Tuesday, 03 December 2019 17:09

Oracle adding to Gen 2 cloud security features

By
Oracle Cloud Infrastructure CSO Eran Feigenbaum Oracle Cloud Infrastructure CSO Eran Feigenbaum

Oracle isn't resting on its laurels when it comes to the security of its cloud infrastructure.

Oracle has been promoting the security benefits of its second generation cloud infrastructure ever since CTO and chairman Larry Ellison announced it in October 2018.

More recently, Oracle EMEA and APAC senior vice president of systems and technology Andrew Sutherland said there is a pronounced hunger for such services among larger organisations in Australia, because they see the potential for competitive advantage.

Oracle's software is used on premises to protect some of the world's most sensitive applications, Oracle Cloud Infrastructure CSO Eran Feigenbaum told iTWire during a visit to Australia this week, but "Gen 1 cloud was built for a very different type of workload."

Earlier cloud architectures – by implication, those still used by Oracle's competitors – did not fully isolate customers from each other, or from the company providing the service.

So Oracle's Gen 2 cloud was built differently, he said.

Each machine includes separate hardware to run the control plane, and separate networks are used for customer data and control purposes. This makes it harder for intruders to jump between machines even if they are able to break out of the hypervisor, said Feigenbaum.

It also means Oracle is unable to see its customers' data – "you don't have to trust us," Ellison said in 2018.

A third independent network is used to replace all the firmware in a machine before it is used by a different customer. This approach not only protects customers from malicious peers, it also removes the possibility of supply chain vulnerabilities being exploited to introduce malicious firmware.

Although Feigenbaum didn't mention it, Oracle's recent SPARC processors include silicon secured memory, a hardware approach to preventing one thread from accessing memory currently allocated to another. Among other benefits, this helps avoid illegitimate access to in-memory data when two or more customers' applications are running on one physical machine.

Oracle is preparing to introduce two new security features – Cloud Guard and Maximum Security Zones – to its Gen 2 cloud in the coming months.

Feigenbaum described Cloud Guard as a built-in, machine-learning security operations centre that will watch for malicious activity and then alert affected customers and take action. For example, suspicious user behaviour such as logging in from an unlikely location or with a known-bad IP address might be locked out completely or required to use two-factor authentication.

The idea is to take action before it's too late, he said.

Maximum Security Zones are intended for an organisation's most critical information assets, said Feigenbaum. Among other features, data cannot be exposed to the internet.

Cloud storage inadvertently or deliberately left open has led to several significant security incidents involving organisations including Accenture, FedEx, HCL Technologies, the state of Oklahoma, and US health provider Sunshine Behavioural Health.

Maximum Security Zones also require the encryption of all data.

Once applications and data have been put into a Maximum Security Zone, they stay there. The feature cannot be turned off "otherwise that defeats the purpose," he said. But Oracle expects to provide a mechanism that will allow customers to migrate workloads, eg if they decide they should run on premises rather than in the cloud.

Both features are expected to go live in four to six months, Feigenbaum told iTWire.

"We're still finishing testing," he said, adding that this includes making sure that Cloud Guard detects and then takes the correct action against his red team's efforts to break into systems.

The new features will come at no additional cost. "Security should be a right, not something you have to pay for," said Feigenbaum.

"We're fundamentally changing the shared responsibility model" by taking on more responsibility through autonomous systems and always-on security, he said. "We need to make these things easier for customers."

"I think we've built something very unique... a cloud that is security-first."

So "Oracle Cloud Infrastructure is the place for your most critical [and secure] workloads," said Feigenbaum.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments