Oracle Cloud Guard and Oracle Maximum Security Zones Now Available
Pre-built tools automate threat response and quickly and efficiently reduce customers’ cloud security risk at no additional cost.
Oracle has announced the availability of Oracle Cloud Guard and Oracle Maximum Security Zones. With Oracle Maximum Security Zones, the firm is the first public cloud provider to activate security policy enforcement of best practices automatically from day one so customers can prevent misconfiguration errors and deploy workloads securely. For day-to-day operations, Oracle Cloud Guard continuously monitors configurations and activities to identify threats and automatically acts to remediate them across all Oracle Cloud global regions. With these capabilities, the company is the only cloud service provider to offer a cloud security posture management dashboard at no additional cost, with numerous pre-built tools that automate response to reduce customer risk quickly and efficiently.
Companies are moving more business-critical workloads to the cloud than ever before. The increase in cloud adoption has created new security “blind spots” that have contributed to more than 200 breaches over the past two years, exposing more than 30 billion records. Gartner forecasts that “through 2025, 99 percent of cloud security failures will be the customer’s fault.” Cloud users and administrators are now expected to know how cloud security services work, configure them correctly, and maintain their cloud deployments. Organisations that have experienced data breaches due to misconfigurations have suffered brand damage, recovery costs and fines. Oracle Maximum Security Zones and Oracle Cloud Guard embed decades of enterprise security expertise and best practices into the Oracle public cloud in an autonomous fashion, accelerating customers’ ability to ramp up to their cloud estate securely from inception.
“Security has been a critical design consideration across Oracle Cloud for years. We believe security should be foundational and built in, and customers shouldn’t be forced to make tradeoffs between security and cost,” said Clay Magouyrk, Executive Vice President, Oracle Cloud Infrastructure. “With Oracle Cloud Guard and Oracle Maximum Security Zones’ security automation and embedded expertise, customers can feel confident running their business-critical workloads on Oracle Cloud.”
Now available in all Oracle Cloud commercial regions, Oracle Cloud Guard acts as a log and events aggregator that directly integrates with all major Oracle Cloud Infrastructure services—Compute, Networking, Storage—and automatically implements unique components called targets, detectors, and responders. Targets set the scope of resources to be examined, such as compartments and their descendent structures within Oracle Cloud Infrastructure. Detectors identify issues with resources or user actions and alert when an issue is found, such as a TOR login or public bucket. Responders provide notifications and corrective actions to security problems by automatically stopping the instance, suspending the user, or disabling the bucket. As a result, Oracle Cloud Guard provides security administrators the cloud detect-and-response framework needed to lower the mean time to respond to security misconfigurations and scale out security operations centres.
Oracle Maximum Security Zones extends IaaS access management to restrict insecure actions or configurations using a new policy definition that applies to designated cloud compartments. This new Oracle Cloud Infrastructure service helps ensure resources are secure from inception by enforcing rigorous security best practices for highly sensitive workloads. Oracle Maximum Security Zones includes policies for several core Oracle Cloud Infrastructure Services, including Object Storage, Networking, Encryption, DBaaS, and File Storage.
These new services work in tandem to further Oracle’s second-generation public cloud, which is built with security as a critical foundation. Oracle Cloud is distinguished for bedrock design primitives, including high customer isolation, clean host hardware, default encryption, no downtime patching, and sophisticated data protection.