Oracle Cloud Guard, Maximum Security Zones now available
Oracle on Monday announced the availability of two cloud security tools that are deeply integrated into the Oracle Cloud infrastructure. The two offerings -- Oracle Cloud Guard and Maximum Security Zones -- are designed to simplify cloud security management and align with Oracle's focus of bringing more automation to the cloud.
Maximum Security Zones enable customers to protect sensitive data with pre-configured security policies, which can't be changed for any reason. The idea is to prevent organizations from opening themselves up to breaches based on misconfiguration errors. As the name suggests, Maximum Security Zones will offer strict configurations, while Oracle plans to offer less stringent Security Zones later.
Even if a cloud environment is configured appropriately at the outset, it may suffer from "configuration drift," noted Fred Kost, Oracle's VP of Security and Analytics. For instance, a developer may change the configuration for testing but forget to change it back -- a simple human error that could have significant consequences.
"If your data's really that important, we're going to prevent that scenario from ever happening," Kost said.
Meanwhile, Oracle Cloud Guard is a cloud security posture management dashboard built directly into the Oracle Cloud console. It continuously monitors configurations and activities to identify threats and automatically acts to remediate them.
Oracle Cloud Guard
Cloud Guard is now available in all Oracle Cloud commercial regions. It integrates with all major Oracle Cloud Infrastructure services -- compute, networking and storage. It also allows customers to assess the security of their Oracle SaaS and cloud database services. Because Cloud Guard is part of the Oracle Cloud Infrastructure platform, it offers better insights and more control than a third-party product would, Kost said.
Both Cloud Guard and Maximum Security Zones are offered to Oracle Cloud customers at no extra cost. "We don't believe [there] ought to be a trade-off between being secure and saving money," Kost said.
The idea behind both services is to simplify security tooling and reduce the risk of human error. According to Gartner, 99 percent of cloud security failures over the next five years will be the customer's fault. That's typically because those customers are "new to cloud, or don't understand configurations, or there's a lot of tool complexity," Kost said.
Since introducing Oracle's second-generation cloud infrastructure, co-founder and CTO Larry Ellison has stressed how more autonomous cloud services can deliver more security by eliminating the need for human interference. He's repeatedly cited the massive Capitol One data breach disclosed last year, which was the result of a configuration vulnerability.