[1Z0-1085]Security in Oracle Cloud (OCI)

In this blog, we will talk about Security in Oracle Cloud Infrastructure. This topic comes under our training of [1Z0-1085]Oracle Cloud Infrastructure Foundations(OCI) for the training click on this link https://k21academy.com/1z0108503

We’ll look at the Shared Security Model, various OCI Security Services, Key Management, Networking Services and WAF.

Oracle Cloud Infrastructure’s security approach is based on seven core pillars. Each pillar has multiple solutions designed to maximize the security and compliance of the platform.

• Customer Isolation
• Data Encryption
• Security Controls
• Visibility
• Secure Hybrid Cloud
• High Availability
• Verifiably Secure Infrastructure

Shared Security Model

In cloud, OCI security is a shared responsibility between OCI and the customer.

Oracle manages Services:

• Virtualization: It provides a Virtual environment for the user to run another OS in the virtual environment in same machine.
• Servers: It can be a data server, hosting server.
• Storage: It provides us data storage facility and working environment.
• Network Security: The Oracle Cloud Infrastructure Networking service offers a customizable private network (a VCN, or virtual cloud network) to customers, which enforces logical isolation of customer Oracle Cloud Infrastructure resources

User manages Services:

• Applications: User can set up their work environment in these machines.
• Data: Save their data and backup it easily and perform CRUD operation.
• Runtime: These machines provide a runtime environment where we can use these machines through CLI (Command Line Interface) remotely(Eg: Ubuntu server, Debian 9 server).
• Middleware: In this we can integrate our application and their is no bound of programming language.
• OS: User can install its working environment(Eg: the OS can run spring boot web application)

Security Services

• Identity and Access Management(IAM): Oracle only provides space for setup and the company is responsible for the access of data as employees have the permission to access data. It uses Multi-Factor Authentication(MFA)
• Workload Security: Oracle provides latest security patch to the user. Customers configure OS according to their environment and Oracle is not responsible for any kind security.
• Data classification and compliance: Customers manage their data according to their needs, the data can be image, text etc.
• Network Security: Customers manages their hosts(VM, Virtual hosts) and oracle provides a secure network layer.
• End point protection:  When customer send data it will go in encrypted form and it will be decrypted by the other customer using KEY. We will talk Key later in the blog.
• Physical security: Oracle does not allow anyone to enter in data rooms, in simple words Lock the room, as a result no one can enter in the room and nothing can be stolen.

Key Management

Key management is used to protect data. In Key Management we generate a key that is used to encrypt the data and decrypt the data. Keys are stored in Vault.

Vault is a kind of bucket that stores all the keys which we generate.

To know more about KMS and how to create a key https://k21academy.com/1z099716

Networking Services

There should be a network architecture in OCI for communication between different services. For this Virtual Cloud Network (VCN) is used in OCI environment.

Components of Networking:

• Subnets
• Route Tables
• Internet Gateways
• Dynamic Routing Gateways (DRG)
• Security Lists
• DHCP Options
• Local Peering Gateways
• Service Gateways

For more about networking Components https://k21academy.com/oci18

WAF(Web Application Firewall)

WAF helps to protect Web Application and monitored HTTP traffic. It protects our web application from attacks such as file inclusion, SQL injection, DDOS attack, etc.

For more information regarding WAF https://k21academy.com/1z099713

Related/Further Readings

• 1Z0-1072 | Oracle Cloud Infrastructure 2019 Architect Associate
• 1Z0-932 V/S 1Z0-1072: Oracle Cloud Infra Architect Associate Certification
• Compartments in Oracle Cloud Infrastructure(OCI)
• Oracle Cloud (OCI) Dedicated Virtual Machine Hosts
• Oracle Cloud Infrastructure (OCI) Architect (1z0-932)Live Training

Next Task For You

Begin your journey towards becoming an Oracle Cloud Infrastructure Foundations 2020 Certified Associate by joining our Training on [1Z0-1085]Oracle Cloud Infrastructure Foundations.

Please join the waitlist by clicking on the image below:

The post [1Z0-1085]Security in Oracle Cloud (OCI) appeared first on Oracle Trainings.