As nowadays customers are adopting cloud-based Infrastructure to deploy applications, it becomes necessary for the providers (like Oracle) to layout a highly secured and monitored environment for building and implementing the product. In order to do so, Oracle provides Cloud Access Security Broker (CASB).
This post covers:
- Overview of Oracle CASB
- Key Features of CASB
- Steps to Register application in CASB
- Benefits of using CASB
Overview Of Oracle CASB
Oracle provides CASB service for security monitoring of various services like VCN, Compartments, Compute, Databases, etc in Oracle Cloud Infrastructure (OCI). CASB in Oracle works over a compartment that means we need to specify a target compartment whose resources we want to be monitored.
Though we need to specify appropriate policies in CASB console in order to securely monitor the resources of destined compartments.
Key Features Of CASB
- Visibility: Provide visibility across OCI services like networking, compute, database, etc.
- Compliance: Monitoring & Reporting for the audit of various actions over services.
- Threat Protection: Automatic threat detection and risk prediction using Machine Learning.
- Data Protection: Protecting data stored in OCI
- Remediation: Automatic resolving threats.
CASB Cloud Services In OCI
- Policy Alerts: Alert and Notifying for a change in resources like Launch & termination of images, DB system, instances, etc.
- Security Controls: Securing resources from any irregularity like computing with public IP, LB with an Internet gateway.
- Threat Detection: Automatic threat detection and risk prediction using Machine Learning like IP Hopping, anomalies.
- Key Security Indicator Reports: Report generation for key security indicators like IAM changes.
- Export Data & Threat Remediation: Enterprise Integrations with SIEM or ITSM systems.
Note: OCI’s Objective is to deploy the functionality as quickly as possible on cloud and CASB’s Objective is to restrict exposing data, access, and control more than required.
Benefits Of Using CASB
- Continuous security monitoring of various resources in OCI.
- Automated unexpected behavior detection with policies.
- Risk Detection by continuous monitoring.
- Proactive actions against anomalies in OCI services.
Note: To know about the cost of using CASB depending on the various pricing models in Oracle click here.
Steps To Register Application In CASB
Note: Before registering Application in CASB for monitoring, we need to configure a user to CASB.
To follow the steps to configure the user to CASB click here.
Follow the below steps to register Application in CASB
1) Navigate to Platform Services in OCI Console and click Oracle CASB.
2) Select the OCI app from a list of apps and give a unique name to the instance.
3) Now we have to select the type of compartment that CASB monitors and then enter Tenancy OCID and User OCID.
- Tenancy: The root compartment that contains all of your organization’s compartments.
- Compartment under a registered Tenancy: Selecting a compartment from the tenancy that is already registered in CASB.
- Standalone Compartment: OCI compartment that is accessed directly, without first registering the OCI tenancy in Oracle CASB Cloud Service.
4) Click on Test Credentials and then Submit.
5) After some time we can see that the application is registered in CASB.
Note: Before deploying an application on CASB for monitoring we need to specify some policy.
To know more about specifying policy in CASB click here
Conclusion
As customers are moving from on-prem to cloud for deploying their applications, it becomes necessary for providers to give away a securely monitored environment in which they can deploy their applications. For this many services are provided by Oracle and one of them is CASB. In this post, I have covered Overview of CASB, Key Features & Benefits of CASB, and steps to register an application on CASB for monitoring.
I hope it will help you understand the concept of CASB in OCI.
CASB is also covered in our OCI Architect Professional [1z0-997] Certification training. To know more about this training click here.
Related/Further Readings
- Oracle Cloud Infrastructure 2019 Architect Professional | 1Z0-997
- [1Z0-997]Oracle Cloud Infrastructure (OCI) Architect Professional Certification: Step by Step Hands-On Lab
- KMS in OCI
- WAF in OCI
- Functions & Events in OCI
- Data Safe in OCI
Next Task For You
In our OCI Architect Professional [1Z0-997] Certification training, we cover CASB in OCI in Design for Security & Compliance module. In this module, we also cover the Security Overview, Identity & Access Management (IAM), Web Application Firewall (WAF), KMS, Data Safe.
For the list of Hands-On guide click here.
Leave a Reply