Unlike other hyperscalers, Oracle has built their cloud platforms to include multi-layer security from the outset. This ensures that systems and services hosted in Oracle Cloud are secured against many of the flaws and weaknesses that have affected other providers.
Zero Trust as standard
At the heart of Oracle security is the concept of ‘zero trust’ – no application, connection or user is permitted access to any resource until their credentials and permissions have been checked and verified. This means that everything is denied access as the default unless explicitly allowed.
Because Oracle Cloud is built on a pure Oracle tech stack, hardware and software work together to enforce these security settings.
Four defence layers protect Oracle Cloud users
Effective cybersecurity requires a multi-layer approach, and Oracle apply four layers of security defence in the cloud:
1. Preventative controls that block unauthorised access to sensitive systems and data.
2. Detective controls that audit, monitor and report on activity to expose unauthorised system access or data changes.
3. Automated controls that prevent, detect and respond to security updates that are highlighted by Oracle.
4. Administrative controls that apply and enforce security policies, standard, practices and procedures.
Working together, these four layers offer proactive and reactive responses to potential security issues.
Four other security features of the Oracle Cloud
Providing defence in depth goes beyond the tech stack too. Oracle employ four layers to provide 360º protection for customer data:
1. People – 38,000 developers and engineers trained to Oracle’s rigorous coding standards. A further 10,000 customer support specialists are on hand to assist with problems and queries
2. Process – Security policies have been formulated to govern people, technology and physical data centre assets. These include OSSA methodology to enforce secure coding standards along with support for other open standards like OAuth, System for Cross-domain Identity Management (SCIM) and more.
3. Technology – Cutting-edge tools that ensure security is enforced across IaaS, PaaS and SaaS, from server CPU to application layers. These safeguards include high customer isolation secure cloud architecture, data encryption and redaction, ML and AI for automated threat discovery and more.
4. Physical – Multi-layered physical defences to prevent unauthorised people from accessing cloud systems. Each Oracle Cloud data centre features Tier-3 redundancy, physical access controls on site (including access cards and biometrics) and surveillance alerts to detect unauthorised ingress or power supply issues.
By combining these eight factors, Oracle has created a cloud platform that is hardened against current and future attacks at every level. From encrypted data entering the CPU to the ports located on the back of the physical server, Oracle Cloud is designed to restrict access to authorised users and services.
To learn more about Oracle Cloud’s defence in-depth approach, and how it can help to keep your hosted operations safe and secure, please give the WTL team a call .