In this blog, we are talking about Security in Oracle Cloud Infrastructure. This topic comes under our training of [1Z0-1085] Oracle Cloud Infrastructure Foundations(OCI) for the training click on this link https://k21academy.com/1z0108503
We’ll look at the Shared Security Model, various OCI Security Services, Key Management, Networking Services, and WAF.
Oracle Cloud Infrastructure’s security approach is based on seven core pillars. Each pillar has multiple solutions designed to maximize the security and compliance of the platform.
- Customer Isolation
- Data Encryption
- Security Controls
- Visibility
- Secure Hybrid Cloud
- High Availability
- Verifiably Secure Infrastructure
Shared Security Model
In the Cloud, OCI security is a shared responsibility between OCI and the customer.
Oracle Manages Services:
- Virtualization: It provides a Virtual environment for the user to run another OS in the virtual environment in the same machine.
- Servers: It can be a data server, hosting server.
- Storage: It provides us data storage facility and working environment.
- Network Security: The Oracle Cloud Infrastructure Networking service offers a customizable private network (a VCN, or virtual cloud network) to customers, which enforces logical isolation of customer Oracle Cloud Infrastructure resources
User Manages Services:
- Applications: User can set up their work environment in these machines.
- Data: Save their data and backup it easily and perform CRUD operation.
- Runtime: These machines provide a runtime environment where we can use these machines through CLI (Command Line Interface) remotely(Eg: Ubuntu server, Debian 9 server).
- Middleware: In this, we can integrate our application and there is no bound of programming language.
- OS: User can install its working environment(Eg: the OS can run spring boot web application)
Security Services
- Identity and Access Management(IAM): Oracle only provides space for setup and the company is responsible for the access of data as employees have the permission to access data. It uses Multi-Factor Authentication(MFA)
- Workload Security: Oracle provides the latest security patch to the user. Customers configure OS according to their environment and Oracle is not responsible for any kind of security.
- Data classification and compliance: Customers manage their data according to their needs, the data can be image, text, etc.
- Network Security: Customers manage their hosts(VM, Virtual hosts) and oracle provides a secure network layer.
- Endpoint protection: When a customer sends data it will go in an encrypted form and it will be decrypted by the other customer using KEY. We will talk Key later in the blog.
- Physical security: Oracle does not allow anyone to enter in data rooms, in simple words Lock the room, as a result, no one can enter the room and nothing can be stolen.
Key Management
Key management is used to protect data. In Key Management we generate a key that is used to encrypt the data and decrypt the data. Keys are stored in Vault.
Vault is a kind of bucket that stores all the keys which we generate.
To know more about KMS and how to create a key https://k21academy.com/1z099716
Networking Services
There should be a network architecture in OCI for communication between different services. For this Virtual Cloud Network (VCN) is used in the OCI environment.
Components of Networking:
- Subnets
- Route Tables
- Internet Gateways
- Dynamic Routing Gateways (DRG)
- Security Lists
- DHCP Options
- Local Peering Gateways
- Service Gateways
For more about networking Components https://k21academy.com/oci18
WAF (Web Application Firewall)
WAF helps to protect Web Application and monitored HTTP traffic. It protects our web application from attacks such as file inclusion, SQL injection, DDOS attack, etc.
For more information regarding WAF https://k21academy.com/1z099713
Related/Further Readings
- 1Z0-1072 | Oracle Cloud Infrastructure 2019 Architect Associate
- 1Z0-932 V/S 1Z0-1072: Oracle Cloud Infra Architect Associate Certification
- Compartments in Oracle Cloud Infrastructure(OCI)
- Oracle Cloud (OCI) Dedicated Virtual Machine Hosts
- Oracle Cloud Infrastructure (OCI) Architect (1z0-932)Live Training
Next Task For You
Begin your journey towards becoming an Oracle Cloud Infrastructure Foundations 2020 Certified Associate by joining our Training on [1Z0-1085]Oracle Cloud Infrastructure Foundations.
Click on the image below to join FREE Masterclass on [1Z0-1085] OCI Foundations:
Leave a Reply