Oracle Pushes More Automation Into Cloud Security

Oracle updated its security portfolio with three new cloud services that focus on automation and eliminating cloud misconfigurations.

The vendor has always taken a data-defense approach to security in large part because customers needed to protect their Oracle Database workload. This originally meant on-premises, data center security.

“But with the growth of cloud and the development of our own cloud, the announcements today come at a point where we have customers moving critical workloads to cloud, and they are looking for help” securing those Oracle Cloud workloads, said Fred Kost, VP of product marketing for security at Oracle.

The way Oracle addresses this, he added is “automation, and always-on protection” across its cloud security portfolio.

The three new cloud services are called are Data Safe, Cloud Guard, and Maximum Security Zones. Together they gather telemetry from across the Oracle Cloud environment and flag misconfigurations, anomalous behavior, and security risks. They then use automation to respond to these threats.

Data Safe is a unified control center for automating database security. It monitors database activity, discovers sensitive data, and masks databases to minimize risk. Data masking, Kost explained, is a way to hide the original data. “If you are going to use the data and perhaps you are sharing it with another application, you can mask the actual database, or the social security numbers, or other really sensitive data,” he said.

The Oracle Autonomous Database always has always-on encryption and self-patching, so this new capability extends that focus on automating security controls, Kost said.

Oracle Cloud Guard, Maximum Security Zones

Cloud Guard provides a centralized security approach across all of a customer’s Oracle environments. This new product continuously collects data from the infrastructure and application stack, including audit logs, Data Safe, Oracle OS Management Service, as well as third-party products like firewalls. It analyzes this data, detects threats and misconfigurations automatically, and then it can mitigate those security threats without requiring human oversight, according to the vendor.

And finally, Oracle today introduced cloud Maximum Security Zones. Like the name implies, these are pre-configured secure enclaves within a customer’s Oracle cloud environment. Oracle pre-configures the settings and automatically prevents configurations changes. Meanwhile, it continuously monitors these zones and blocks anomalous activities.

“In some clouds, yes, you’ve got lots of [security] options, but it’s hard to know what to do. There’s room for lots of errors,” Kost said. With Maximum Security Zones in Oracle Cloud, “we’ll do more of that configuration and lock it down so the customer doesn’t have to worry about that.”

This includes pre-configuring other Oracle security product like its web application firewall and its identity and access management services, Kost added. But it can also extend to “very specific things like IP ranges that I might allow, or do I allow any outside IP range to access my resources. A lot of those capabilities are there today, but we’re going to automate it to reduce the risk of these misconfiguration errors.”

Setbacks Heading Into OpenWorld

Oracle announced the new security capabilities on day one of its OpenWorld conference in San Francisco. But this year’s annual event comes at a tough time for the company, which last Wednesday unexpectedly released its fiscal 2020 first quarter earnings a day early. Revenue fell short of Wall Street’s expectations.

And, more importantly, the company announced that co-CEO Mark Hurd would take a leave of absence for unspecified health reasons. This spooked investors and Oracle shares fell 4.3% on Thursday.

Source: sdxcentral