Oracle Information InDepth


Oracle Cloud Solution

Stay Connected

Oracle Blog Oracle on Facebook Oracle on Twitter Oracle on LinkedIn Oracle on Youtube

September 2013

Subscribe Forward

Back to the main page

QuinStreet Report: Evaluating Cloud Providers for Security

As adoption of cloud technologies continues to accelerate, a new executive brief from QuinStreet lays out five key security considerations when choosing a cloud provider.

While security is often cited as a barrier to cloud adoption, organizations are discovering that the right cloud partner can, in many cases, actually strengthen an organization's security posture.

"Depending on the capabilities of the provider, an enterprise could actually improve the overall security compared to what it might otherwise be able to resource on its own," the report's authors write.

Implement the Right Services on the Right Cloud
The report concludes that to realize these benefits each organization must carefully determine which type of cloud—software as a service, private cloud, managed cloud services, or some combination thereof—best meets the security requirements of particular applications and data sets.

And each organization must also perform due diligence in terms of security when selecting providers.

“Security truly is partnership between you and your provider. The more critical and sensitive the information, the more critical that partnership," says Gail Coury, vice president, risk management and infrastructure operations at Oracle.

To help with that process, the report’s authors list five key considerations.

  • Transparency of the cloud vendor. While security is an essential part of any contract with a vendor, signing an agreement is not enough. "The vendor should be able to make clear commitments about what controls are in place, where the data resides, who is managing the underlying technology, and other responsibilities it will assume as custodian of the data," write the report's authors.
  • Risk mitigation. Organizations need to consider how secure access is revoked; for example, when a user leaves the organization. Single sign-on is one obvious solution, but many organizations do not want to share credential information with third parties. One solution is federated identity technology, which enables organizations to automatically remove access to cloud applications at the same time they are removed from the company directory.
  • Proof of capabilities. Security certifications provide an easy and objective way to compare providers. However, organizations often require an even higher level of certainty. "In these situations, it is important to know up front whether the cloud provider allows customers to perform an audit or penetration test, and under what circumstances—any time, only during certain times, unannounced, and so on," write the report's authors.
  • Integration options. "No cloud exists in a vacuum," write the report's authors. "Applications that run in the cloud typically must interact with other cloud-based apps in different types of clouds as well as non-cloud-based applications." It is vital to understand how cloud-based services fit within the overall IT infrastructure—and ensure manual management and coding does not present an added security risk.
  • Breadth of experience. Each industry has its own set of security and compliance concerns. It is important that the cloud provider understands an organization's unique needs. At the same time, consistency in controls across all industries enables automation of operational management and monitoring. That makes breadth of experience very valuable—something niche providers often can't provide.

Why Oracle?
"Oracle, a leader in secure data management and controls, recognizes security’s importance at every level in the hardware-software stack," write the report's authors. "Oracle’s seamless end-to-end stack offering makes it unique among the many cloud providers."

“Security is foundational to Oracle’s cloud offerings and is critical to delivery of its cloud services," adds Coury.

Read the entire report: Five Things to Look for in a Cloud Provider When It Comes to Security.

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

  Hardware and Software, Engineered to Work Together Contact Us | Legal Notices and Terms of Use | Privacy Statement
Oracle Corporation


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.