Since mission critical resources are hosted in the cloud, the security of these resources is very important no matter where they are hosted.
Since the cloud architecture is different from traditional networks; companies must develop cloud security expertise for the respective cloud platforms and the security technologies around them.
The opportunity presented by the cloud also presents challenges.
As the number of security threats and data breaches increases, it is very difficult for any human being to manage the volume of risk and also due to the lack of skills.
The violation of Capital One, an Amazon Web Services (AWS) customer, revealed personal information such as transaction data, credit ratings, payment history, balances, and for some linked bank accounts, the social security numbers of 106 million people in the United States and Canada. .
According to FireEye's Mandiant Incident Response, most of the AWS intrusions encountered started with compromised credentials, usually in the form of an AWS access key or an identity and access management user password. .
An AWS access key consists of a unique public identifier and a corresponding (secret) private key, which is analogous to a user name and password, respectively. Used together, a user can request an application program interface (API) on AWS services or access the AWS environment through the AWS command line interface (CLI).
The CLI allows a user to modify and manage resources. Because keys are designed to allow applications to access an AWS environment, organizations generally do not apply multi-factor authentication.
In a Mandiant Incident Response case, the AWS access keys were compromised from a GitHub repository and used to access the victim's AWS environment.
“If Capital One was in the Oracle Gen 2 cloud infrastructure, the violation would not have occurred. From an Oracle perspective, we are eliminating the vast majority of this risk with the deployment of stand-alone capabilities from our database, ”said Steve Daheb, executive vice president of cloud and PaaS at Oracle. VPNOnlineFree Pro Middle East in an exclusive interview.
A stand-alone database is a cloud database that eliminates the complexity, human error and manual management associated with tuning, security, backups and updates of the database; tasks traditionally performed by database administrators.
Daheb said that most cloud providers are part of “first generation cloud technology” while Oracle has taken a step ahead in second generation cloud technology and architecture.
What sets Oracle apart from AWS and others, he said, is that it automatically fixes, manages, and eliminates human errors.
According to Gartner, until 2023, at least 99% of security failures in the cloud will be the fault of the customer.
“We think it's the role of the technology provider to do the integration work, whether it be through automation or through services and support,” said Daheb.
Advantages of the Gen 2 cloud
The main differences between generation 1 and generation 2 cloud are that generation 1 cloud places user code and data on the same computer as cloud control code with shared CPU, memory and storage, so that cloud providers can see user data during generation 2 The cloud places client code, data, and resources on a bare computer, while cloud control code resides on a separate computer with a different architecture.
“We designed our Gen 2 cloud to isolate workloads and autonomous operations.
Workload isolation means that you have separate computers that control user data and a completely separate set of control computers that perform processing, which means that Oracle cannot see user data and that no user can access the control data. So there will be no noisy neighbors, ”he said.
In addition, he said that many violations have occurred because the system has not been patched with the latest updates.
“We have deployed machine learning that can automatically detect and respond to potential threats. AWS infrastructure was architectured a long time ago and we were able to take a new approach in this regard. Compared to AWS, we have the highest performance and scalability [scaling up or down without rebooting the system] and security.
All encrypted by default
“In terms of security, scalability or performance, we win. We are more than 50% cheaper than other cloud providers. We never allow oversubscription. We are the only company to offer service level agreements on networking performance [SLAs] and block the storage performance SLAs, “said Daheb.
Rajpreet Kaur, senior analyst at Gartner, said security is always a shared responsibility.
“Only part of the infrastructure is managed by the cloud. The decision on how to make the data / applications / assets hosted in the cloud is the customer's decision and responsibility, “she said.
Daheb also echoed in the same tone that security is a shared responsibility and based on service level agreements.
“There are things that customers need to manage and things that we can do, and at the same time we also offer managed services that can also take care of customer faults. We have shipped everything that is encrypted by default compared to the others. The goal of autonomy is to reduce human error and that is what other cloud providers do not offer today, “he said.
Oracle's competitors offer the ability to automate scaling and backups, but Oracle offers a smart, self-managed database by eliminating human administrative access through the power of artificial intelligence and l machine learning with the aim of bringing a high degree of automation to current administration. Tasks.
Currently, to make fixes, Daheb said that customers must delete the applications, then the database, and after fixing, they must restart the operating system, restart the database and applications.
“From a practical point of view, a company has to hire a project manager. He has to contact the app people if they will accept the slowdown, and then he has to talk to the people in the database, ”he said.
Thus, the complete schedule of patches by an individual company is really expensive. So the company is exposed for a few months, he said.
Oracle has an IP address that allows it to patch the operating system in eight microseconds without shutting down the system.
Patching without downtime
“It is really important to make corrections without downtime. Oracle does this for the customer and not as an add-on. Oracle has a different approach to security, ”said Daheb.
When selecting a cloud provider, Daheb said customers should consider the structure of the cloud configuration, performance, security process, isolation, how to automate basic processing, and SLA directives .
Kaur said that adopting the cloud requires making several decisions along the way that must be regulated by previously agreed principles and policies.
“Such decisions include, which applications are good candidates for public cloud environments, which cloud provider (or suppliers) to use, which migration strategies for existing workloads or which environments to prioritize for new projects”, she said.
The efficient use of public cloud services requires the cooperation of several business specialists; She said and added that it was the responsibility of the security team to work with the areas of compliance, confidentiality and other associated risks to develop the organizational approval process for this increasingly ubiquitous IT model.
“A risk triage approach that properly sizes the assessment effort can only succeed with the support of managers and an agreed policy. The alternative is the unrealistic expectation that the security team will always deploy a comprehensive level of effort and provide incredibly precise answers, ”she said.
In addition, she said companies should focus on enabling native cloud security controls first and select cloud security technologies such as cloud access security broker (CASB), cloud management cloud security posture (CSPM) and / or cloud workload protection provider (CWPP) that covers hybrid cloud deployments or any remaining security gaps that native cloud security tools do not cover .
According to KuppingerCole Analysts AG, Oracle was named the world leader in database and big data security in 2019.
That's why Oracle's database and cloud infrastructure are well protected and encrypted, said Daheb.