Keep Your Data Secure
Throughout the
Cloud Lifecycle

Oracle Cloud Infrastructure Security—
Oracle Cloud Guard and Oracle Security Zones

The benefits of the cloud have grown too strong for businesses to ignore—it offers lower infrastructure spending costs, greater business agility, and flexible scalability. That’s why more companies are migrating their business-critical enterprise workloads to the cloud than ever before.

In fact, according to the Oracle and KPMG Cloud Threat Report, today, nearly 90 percent of companies are using software as a service (SaaS) and 76 percent are using infrastructure as a service (IaaS)—and 50 percent expect to move all their data to the cloud in the next two years.1

But unfortunately, despite the benefits it gives companies, increased cloud adoption still has its costs. Many companies have developed new security blind spots as their IT teams and cloud service providers work to secure their data. And it’s causing areas of concern—Gartner forecasts that by 2025, 99 percent of cloud security failures will be the customer’s fault.2

Gartner forecasts that by 2025, 99 percent of cloud security failures will be the customer’s fault.

Enterprise cloud security and privacy administrators have a lot of responsibility already. They’re expected to be knowledgeable about cloud security services, know how to deploy them without sacrificing business continuity, and correctly manage secure resource configurations in a rapidly changing environment. When you consider that most public-cloud tenants mix on-premises, cloud, and multicloud deployments at scale, overcoming this challenge can be difficult—even with a well-staffed team of cloud security experts.

A new approach to security
posture management

Oracle wants cloud security and privacy administrators to feel confident when securing cloud infrastructure workloads. To achieve this, security must be easy to deploy and maintain. It also needs to be automated and sophisticated enough to protect the most critical workloads and data—all while allowing security professionals to more easily apply their expertise to meet security objectives.

That’s why Oracle Cloud Infrastructure is introducing new security cloud services for cloud security posture management (CSPM) and cloud security orchestration and automation and remediation (SOAR) of Oracle Cloud Infrastructure tenancies.

Cloud security posture management removes the barriers typically encountered when securing cloud services. It’s made possible by embedding security expertise, centralizing configuration management and monitoring, and automating remediation workflows.

A two-pronged security strategy for security posture management

Cloud security posture management of Oracle Cloud Infrastructure tenancies consists of two cloud security services:

  • Oracle Security Zones: Special compartments designed to enforce implicit and explicit security policies.
  • Oracle Cloud Guard: A scalable data processing security service that acts as the command center for Oracle cloud security posture management. Oracle Cloud Guard gives a comprehensive picture of the security and risk posture of a customer’s tenants in Oracle Cloud Infrastructure.

Oracle Security Zones and Oracle Cloud Guard mark a new approach to cloud security, giving customers the ability to avoid insecurely configured cloud services at different stages of the resource configuration lifecycle.

Oracle Security Zones focuses on a preventative strategy that can inhibit the creation of resources that violate security requirements, while Oracle Cloud Guard offers a detect-and-respond framework that allows for additional context before remediation is enforced.

Oracle Security Zones and Oracle Cloud Guard are cloud security services that support the entire Oracle Cloud Infrastructure ecosystem supporting the traditional console user interface as well as programmatic interfaces (such as Oracle Cloud Infrastructure API, CLI, SDK, and so on).

This two-pronged approach helps Oracle Cloud users deploy securely from day one, and provides the means to continuously monitor security and risk across the entire Oracle Cloud Infrastructure ecosystem.

Oracle Cloud Infrastructure security designed for all users and data

Oracle Security Zones and Oracle Cloud Guard add security automation and embedded expertise to Oracle Cloud—making it easy for any cloud user to operate securely.

Oracle Cloud Infrastructure is an infrastructure-as-a-service (IaaS) offering, architected on security-first design principles.

These principles include isolated network virtualization for superior customer isolation compared to earlier public-cloud designs, and hardware root-of-trust technology to reduce risks from compromised firmware. Oracle Cloud Infrastructure benefits from tiered defenses and highly secure operations that range from the physical hardware in our data centers to the web layer.

Many of these protections also work with third-party clouds and on-premises solutions to help secure modern enterprise workloads and data wherever they reside.

Much like the security-first Oracle public-cloud design, Oracle Security Zones and Oracle Cloud Guard continue to emphasize security themes such as resource configuration and activity monitoring, secure compartment design, and security automation. These new security services are part of the core design concepts for Oracle Cloud Infrastructure, including:

  • High customer isolation
  • Protection from firmware-based attacks
  • Ubiquitous data encryption
  • Automatic patches to the operating system
  • Sophisticated data protection

Oracle’s focus on automation and ease of use aims to set a new bar for security, giving every cloud user—not just those tasked explicitly with security—the power to operate, develop, and scale securely in the public cloud.

  1. 1 “New Study: IT Pros Are More Worried About Corporate Security Than Home Security,” press release, May 14, 2020, on Oracle website,
  2. 2 Kasey Panetta, “Is the Cloud Secure?” Gartner article, October 10, 2019,