Cloud Access Security Brokers (CASBs) address security gaps that may arise as a result of an organization’s transition to the cloud. CASB solutions enforce an organization’s access policies governing usage across the cloud stack (IaaS, PaaS and SaaS), thereby ensuring secure access to and usage of cloud resources by administrators and users. The traditional definition used by analysts for CASB focused mainly on enterprise SaaS applications. However, CASBs expands to cover security of the broader cloud stack, including IaaS. Oracle CASB Cloud Service is a pioneer in IaaS protection focusing on a heterogeneous multi-vendor SaaS, PaaS and IaaS strategy.
Oracle CASB monitors the security of Oracle Cloud Infrastructure deployments through a combination of pre-defined Oracle Cloud Infrastructure-specific security controls and policies, customer-configurable security controls and policies, and advanced security analytics using machine learning for anomaly detection. Oracle CASB security functionality includes monitoring security configuration of Oracle Cloud Infrastructure resources, monitoring credentials and privileges, user behavior analysis (UBA) for anomalous user actions, and threat analytics for identifying risk events. For customers with heterogeneous multi-cloud deployments, Oracle CASB supports monitoring of other public clouds such as AWS, Azure, Office 365, Salesforce, and more.
Customers use Oracle Cloud Infrastructure for their mission-critical workloads when security is an important consideration. Security of Oracle Cloud Infrastructure workloads follows the Shared Responsibility Model with onus on customers to securely configure Oracle Cloud Infrastructure services used by their applications, while Oracle is responsible for security of the underlying cloud infrastructure. In this context, the ability to monitor security configuration and use of their Oracle Cloud Infrastructure resources is an important requirement for customers. This includes monitoring changes to configurations, adherence to mandated security policies such as key rotation and password management policies, and detecting anomalous behavior and/or use of various resources. Oracle CASB offers automated security monitoring of Oracle Cloud Infrastructure resource configuration and usage, and alerting on deviations from security baseline, thereby helping customers maintain security of their Oracle Cloud Infrastructure applications.
Some of the key value drivers for using Oracle CASB for Oracle Cloud Infrastructure are:
Oracle CASB has pre-defined Oracle Cloud Infrastructure-specific security and policy controls available out of the box. Below are examples of Oracle Cloud Infrastructure security monitoring provided by Oracle CASB.
Oracle CASB integrates with multiple other products, some of which are listed below.
Cloud Solutions:
IAM
SEIM
Firewall/Secure Web Gateway:
Data-Centric Audit and Protection (DCAP)/Data Loss Protection (DLP)
IT Service Management
Threat Intel
Integrated Compliance
To enable CASB monitoring of Oracle Cloud Infrastructure, create an Oracle Cloud Infrastructure application instance with Oracle CASB, and provision with API key credentials of a least-privilege IAM user authorized to get configuration information and audit logs from the Oracle Cloud Infrastructure tenancy. To register an Oracle Cloud Infrastructure application instance to monitor a customer tenancy, customers provide tenancy OCID, IAM user OCID, public key fingerprint of the IAM user API key, and private key of the IAM user API key.
Oracle CASB can be leveraged as part of the Universal Credit Model that Oracle provides for cloud services. By leveraging this model, you can turn on Oracle CASB and configure it to monitor Oracle Cloud Infrastructure, and available credits are automatically deducted from your account. See CASB Pricing for more information.
Oracle CASB for Oracle Cloud Infrastructure documentation lists detailed instructions on enabling and using the product. See CASB Documentation.