Aqua Blog

CloudSploit Delivers Best Practices for Oracle Cloud Security

CloudSploit Delivers Best Practices for Oracle Cloud Security

Our customers challenged us to add Oracle Cloud Infrastructure (OCI) security to the list of public clouds that Aqua CSPM (aka CloudSploit) covers – and make it seamless. That meant giving our customers a singular view into the public cloud platforms they use, while maintaining the same level of control with easy-to-use interfaces. Well, we happily rose to that challenge as today we announce the General Availability (GA) of CloudSploit for Oracle Cloud.

With today’s GA announcement for Oracle Cloud support, Aqua Security’s CSPM (Cloud Security Posture Management) solution continues to increase its coverage across public cloud native platforms, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and now also Oracle Cloud Infrastructure (OCI).

Oracle Cloud security best practices

From a development perspective this was an interesting challenge – Oracle Cloud security best practices are still emerging and there was no Security Posture model already accepted by the market. Defining the criteria for what would be a secured Oracle Cloud environment required research, collaboration and an iterative approach. Oracle Cloud is a public cloud infrastructure with services and components similar to those in other public infrastructures, so we had a good starting point. We leveraged our experience implementing security posture management in other public clouds and adopted those best practices to Oracle Cloud. We were equally inspired by policies developed by the Center for Internet Security (CIS) for AWS, Azure and GCP to define similar sets of best practices for this platform. Lastly, we had great support from our customer base, helping us fine tune the implementation even further.

The result of this effort is a set of security best practices that include general configuration and settings needed to keep your environment safe.

Oracle Cloud security is business critical

The migration of Oracle E-Business Suite (Oracle EBS) environments from on-site deployments to the Oracle Cloud infrastructure have been growing in popularity. Oracle, the driving force behind it, has been promoting this option based on the promise of significant improvements in business agility and operational excellence. In this deployment model, the Oracle EBS set of components are deployed on top of Oracle Cloud services, in a single region or multiple regions and take advantage of many of the Oracle Cloud components, such as Virtual Machines, load balancers, WAFs, databases, storage and more.

Organizations have been challenged with coming up with security, risk and compliance strategies to provide continuous monitoring that ensures the platform meets the corporate security standards used in other hosting environments.

One of our enterprise customers, a global technology business that operates over 20 separate Oracle Cloud accounts, told us recently:

“Today we have many workloads deployed on the AWS platform, where we have a proven security and compliance approach supported by CloudSploit for Security Posture Management. We have been working to enable Enterprise Oracle application environments in the Oracle Cloud, and we needed to implement similar levels of visibility that we have for AWS on OCI. We looked for a solution that provided the cloud security configuration state in a simple and consistent manner, no matter which public cloud our teams use.”

With the new CloudSploit support for Oracle Cloud the customer gains visibility and continuous monitoring of their Cloud Security posture across all their clouds with a single solution that they already use and trust.

CloudSploit’s features for Oracle Cloud security:

Comprehensive policies coverage
63 new plug-ins for numerous OCI services, including: Compute, Database, File Storage, Clock Storage, Audit, Identity, Networking, and Object Store. As with our existing support for other public cloud platforms, Aqua Security will introduce new plug-ins and updates for existing ones as more OCI services are released.

Coverage for all regions and zones
CloudSploit for OCI scans the OCI services in all 12 currently available OCI regions. Aqua Security will extend CloudSploit’s support for new OCI regions as they become available.

Remediation assistance
The scan reports include recommended remediation information and links to official Oracle documentation.

Compliance auditing
Compliance support now includes a mapping of CloudSploit’s library of OCI plug-ins to PCI-DSS, HIPAA and GDPR requirements, to provide individual, actionable policy checks to help detect compliance violations across your OCI accounts. Customers can also create their own custom compliance programs and map any internal corporate controls to CloudSploit’s plug-ins library.

Sign up and connect an Oracle Cloud account to CloudSploit using our onboarding wizard. CloudSploit only requires read-access to your configuration metadata and does not access sensitive content in your cloud accounts.

CloudSploit continuously audits your account in the background, working to detect potential misconfigurations and other risks that can lead to compromised infrastructure and loss of application and user data.

Ehud Amiri
Ehud Amiri is a Senior Director of Product Management at Aqua Security, leading the Aqua cloud services. Ehud is passionate about delivering easy to use cyber security products and cross-pollinating product designs with innovating technologies. When he isn’t at work, he enjoys a good sci-fi book or traveling and meeting people around the world.