We’re sorry. We could not find a match for your search.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Start a new search.

Security Zones Frequently Asked Questions (FAQ)

Open all Close all

    General Questions

  • What is Oracle Cloud Infrastructure Oracle Security Zones?

    Oracle Security Zones is a service that helps ensures customers implement Oracle's best practices for security by enforcing them from the start and removing the chance of configuration drift or someone violating them later. This brings clarity regarding what is needed to meet their security needs and removes guesswork from the equation when it comes to implementation.

  • What is a Security Zones recipe? How is it different from a Policy?

    A Security Zones recipe is a curated collection of policies. A recipe defines a set of security best practices is enforced in a Security Zone.

  • What is a Maximum Security Zone?

    Maximum Security Zone is a pre-defined recipe managed by Oracle. This recipe includes policies that maximize configuration for a strong security posture.

  • Can I have multiple Security Zones?

    Yes. The number of Security Zones that can be created is only limited by the Compartment limit in your tenant.

  • Must I use a Security Zone to be secure?

    Not necessarily, but Security Zones prevents configurations that lead to a weakened security posture.

  • What if I only want a subset of the Security Zones policies in a Security Zone?

    Security Zones will be initially released supporting our most stringent recipe: Maximum Security Zone. While we recognize that this may not work in every instance, customization in the form of the ability to select which Security Zone policies apply to a zone will be a future release.

  • Can I create my own policies?

    Customers cannot create their own policies. Customers have access to an extensive list of policies provided by Oracle. New policies will be added over time.

  • How do I access resources inside a Security Zone?

    Resources inside Security Zones are identical to their equivalents outside of a Security Zone. The only difference is the enforcement of the security best practices policies for their settings and configuration. These resources can be accessed using the same methods, tools, and permissions as regular resources.

  • Can my resources access each other across different Security Zones?

    Security Zones do not directly manage access restrictions to the resources that are in them. These resources can still be accessed in any method that can be configured under the limitations set by the Security Zone recipe associated with that zone. Elaborating on this, some resources in Security Zones can access others in different Security Zones, and some cannot. This is depending on each resource settings and configuration.

  • If everything is so heavily protected, how do I get data in and out of a Security Zone?

    A secure method of connection is required to cross the proverbial border of a Security Zone and transfer data. There are several methods to create a secure connection, such as a bastion.

  • What are the differences between Security Zones and Cloud Guard?

    Security Zones policies are enforced upon creation of the zone. Cloud Guard requires customer to enable the service and select compartments to be monitored. Cloud Guard looks for specific user activity or configuration state. Some detectors are the inverse of a Security Zone policy. For example, one cannot set a bucket to public in a Security Zone. Cloud Guard has a detector which can detect a bucket being set to public, and can then alert and remediate.

  • Can I have an Autonomous Database or other Oracle services in a Security Zone?

    Yes, any type of resource can be created in a Security Zone, however Security Zones will take action only if a relevant recipe to that resource type is associated with the zone. It's important to note that the list of Security Zone recipes and policies will be updated with more added to allow more types of resources to be managed with security best practices.

  • Can I have a Security Zone on-premises?

    No. Security Zones only work for Oracle Cloud Infrastructure resources.

  • What does Security Zones cost?

    Security Zones is a free service; however, resources within a Security Zone will have their usual charges.

  • How do I prevent someone from disabling a Security Zone?

    A Security Zone cannot be disabled. An empty Security Zone can be deleted.

  • How do I delete a Security Zone?

    A Security Zone must have all resources removed before it can be deleted. An empty Security Zone can be deleted by pressing the ‘Delete’ button on the Security Zone details page.

  • In what regions is the Security Zones service available?

    Security Zones is available across all commercial regions.

  • Which types of databases do Security Zone policies apply to?

    Security Zone policies are enforced on Autonomous Database, bare metal databases, VM Databases, and Exadata. Security Zone policies are not available for Exadata Cloud@Customer Databases.

  • Which takes precedence, identity access management policy or Security Zone policy?

    A Security Zone will override an identity access management policy that allows access. For instance, even if a user has permission to manage a bucket, they cannot set a bucket to public in a Security Zone.