Public clouds offer convenience, cost savings, andthe opportunity to shift from a capital expenditureto an operational expense model. They also offerhighly scalable and flexible infrastructure, often morethan most organizations could accomplish on theirown. Despite these gains, you are still responsible forprotecting your data and the software you run in thecloud.While Oracle provides world-class services that aresecure at the infrastructure level, such as the physicalelements of storage and databases, they make itclear through their Shared Responsibility Modelthat their customers are ultimately responsible forprotecting everything they are deploying in the Oracleinfrastructure—which translates into everything abovethe physical infrastructure and hypervisors. Oracleprovides security “of” the cloud, and enterprises mustprotect what they are deploying “in” the cloud.Almost all organizations use additional securityproducts for their Oracle deployments, but many donot realize that the virtual networks accompanyingOracle workloads are part of their security responsibility.Deep inspection of traffic bound for workloads, lookingfor remote calls, application denials of service, oreven evidence of callbacks, is out of scope for theinfrastructure protection Oracle provides.2Securing Your Oracle Cloud Infrastructure Virtual NetworksSOLUTION BRIEFFigure 1.Oracle Cloud Infrastructure Classic and Platform Cloud Services Security.RESPONSIBLE FORSECURITY“IN”THE CLOUDCUSTOMER DATAPLATFORM, APPLICATIONS, IDENTITY, AND ACCESS MANAGEMENTOPERATING SYSTEM, NETWORK, AND FIREWALL CONFIGURATIONCOMPUTESTORAGEDATABASEREGIONSAVAILABILITY ZONESNETWORKINGEDGELOCATIONSCLIENT-SIDE DATAENCRYPTION AND DATAINTEGRITY AUTHENTICATIONSERVER-SIDE ENCRYPTION(FILE SYSTEM AND/OR DATA)NETWORK TRAFFIC PROTECTION(ENCRYPTION/INTEGRITY/IDENTITY)RESPONSIBLE FORSECURITY“OF”THE CLOUDORACLE GLOBALINFRASTRUCTURECUSTOMERORACLE
