Oracle Adds Free Security Services to Public Cloud
Oracle today moved to address cloud security concerns by adding four additional free services to its Oracle Cloud Infrastructure (OCI) platform.
The Oracle Cloud Infrastructure Vulnerability Scanning Service (OCI VSS) provides a free service through which Oracle customers can identify unpatched vulnerabilities and open ports that is integrated with Cloud Guard, a free service for monitoring the security posture of applications deployed on OCI.
Oracle is also adding Cloud Infrastructure Web Application Firewall (OCI WAF) for Flexible Load Balancers which extends the reach of the firewall service Oracle provides to load balancers and unfurled Oracle Cloud Infrastructure Bastion (OCI Bastion), a managed service available on the free tier of OCI that employs secure and ephemeral Secure Shell (SSH) to gain access to the private resources in OCI.
Finally, Oracle is adding a free X.509 certificate service to manage certificates issued over transport layer security (TLS) connections. These certificates are backed by a FIPS 140-2 Level 3 Hardware Security Module (HSM).
Fred Kost, global vice president for cross platform, security and analytics at Oracle, said Oracle is making a stronger case for security services that are available at no extra cost as part of an effort to differentiate itself from larger cloud rivals. Now that organizations have embraced a multi-cloud computing strategy, more decisions concerning the placement of workloads will factor in the total cost of securing those workloads, noted Kost.
By addressing the security concerns of enterprise IT organizations, Oracle is addressing the cost of securing a cloud application environment via a set of services that can be easily invoked versus requiring IT teams to deploy and maintain additional security platforms themselves.
The core issue cybersecurity teams constantly encounter is that infrastructure resources provisioned by developers are often misconfigured. It’s not uncommon, for example, for cybercriminals to exfiltrate data through a port that was left wide open. Gartner, in fact, predicts that, through 2025, more than 99% of cloud breaches will have as their root cause preventable misconfigurations or some other mistake made by end users.
In theory, developers are embracing DevSecOps best practices to better secure cloud environments in the hope of reducing or eliminating vulnerabilities. However, it’s still early days as far as DevSecOps is concerned, so the impact this shift might have thus far is, at best, limited. Cybersecurity teams should expect they will be held accountable for cloud security for some time to come.
So long as code is written by human beings, there is always going to be an opportunity for mistakes to be made. The goal should be to make it as easy as possible for developers to build secure applications without slowing down the rate at which those applications are built and deployed. Cybersecurity teams need to define policies and guardrails that developers can easily adhere to at a time when most application development projects are behind schedule. If the security processes are complex, it becomes relatively simple for developers to make expedient decisions that are one day likely to prove catastrophic.
