Oracle Cloud Service
Security and Technology
Aykut Celik
Applications Technologist
1
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Safe Harbor Statement
The following is intended to outline our general product direction. It
is intended for information purposes only, and may not be
incorporated into any contract. It is not a commitment to deliver
any material, code, or functionality, and should not be relied upon
in making purchasing decisions.
The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole
discretion of Oracle.
2
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Oracle Cloud Service Momentum
In less than three years…
 >1000 servers
 13 Data Centers
 1000s of VMs
 38,000 Square Feet
 19 PB of Storage
 >10,000 Customers
 >21 Million Users
 >19 Billion Txns/Day
3
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Security
Strength in Depth
Security Strategy
• Security Technical Design Reviews
• Security Technical Assessments
• Secure Configuration
Security Technologies
•
•
•
•
•
•
•
•
•
•
•
Secure Web Gateways
End User Security
Security Information and Event Management (SIEM)
Endpoint Disk and Tape Encryption
Multi-Factor Authentication for Administrators
Segregated Networks
Power Broker for Privileged Management
Security Configuration Monitoring using EM
Web Application Firewall Option
Transparent Data Encryption Option
Oracle Cloud Service Application Security Controls
Security Services
Information
• Periodic Vulnerability Assessments
• Automated Compliance Testing
• Real-time Security Event Correlation & Monitoring
Strategy
Technologies
Governance
Services
Governance
4
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
•
•
•
•
Auditing and Self-Assessment
Business Continuity Planning & Testing
Regulatory Compliance (SOX, PCI, HIPAA, Federal)
Governance, Risk & Compliance Documentation
Operating the Cloud
Data Center & Security
5
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Oracle Public Cloud Data Centers
EMEA Operating
Region.
Primary and Secondary
Data Centers Located
within WE
Defense in Depth
Security & Compliance
6
Best in Class
SLO, RPO, and RTO
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
State of the Art
Facilities, Gen 4
15,000 Global Support
Personal, 27 Languages
99.999% Availability
Power & HVAC
Data Centers
Linlithgow
Chicago
Amsterdam
Japan
London
Singapore
Ashburn
Austin
Sydney
Defense in Depth
Security & Compliance
7
Best in Class
SLA, RPO, and RTO
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
State of the Art
Facilities
15,000 Global Support
Personal, 27 Languages
99.999% Availability
Power & HVAC
Physical Data Center Security
• High security rated data centers
• Access cards required and
inventoried nightly
• Multiple security zones & “Man Traps”
• Biometric scanners
• 24 X 7 video surveillance
• Self-sustaining for 72 hours
• Personnel screening w/ formal
onboarding and offboarding
8
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Monitoring, Alerting, Notifications
Oracle 24x7 “Follow the Sun” Monitoring & Support
Reading
NOC
Bozeman
NOC
9
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Bangalore
NOC
Oracle Cloud Operations Organization
• 500+ Dedicated IT Staff supporting Oracle Cloud
– 7x24 Operations “Nerve Center” staff in a follow the sun
configuration
– Dedicated Security & Compliance management staff
– Functional experts and architects in all key support roles
• Application support
• Platform technologies (Middleware & DB)
• Infrastructure support and system administration
– Network administration: switches, firewalls, load balancers
– Facilities & project management
• 100% of activities performed by Oracle employees
10
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Logical Data Center Security
• Security Certification
• Formal Change Management
• Secure Connection (SSL/VPN)
• Oracle Access Management
• Network Security & Intrusion Detection
• Segregated solution architecture
• Backup and Disaster Recovery
• Malware protection
• 24x7 system monitoring
11
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Application Security
Defense in depth
• Access Control
– SSO Enabled
– Built on Oracle Identity Mgmt
• Database Security
– Separation of duties
– Activity logging
• Application Security
– Role Based Access
– PII protection
12
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Operating the Cloud
Maintenance, Patching, Upgrade
13
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Operations
• Environments
– 1 Staging
– 1 Production
• Back up
– Continual incremental back up
– Daily Snap shot
– Twice weekly archive to tape
and offsite storage
14
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Certifications
• Regulatory Compliance
– SOC 1 certified
– Additional certifications upon request
• Additional services
– Advanced Data Security
• Segregation of duties (DBA)
• Encryption of data at rest*
– VPN Access
– Additional environments
15
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Performance
• 24x7 automated monitoring
– Intrusion Detection and remediation
– IP Filtering/White listing
• Performance infrastructure
– Load balancers
– Transaction Accelerators
