Oracle Cloud Infrastructure updates hone in on security
Oracle Cloud Infrastructure is getting a multifaceted security boost as the company seeks to gain ground against AWS, Microsoft and Google for enterprise IaaS workloads.
SAN FRANCISCO -- Oracle hopes a focus on advanced security can help its market-lagging IaaS gain ground against the likes of AWS, Microsoft and Google.
A new feature called Maximum Security Zones lets customers denote enclaves within their Oracle Cloud Infrastructure (OCI) environments that have all security measures turned on by default. Resources within the zones are limited to configurations that are known to be secure. The system will also prevent alterations to configurations and provide continuous monitoring and defenses against anomalies, Oracle said on the opening day of its OpenWorld conference.
Through Maximum Security Zones, customers "will be better protected from the consequences of misconfigurations than they are in other cloud environments today," Oracle said in an obvious allusion to recent data breaches, such as the Capital One-AWS hack, which have been blamed on misconfigured systems that gave intruders a way in.
“Ultimately, our goal is to deliver to you a fully autonomous cloud,” said Oracle executive chairman and CTO Larry Ellison, during a keynote.
“If you spend the night drinking and get into your Ford F-150 and crash it, that’s not Ford’s problem,” he said. “If you get into an autonomous Tesla, it should get you home safely.”
Oracle wants to differentiate itself and OCI from AWS, which consistently promotes a shared responsibility model for security between itself and customers. "We're trying to leapfrog that construct," said Vinay Kumar, vice president of product management for Oracle Cloud Infrastructure.
"The cloud has always been about, you have to bring your own expertise and architecture to get this right," said Leo Leung, senior director of products and strategy at OCI. "Think about this as a best-practice deployment automatically. … We're going to turn all the security on and let the customer decide what is ultimately right for them."
Holger MuellerVice president and principal analyst, Constellation Research.
Oracle's Autonomous Database, which is expected to be a big focal point at this year's OpenWorld, will benefit from a new service called Oracle Data Safe. This provides a set of controls for securing the database beyond built-in features such as always-on encryption and will be included as part of the cost of Oracle Database Cloud services, according to a statement.
Finally, Oracle announced Cloud Guard, which it says can spot threats and misconfigurations and "hunt down and kill" them automatically. It wasn't immediately clear whether Cloud Guard is a homegrown Oracle product or made by a third-party vendor. Security vendor Check Point offers an IaaS security product called CloudGuard for use with OCI.
Starting in 2017, Oracle began to talk up new autonomous management and security features for its database, and the OpenWorld announcements repeat that mantra, said Holger Mueller, an analyst at Constellation Research in Cupertino, Calif. "Security is too important to rely solely on human effort," he said.
OCI expansions target disaster recovery, compliance
Oracle also said it will broadly expand OCI's global cloud footprint, with the launch of 20 new regions by the end of next year. The rollout will bring Oracle's region count to 36, spread across North America, Europe, South America, the Middle East, Asia-Pacific, India and Australia.
This expansion will add multiple regions in certain geographies, allowing for localized disaster recovery scenarios as well as improved regulatory compliance around data location. Oracle plans to add multi-region support in every country it offers OCI and claimed this approach is superior to the practice of including multiple availability zones in a single region.
Oracle's recently announced cloud interoperability partnership with Microsoft is also getting a boost. The interconnect that ties together OCI and Azure, now available in Virginia and London, will also be offered in the Western U.S., Asia and Europe over the next nine months, according to a statement. In most cases, Oracle is leasing data center space from providers such as Equinix, according to Kumar.
SaaS vendors are another key customer target for Oracle with OCI. To that end, it announced new integrated third-party billing capabilities for the OCI software marketplace released earlier this year. Oracle also cited SaaS providers who are taking advantage of Oracle Cloud Infrastructure for their own underlying infrastructure, including McAfee and Cisco.
There's something of value for enterprise customers in OCI attracting more independent software vendors, an area where Oracle also lags against the likes of AWS, Microsoft and Google, according to Mueller.
"In contrast to enterprises, they bring a lot of workloads, often to be transferred from on-premises or even other clouds to their preferred vendor," he said. "For the IaaS vendor, that means a lot of scale, in a market that lives by economies of scale: More workloads means lower prices."