Oracle Cloud Infrastructure Documentation

Deployment

Define robust security controls and implement standard configurations that let you securely deploy resources in the cloud.

Your organization is responsible for the secure deployment of your resources in the cloud, including platforms, applications, data, and governance. Use the examples in the following table as a starting point to develop the security controls for your organization.

Security Control Description
Identity and access management (IAM)

Protect your cloud access credentials and set up individual user accounts. Manage and review access for your own employee accounts and for all activities that occur under your tenancy. Oracle provides the required IAM services, such as identity management, authentication, authorization, and auditing.

Design your security approach based on zero trust principles:

  • Know your user service and device identities
  • Know the health of your users, devices, and services
  • Use policies to authorize requests
  • Authenticate and authorize everywhere
  • Focus your monitoring on devices and services
  • Do not trust any network, including your own
  • Choose services designed for zero trust
Workload security

Protect and secure the operating system and application layers of your compute instances from attacks and compromises. This protection includes patching applications and operating systems, ensuring that the operating system configuration is secure, and protecting your applications against malware and network attacks. Oracle provides secure images that are hardened and have the latest patches. Also, Oracle makes it simple for you to bring the same third-party security solutions that you use today.

Use the OS Management service to manage updates and patches for the operating system environment of your Linux and Windows compute instances.
Data classification and compliance Classify and label your data appropriately to meet compliance requirements. Audit and monitor your deployments and applications to ensure that they continue to meet your compliance obligations.
Host infrastructure security Securely configure and manage your compute (virtual machines, bare metal instances, containers), storage (object, local storage, block volumes), and platform (database configuration) services. Oracle has a shared responsibility with you to ensure that the service is optimally configured and secured. This responsibility includes hypervisor security and the configuration of the permissions and network access controls. Ensure that hosts can communicate correctly and that devices are able to attach or mount the correct storage devices.
Network security

Securely configure network elements such as virtual networking, load balancing, DNS, and gateways. Oracle is responsible for providing a secure network infrastructure.

Consider deploying tools such as perimeter-based firewalls, intrusion detection systems, and intrusion prevention systems.
Client and endpoint protection Your organization uses various hardware and software systems, such as mobile devices and browsers, to access your cloud resources. You are responsible for securing all clients and endpoints that you allow to access Oracle Cloud Infrastructure services.