deliver compliant, consistent security across their hybrid estate. And it is precisely this balance that your business will need to achieve to contain risk in the cloud.

To learn more about building security into your cloud digital transformation strategy, please give the WTL team a call today.