Oracle Cloud Infrastructure Security Architecture

Oracle Cloud Infrastructure Security Architecture

Overview 

Oracle Cloud Infrastructure (OCI) is a next-generation infrastructure-as-a-service (IaaS) offering architected on security-first design principles. These principles include isolated network virtualization and pristine physical host deployment, which were previously difficult to achieve with earlier public cloud designs. With these design principles, OCI helps to reduce risk from advanced persistent threats.

Security-First Design 

As the cloud has become more common, security concerns have become more important. From its inception, Oracle Cloud Infrastructure prioritized solving the security issues that grew out of first-generation clouds.

Oracle Cloud Infrastructure—Next-Generation Public Cloud

OCI is a complete IaaS platform. It provides the services needed to build and run applications in a highly secure, hosted environment with high performance and availability. Customers can run the Compute and Database services on bare metal instances, which are customer-dedicated physical servers, or as virtual machines (VM) instances.

Platform Security 

Oracle designed Oracle Cloud Infrastructure architecture for security of the platform through isolated network virtualization, highly secure firmware installation, a controlled physical network, and network segmentation.

Isolated Network Virtualization

Central to the OCI design is isolated network virtualization, which greatly reduces the risk from the hypervisor. 

The hypervisor is the software that manages virtual devices in a cloud environment, handling server and network virtualization. In traditional virtualization environments, the hypervisor manages network traffic, enabling traffic to flow between VM instances and between VM instances and physical hosts.

OCI reduces this risk by decoupling network virtualization from the hypervisor. Oracle has implemented network virtualization as a highly customized hardware and software layer that moves cloud control away from the hypervisor and host and puts it on its own network.

OCI reduces

Oracle Cloud Infrastructure Security Architecture

Hardware

A primary design principle of OCI is protecting tenants from firmware-based attacks. Threats at the firmware level are becoming more common, which raises the potential risks for public cloud providers. To ensure that each server is provisioned with clean firmware, Oracle has implemented a hardware-based root of trust for the process of wiping and reinstalling server firmware. Oracle uses this process every time a new server is provisioned for a tenant or between tenancies, regardless of the instance type.

Hardware

Physical Network

OCI’s physical network architecture adds a layer of defense to the network virtualization by further isolating customer tenancies and limiting the risk of threat proliferation. The physical network components are the racks, routers, and switches that form the physical layer of OCI.

The design of the physical layer is a simple, flat network connected to virtual ports on the virtual cloud network (VCN). This design reduces the complexity of managing allowed traffic paths and heightens the visibility of attempts to circumvent them.

Physical network

Oracle Cloud Infrastructure Security Architecture

Network Segmentation 

Oracle designed OCI’s physical network for customer and service isolation. It’s segmented into enclaves with unique communications profiles. Access into and out of these enclaves is controlled, monitored, and policy driven.

Network isolation diagram

Operational Security 

Oracle maintains a large workforce of security professionals who are dedicated to ensuring the security of Oracle Cloud Infrastructure. Within the workforce, several teams are responsible for securely developing, monitoring, testing, and assuring compliance with regulations and certification programs.

operational security

Conclusion 

Oracle Cloud Infrastructure puts the security of critical workloads at the center of our next-generation public cloud. For customers running security-sensitive workloads, such as financial applications or citizen service applications, Oracle Cloud Infrastructure provides a security-first architecture that reduces the risk and attack surfaces commonly associated with first-generation clouds. Oracle has built security features and controls into the architecture, data-center design, personnel selection, and the processes for provisioning, using, certifying, and maintaining Oracle Cloud Infrastructure. Oracle Cloud Infrastructure is a modern public cloud built for the world’s most critical data with the highest security requirements.

Leave a Reply

Retype the CAPTCHA code from the image
Change the CAPTCHA codeSpeak the CAPTCHA code
 

SOAIS - Worksoft Newsletter

To view on your browser, click here
Facebook Twitter LinkedIn
Dear Default Value,
 

Welcome to SOAIS Newsletter of September 2021!

Continuous Testing with Remote Execution
 
The speed of innovation continues to increase, driving rapid and relentless change for today’s ever-evolving IT landscapes, creating greater risk as IT and business teams scramble to ensure timely delivery. How can your organization keep pace? Test more, worry less. With Worksoft’s Connective Automation Platform, you can easily build and maintain automated tests, accelerating testing time without losing scope or volume. You can schedule and execute remote, continuous tests to intercept defects sooner and prioritize remediation - without sacrificing your nights and weekends. Explore how continuous test automation and remote execution can empower your organization.

Click here to connect with us to get more information on our services.
 

Skip Costly Rework with Dynamic Change Resiliency​

Change resiliency is imperative in ever-evolving IT environments. Our patented object action framework streamlines change management by assigning object definitions to your shared assets. The same object may be used in a thousand automation steps, but it can be easily updated by making one simple change to the model definition. The change automatically propagates to every single instance where that object may have been used without a single line of code or manual human involvement. For more change readiness you can also engage our Impact Analysis for SAP to predict how changes in SAP transports will affect your business processes. 

Please click here to watch the video to get a gist.
 

SOAIS Blog – Nuts and bolts of Certify Database Maintenance​

One of the key thing, which is often missed by the organizations, who have invested in using Worksoft Certify for automating their Business Process Validation initiatives, is implementing a Database Maintenance Plan. While the business and the test automation consultants get excited about the shiny new thing that they have got and start building the regression suite; planning and executing a database maintenance plan for most of the customers gets pushed down the priority list. However, since all the test assets in Certify are stored in a Database, a robust database maintenance plan is very important to maintain smooth operation of Certify with acceptable performance criteria. The customers usually start facing issues once they have built significant number of Certify processes which they have started executing on regular basis. Such executions add a lot of data to the tables storing results data and increase the overall size of the Certify database.

Please click here to read the complete blog.
 

Worksoft Blog – Process Intelligence: A Multi-Dimensional Approach

The ability to extract process knowledge has become easier through the years. Technology has evolved to the point where we can deploy capabilities that connect at multiple levels to extract different types of process insight. In the past, organizations were forced to spend enormous energy extracting data manually from different applications and databases. Then, they would have to use things like spreadsheets to transform the data and convert it into meaningful information. 

Please click here and read the complete blog.
 
India
Unit 9, Level 5, Navigator, ITPL,
Bangalore - 560 066.
Phone: +91 80 40071234
US
Suite 101, 1979, N Mill St,
Naperville, IL 60563
Phone 1-800-262-2427
Please click here to Unsubscribe / Unsubscribe Preferences

Leave us your info