The News: Oracle is expanding the built-in security services and capabilities of Oracle Cloud Infrastructure (OCI) to help customers protect their cloud applications and data against emerging threats. Five new capabilities round out OCI’s existing security offering, including a new built-in and cloud-native firewall service and enhancements to Oracle Cloud Guard and Oracle Security Zones. These new capabilities target ensuring that organizations can secure their cloud deployments and applications with simple, prescriptive, and integrated services that in most cases, do not require additional investment. Read the Oracle Press Release here.
OCI Delivers New Security Capabilities that Fortify Cloud Apps and Data Against Emerging Threats
Analyst Take: OCI is expanding its cloud security capabilities to meet growing enterprise demand for multiple layers of protection that can help identify and rout emerging threats and security breaches swiftly. The new capabilities include:
- OCI Network Firewall is a cloud-native, managed firewall services that is powered by Palo Alto Networks VM-Series Next-Generation Firewall technology (NFGW).
- Oracle Threat Intelligence Service is developed to aggregate threat intelligence data across different sources and manages such data to provide actionable guidance for threat detection and prevention in Oracle Cloud Guard and other OCI services.
- Oracle Cloud Guard Threat Detector identifies misconfigured resources, insecure activity across customer environments, and potential malicious threat activities.
- Oracle Security Zones are expanded to support customer-defined policy sets and integrated security posture monitoring with Cloud Guard.
- Oracle Cloud Guard Fusion Applications Detector extends Oracle Cloud Guard beyond cloud security posture management for OCI to also monitor Oracle Fusion Cloud Applications and provide users with a consolidated view of security policies.
I see the five new security capabilities, including especially OCI Network Firewall, providing the cloud security differentiation needed to accelerate overall OCI sales and marketing cycles. Among the five new security capabilities, it is my understanding only the OCI Network Firewall requires additional investment and, as such, merits additional assessment.
For instance, through OCI Network Firewall’s flexible policy enforcement users can apply granular security rules on outbound, inbound (north-south), and lateral (east-west) traffic to both network and application workloads. The solution can be transparently inserted in the traffic path using virtual cloud network (VCN) routing rules and composed with other network functions such as OCI gateways and VCN subnets for security enforcement across arbitrary network topologies.
OCI Network Firewall also offers machine learning-powered capabilities to protect OCI workloads and flexibly consume on OCI. As an OCI native firewall-as-a-service, the solution enables customers to use firewall features without needing to manage and configure additional security infrastructure. The firewall inspects every request including transport layer security (TLS) encrypted traffic that traverses it and can enforce actions such as reject, drop, allow, intrusion detection, or prevention based on the user configured firewall policy rules.
With the OCI partnership, Palo Alto Networks gains a new feather in its marketing cap by enabling OCI to overcome the limitations of using physical firewalls to deliver consistent protection across entire networks and cloud fabrics. Palo Alto NGWFs already have a track record at enabling hyperscalers, such as AWS, to deliver an essential component of cloud security on an automated and integrated basis to organizations throughout their entire network including headquarters, office campuses, mobile and remote workforces, branch office, and data centers. Now OCI also counters the ability of AWS to use the Palo Alto NGFW technology as a cloud security differentiator.
From my view, additional key differentiators include Oracle Security Zone policies, which can act as security guardrails for resources and define allowable configurations, in contrast to people predicated IAM permission. Also, Oracle Cloud Guard Fusion Applications Detector provides pre-configured and customized configurations, promoted as “recipes,” to observe potential security violations in the applications. Since the recipes bundle best practices and lessons learned on a dynamic basis, I anticipate that the feature can make a difference at easing ecosystem-wide adoption of new OCI security capabilities.
Overall, I believe the five new OCI security capabilities fulfill ever-increasing organizational demand for cloud security solutions that improve the threat detection and prevention of their cloud applications and data across OCI. Plus, OCI now offers new security capabilities that counter and differentiate against the existing cloud security capabilities of key cloud rivals AWS, Azure, and Google Cloud. Let the competition intensify.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum Research as a whole.
Other insights from Futurum Research:
Image Credit: Oracle
Ron is an experienced research expert and analyst, with over 20 years of experience in the digital and IT transformation markets. He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including software and services, infrastructure, 5G/IoT, AI/analytics, security, cloud computing, revenue management, and regulatory issues. Read Full Bio.