Oracle is broadening the range of built-in and add-on cybersecurity features in Oracle Cloud Infrastructure. Oracle said the new features are intended not only to simplify management but also to address the problem misconfiguration and user error that Gartner Inc. has asserted will be responsible for more than 99% of cloud breaches over the next four years.
The new features complement the Oracle Cloud Guard and Oracle Security Zones the database giant announced in September 2020 that aggregate events across all of Oracle Cloud’s main infrastructure services and provide pre-configured, hard-coded security policies.
OCI WAF for Flexible Load Balancers helps protect web applications from malicious internet traffic. Protections can be applied directly to the Flexible Load Balancer on both public and private instances to protect them from the common web vulnerabilities as identified by the Open Web Application Security Project’s list of the top 10 vulnerabilities. Previously, the balancers and firewalls had to be set up and configured separately to handle both north-south and east-west traffic.
OCI Vulnerability Scanning Service helps cloud customers identify and address risks from unpatched vulnerabilities and open ports by assessing and monitoring cloud hosts. The feature is integrated with Cloud Guard for rapid vulnerability identification and is available to all OCI customers at no additional cost. It will scan open ports and checks against open-source vulnerabilities and databases to score and issue alerts on a single pane of glass
OCI Bastion provides restricted and time-limited secure access to resources that don’t have public endpoints and require strict resource access controls. It’s a fully managed service that enables secure and ephemeral Secure Shell access to the private resources in OCI. Bastions are used by sophisticated customers to safely track who can get access to cloud resources. Maintaining those sessions becomes a big security hole, so these are essentially bastions-as-a-service that you can gate and audit
OCI Certificates is a new cloud certificate service based on the International Telecommunications Union’s X. 509 standard. It enables tenants to create private certificate authority hierarchies and transport layer security certificates easily and to deploy them to integrated services such as the load balancer and application program interface gateway. Oracle said the service simplifies an often long and confusing process of creating and managing authorities and certificates.
Cloud infrastructure providers hew fast to the shared responsibility model that requires customers to manage security for their own operating system instances, applications and data, he said, Oracle is trying to make it easier for them to avoid common errors without relieving them of responsibility.