• Cloud Management
– Oracle Enterprise Manager
– Customer Cloud Portal
16
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Customer Cloud Portal
17
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Architecture
• Shared Resources
Tenant 1
Tenant 2
Tenant 3
Application Clusters
Database Clusters
Virtualization Layer
Hardware Layer
Shared Cloud Resource
18
Tenant 3
Identity & Access
Management
Enterprise
Management
Tenant 1 Tenant 2
Storage Grid
Virtual Cloud Tenant Resource
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
– Hardware/Storage/Network
– Identity Management
– Cloud Monitoring
• Environments
– Data isolation
– Application isolation
– Data import/export
Cloud Architecture
Virtual Multi-Tenancy
19
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Data Encryption
• File Encryption
– Contents can be encrypted as created
– Oracle Wallet key management
• Personally Identifiable Information
• Data in Motion
• Data at Rest
20
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Upgrade Process
• Customer scheduled upgrades when requested
• Current and previous releases supported
• Upgrade Process
Customer
requests upgrade
21
Oracle updates
staging
environment
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Customer
performs
acceptance
testing
Customer notifies
Oracle when to
upgrade
production
Oracle upgrades
customer
production
environment
Operating the Cloud
Support Processes and Policies
22
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Cloud Security Practices and Policy Documents
ORACLE CLOUD HOSTING AND DELIVERY POLICIES
•
Oracle Cloud-SaaS Hosting and Delivery Policies (PDF)
•
Oracle Cloud-SaaS Enterprise Hosting and Delivery
Policies (PDF)
DATA PROCESSING SERVICE AGREEMENT
•
Data Processing Agreement (PDF)
ORACLE CLOUD SERVICES DESCRIPTIONS
•
Service Descriptions
23
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
• All documents are available on
Oracle.com/Contracts
• Select Oracle Cloud Services
• Review cloud specific documents as
listed.
• Direct questions regarding cloud
policies to the global business
practices team for guidance
Oracle Cloud Services Policies
Environments
•
•
•
•
Support
Exadata/Exalogic servers
2 Environments - Production & Staging
Additional environments at a fee
Additional storage at a fee
• Traditional customer support through Oracle Support – Level 2 & up
• OPC services include Premier Support with Guaranteed First Response
Time for level 1 issues
Refreshes
System Maintenance
• A 3-hour window will be used for all critical/emergency patches and bug
fixes (change mgt policy says qtr, SLO policy says monthly) every two
weeks.
• Targeted to occur during the statistically lightest utilization period for the
deployment region. The service is unavailable during maintenance
Environment Upgrades
• Oracle will perform upgrades to the Customer environments as new
services versions become available.
• Environment Upgrades are scheduled every quarter
Availability
• Up to 1 week provisioning process
• Ability to log in and access service
• All Customers = 99.5% uptime
24
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
• Refresh non-production environment with data from production
environment
• Schedule – performed once with each release
• Based on customer request – through SR process(opt-in model)
Back up and Recovery
• Full backups are written to disk daily and copied to tape everyday;
backup tapes are sent to offsite facility once a week and retained at an
offsite facility for five weeks
• 1 Hour Recovery Point Objective
• 12 Hour Recover Time Objective
Off-Boarding
• Off-boarding - To enable customers to obtain their data from their
hosted SaaS environments following service contract termination
• Full Data file is available up to 60 days after contract termination
Cloud Hosting and Delivery policies are available at oracle.com/contracts
My Oracle Support
Support.Oracle.com
Priority
Handling
Personalized
Dashboard
Configuration
Management
Health Checks &
Risk Analysis
Patch Advice &
Upgrade Advisors
Web 2.0
Capabilities
Oracle Expert
Community
Service Request
Management
Knowledge
Base
Automated
Service Requests
140K+
Members
Peer
Community
Seamless Enterprise Manager
Integration
25
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Community
Knowledge
•24/7 Technical Support
•24/7 Online Resources
•My Oracle Support Community
•Lifetime Support
•Product Support Alerts
•Software Update Tools
•Security Resources
•Oracle Explorer Data Collector
•Embedded Diagnostic Tools
•Performance Enhancements
•Feature Enhancements
•New Releases
•Security Patches
•Bug Fixes
•Integrated Patch Sets
•Integrated Software (such as
Firmware) Updates
Additional Options
26
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Additional Options
•
•
•
•
•
•
27
Additional environments
Single Sign On (SAML2)
IP Whitelisting
Encryption at Rest
Database Audit Vault (Fusion Applications only)
Database Firewall (Fusion Applications only)
Copyright © 2014 | Oracle and/or its affiliates. All rights reserved. |
CONFIDENTIAL – Not for Distribution Outside of Oracle
Descargar

Oracle Cloud Service Security and Technology - GTS