Oracle Adds Services to Strengthen Cloud Security

Oracle today extended the security capabilities of its cloud platform by adding a managed firewall service based on the Next-Generation Firewall (NGFW) from Palo Alto Networks.

In addition, Oracle added a threat intelligence service to more easily aggregate and analyze data pertaining to cybersecurity threats, an Oracle Cloud Guard Threat Detector that identifies misconfigured resources, insecure activity and potential malicious threat activities and tools for monitoring the security posture of applications built using the Oracle Fusion application development platform.

Finally, Oracle has also added support for customer-defined policy sets and security posture monitoring via Oracle Cloud Guard to Oracle Security Zones, a set of cloud instances where security policies are automatically enforced by default.

Mahesh Thiagarajan, senior vice president for security and developer services for Oracle Cloud Infrastructure (OCI), said these latest extensions to the Oracle cloud platform are designed to ensure that developers don’t make security mistakes when provisioning cloud infrastructure. The bulk of the cloud security issues that organizations encounter today can be traced back to misconfiguration mistakes that developers made when they originally provisioned cloud infrastructure. Oracle is making a case for a set of cloud services that give an organization the option to enforce policies and create guardrails that prevent those mistakes from being made, said Thiagarajan.

In theory, more organizations are focusing on adopting a set of DevSecOps best practices as part of an effort to shift responsibility for cloud application security further left toward development teams. The challenge is that the level of cybersecurity expertise brought to bear by application development teams is always going to be uneven. It falls to cybersecurity teams to make certain the cloud platforms being used include a set of security services that ensure applications deployed on those platforms are as secure as possible.

It’s not clear, however, to what degree organizations are making security a factor when considering which cloud platform to use. Oracle is making a case for a more secure cloud platform that is selected by enterprise IT leaders rather than individual developers that often don’t have a high level of appreciation for security.

Ideally, the goal should be to enable developers to build and deploy secure applications without slowing down the rate at which they are constructed. Achieving that goal requires IT teams to bridge the long-standing cultural divide between cybersecurity teams and application developers that often view security controls as impediments to building applications. A recent spate of high-profile breaches involving software supply chains is in many cases finally providing the impetus to bridge that divide.

In the meantime, security teams are reviewing existing cloud platforms for vulnerabilities and misconfigurations. It may be a while before developers are able to address all those issues but, in time, cloud application environments will become more secure. The challenge, of course, is convincing developers to allocate the time required to fix those issues when, as a general rule, they would much rather be writing the code required to build and deploy other applications.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard