OCI — Securing Enterprise Workload

In this article, I have shared the Important notes , best practices and security product and services to design, implement and securing the Enterprise Workload in OCI.

Cloud Security Services
https://www.oracle.com/in/security/cloud-security/

Oracle Cloud Security Practices
https://www.oracle.com/corporate/security-practices/cloud/

Oracle Cloud Infrastructure Security Architecture
https://www.oracle.com/a/ocom/docs/oracle-cloud-infrastructure-security-architecture.pdf

Approaching Zero Trust Security with Oracle Cloud Infrastructure
https://www.oracle.com/a/ocom/docs/whitepaper-zero-trust-security-oci.pdf

Shared Security Model & Security Pillar Capabilities
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/security.htm

Security Guide
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Security/Concepts/security_guide.htm

Security Strategy
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/security-strategy.htm

OCI Security Design: Quick Links
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/quick-links-security.htm

Security checklist for Oracle Cloud Infrastructure
https://docs.oracle.com/en/solutions/oci-security-checklist/index.html

Oracle Enterprise Landing Zone
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/oelz.htm

Oracle Database Security Guide
https://docs.oracle.com/en/database/oracle/oracle-database/21/dbseg/index.html

High Availability
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/high-availability.htm

Disaster Recovery
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/cloud-adoption-framework/disaster-recovery.htm

Oracle Cloud Security Testing Policies
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Security/Concepts/security_testing-policy.htm

Oracle Security Partners - OCI Marketplace
https://cloudmarketplace.oracle.com/marketplace/oci?category=security

Oracle Cloud Security blog
https://blogs.oracle.com/cloudsecurity/

Monitor the OCI Regions 
https://ocistatus.oraclecloud.com/

Fight against bad guy…

Oracle Solutions

OCI Identity and Access Management
https://www.oracle.com/in/security/cloud-security/identity-cloud/
Manage user access and entitlements for Oracle Cloud Infrastructure (OCI) and 
across a wide range of cloud and on-premises applications using a cloud native,
identity as a service (IDaaS) platform. Oracle offers a unified cloud identity 
solution that centers user identity as the security perimeter and helps 
organizatios pursue a zero trust strategy.

Oracle Key Vault
https://www.oracle.com/in/security/database-security/key-vault/
Oracle Key Vault securely stores encryption keys, Oracle Wallets, Java KeyStores,
credential files, and other secrets with a scalable, fault-tolerant cluster that 
supports the OASIS KMIP standard and deploys on-premises and in the cloud.

Key Management with OCI Vault
Centrally manage and maintain control of the encryption keys and secret credentials.
https://www.oracle.com/in/security/cloud-security/key-management/

Certificates
https://www.oracle.com/in/security/cloud-security/ssl-tls-certificates/
Easily create, deploy, and manage Secure Sockets Layer/Transport Layer Security (SSL/TLS) 
certificates available in Oracle Cloud. In a flexible Certificate Authority (CA) 
hierarchy, Oracle Cloud Infrastructure Certificates helps create private CAs to
provide granular security controls for each CA. Automatically deploy SSL/TLS certificates 
to integrated services such as the load balancer or API gateway, and avoid error-prone 
manual certificate management processes with a service to automatically monitor
and renew the certificates.

Bastion
https://www.oracle.com/in/security/cloud-security/bastion/
Provide restricted and time-limited secure access to resources that do not 
have public endpoints and require strict resource access controls. 
Examples include compute instances, bare metal and virtual machines, 
MySQL, ATP, OKE, and any other resource that allows Secure Shell Protocol (SSH) 
access. With Oracle Cloud Infrastructure (OCI) Bastion service, customers can 
enable access to private hosts without deploying and maintaining a jump host. 
In addition, customers gain improved security posture with identity-based 
permissions and a centralized, audited, and time-bound SSH session. 
OCI Bastion removes the need for a public IP for bastion access, 
eliminating the hassle and potential attack surface from remote access.

Oracle Web Application Firewall (WAF)
https://www.oracle.com/in/security/cloud-security/web-application-firewall/
Protect applications from malicious and unwanted internet traffic with a 
cloud-based, PCI-compliant, global web application firewall service. By 
combining threat intelligence with consistent rule enforcement on Oracle 
Flexible Load Balancer, Oracle Cloud Infrastructure Web Application Firewall 
strengthens defenses and protects internet-facing application servers and 
internal applications.

Network Firewall
https://docs.oracle.com/en-us/iaas/Content/network-firewall/home.htm
Network Firewall is a next-generation managed network firewall and intrusion 
detection and prevention service for your Oracle Cloud Infrastructure virtual 
cloud network (VCN), powered by Palo Alto Networks®.

Cloud Access Security Broker (CASB)
https://www.oracle.com/in/security/cloud-security/casb-cloud/
Gain visibility and detect threats on the entire cloud stack for workloads and 
applications with Oracle CASB.

Access Governance
https://www.oracle.com/in/security/cloud-security/access-governance/
Access Governance is a cloud native identity governance and administration (IGA) 
service that provides enterprisewide visibility to govern access to cloud and 
on-premises environments. With an intuitive user experience and an automated 
access review process, it helps customers get insights into access permission 
and cloud infrastructure policy reviews to identify anomalies and remediate 
security risks.

Cloud Guard
https://www.oracle.com/in/security/cloud-security/cloud-guard/
Gain a unified view of cloud security posture across Oracle Cloud Infrastructure 
customer tenants. Oracle Cloud Guard, including the new Threat Detector, detects 
misconfigured resources, insecure activity across tenants, and malicious threat 
activities and provides security administrators with the visibility to triage 
and resolve cloud security issues.

Vulnerability Scanning
https://www.oracle.com/in/security/cloud-security/vulnerability-scanning-service/
Eliminate risk from new, unpatched vulnerabilities and open ports by assessing 
and monitoring cloud instances. Oracle Cloud Infrastructure (OCI) Vulnerability
Scanning Service gives development teams the confidence to develop their code 
on instances with the latest security patches and helps ensure a smooth transition 
to building production code. Used with Oracle Cloud Guard, operations teams gain 
a unified view of all instances to quickly remediate any open ports or patch unsafe 
packages discovered by the Vulnerability Scanning Service.

Threat Intelligence Service
https://www.oracle.com/security/cloud-security/threat-intelligence-service/
Provides integrated, actionable threat intelligence to Oracle Cloud Guard and 
the newly-launched Oracle Cloud Guard Threat Detector to help protect your 
critical resources in Oracle Cloud.

Data Safe
https://www.oracle.com/in/security/database-security/data-safe/
Oracle Data Safe empowers organizations to understand data sensitivity, 
evaluate data risks, mask sensitive data, implement and monitor security 
controls, assess user security, and monitor user activity-all in a single, 
unified console. These capabilities help to manage the day-to-day security 
and compliance requirements of Oracle Databases, both on-premises and in 
the cloud.

Oracle Audit Vault and Database Firewall
https://www.oracle.com/in/security/database-security/audit-vault-database-firewall/
Oracle Audit Vault and Database Firewall is a comprehensive and scalable 
solution for database auditing and network-based activity monitoring. 
It analyzes and reports on user activities to help detect attacks and 
meet compliance requirements.

Oracle Autonomous Linux
https://www.oracle.com/in/linux/autonomous-linux/
Eliminate complexity and human error to reduce cost, increase security and 
availability. The first and only autonomous operating environment, Oracle 
Autonomous Linux runs on Oracle Cloud Infrastructure (OCI) and provides 
Red Hat Enterprise Linux application compatibility.

Autonomous Database
A fully automated database service that makes it easy for all organizations to 
develop and deploy application workloads regardless of complexity, scale, or 
criticality. Oracle Autonomous Database’s converged engine supports diverse 
data types, simplifying application development and deployment from modeling 
and coding to ETL, database optimization, and data analysis. 
With machine learning–driven automated tuning, scaling, and patching, 
Autonomous Database delivers the highest performance, availability, and 
security for OLTP, analytics, batch, and Internet of Things (IoT) workloads. 
Built on Oracle Database and Oracle Exadata, Autonomous Database is available 
on Oracle Cloud Infrastructure (OCI) for shared or dedicated deployments as 
well as on-premises with Oracle Exadata Cloud@Customer and OCI Dedicated Region.

Zero Data Loss Recovery Appliance
Engineered data protection solution that helps eliminate Oracle Database data loss exposure throughout an organization.
https://www.oracle.com/in/engineered-systems/zero-data-loss-recovery-appliance/

OCI ZDLRS — Zero Data Loss Autonomous Recovery Service
https://medium.com/@hiteshgondalia/oci-zdlrs-zero-data-loss-autonomous-recovery-service-877de9acb9e0

OCI ZRCV — The new backup destination for ExaCS is far better than ever before available options.
https://medium.com/@hiteshgondalia/oci-zrcv-the-new-backup-destination-for-exacs-is-far-better-than-ever-before-available-options-8079ec994258

OCI - FSDR, Full Stack Disaster Recovery
https://medium.com/@hiteshgondalia/oci-fsdr-full-stack-disaster-recovery-c47498d3bb93

OCI - Full Stack DR Live Demo
https://medium.com/@hiteshgondalia/oci-full-stack-dr-live-demo-edbc6e4d17f9

Protect your data at 360 degree.

Ransomware Attack Prevention Checklist – 2023
https://cybersecuritynews.com/ransomware-attack-prevention-checklist/?amp

Coping with the ransomware threat
https://blogs.oracle.com/security/post/ransomware

Protecting your most valuable assets from ransomware
https://blogs.oracle.com/cloud-infrastructure/post/protecting-your-most-valuable-assets-from-ransomware

CISO Perspectives: Protecting your OCI Tenancy Against Ransomware Attacks
https://www.ateam-oracle.com/post/ciso-perspectives-protecting-your-oci-tenancy-against-ransomware-attacks

CISO Perspectives: Detecting Malicious Activity and Signs of an Attack against your OCI Tenancy
https://www.ateam-oracle.com/post/ciso-perspectives-detecting-malicious-activity-and-signs-of-an-attack-against-your-oci-tenancy

CISO Perspectives: Advanced Cyber-Resilience in OCI – Recovery from Ransomware Style Threats
https://www.ateam-oracle.com/post/cyber-resilience-ransomware-recovery

Mitigate Ransomware Attacks & Protect your data with Oracle Cloud
https://www.linkedin.com/pulse/mitigate-ransomware-attacks-protect-your-data-oracle-cloud-sathya-ag/

Hope you found the article useful. Please Subscribe or Follow me (https://medium.com/@hiteshgondalia ) on my medium account to receive notifications for upcoming articles.

Disclaimer: The views expressed on this document are my own and do not necessarily reflect the views of Oracle.