1. Confidential – Oracle Internal/Restricted/Highly Restricted

3. Oracle Cloud Infrastructure Security Architecture
Peek Under the Covers
Yuecel Karabulut, Director Product Management, Security and Compliance, Oracle
Shabir Firdaus, Enterprise Architect, 7-Eleven
Vincent Di Piazza, IT, CMiC
October 25, 2018
Confidential – Oracle Internal/Restricted/Highly Restricted

4. Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation.
Confidential – Oracle Internal/Restricted/Highly Restricted

5. We Will Talk About Three Things Today1
7 Pillars of a Trusted Enterprise Cloud Platform Oracle Cloud Infrastructure Security Capabilities How Enterprises Maintain a Strong Security Posture on our Cloud 2 3
Confidential – Oracle Internal/Restricted/Highly Restricted

6. Oracle Cloud Infrastructure: Complete Services
COMPUTE
Bare metal/VM, CPUs/GPUs
STORAGE
NVMe, Block, File, Object, Archive
AUTONOMOUS DATABASE
Transactions, Data Warehouse
SECURITY
IAM, Audit, KMS, CASB
Up to: 64 CPU cores, 8 GPUs, 768 GB RAM, 51 TB local SSD, 5M IOPS,
AMD and Intel processors
Predictable IOPS Block Storage for up to 98% less, storage for whole lifecycle
Fast provisioning. Automatic tuning, patching, securing % availability.
Integrated security services to protect data and to control and monitor access
High performance servers, storage and database support millions of IOPS, I/O and transactions, and scale up and down based on your need.
This is the true enterprise cloud you’ve heard mentioned. We don’t focus on micro-instances, or VMs with time-sliced fractional CPU allocations. We focus on providing what businesses need to run real production workloads. Workloads that may have to scale up, as well as out. Workloads that may require the reliability of a solid traditional hardware infrastructure in addition to the “plan to fail” approach of cloud. Workloads that need low-latency access to storage and networks. And we provide businesses with simple pricing and predictable costs, instead of an arcane system that penalizes you for running the high performance production applications you depend on.
CONTAINERS
Containers and Kubernetes
NETWORKING
VCN, LBaaS, FastConnect, VPN
DATABASE
VM, Bare metal, Exadata
EDGE
DNS, WAF, DDoS,
Fully managed, certified Kubernetes service with Docker containers
Isolated networks with reserved IPs, security lists, firewalls, lowest cost private connectivity
Massive performance & scale; RAC and Active Data Guard support
Global DNS, application protection, bot management, DDoS protection, delivery
RAVELLO
Migrate VMware or KVM
CLOUD AT CUSTOMER
Exadata, Big Data
DATA MOVEMENT
Storage Gateway, Data Transfer
GOVERNANCE
Compartments, Tagging
Move VM environments to managed cloud service, retain existing networking
On-premises cloud infrastructure / analytics / Exadata service, managed by Oracle, pay as you go
File to object cloud Storage Gateway, Data Transfer Appliance for large scale ingest
Logical separation and tagging of resources for simplified management and cost tracking

7. What Do Customer Security Teams Want
When Their Workloads Move to Cloud?
“I want to maintain my strong security posture.”
“I want to improve my security posture using cloud-native security solutions.”
But.. what does it take to maintain and improve a “strong security posture” in the cloud?
Confidential – Oracle Internal/Restricted/Highly Restricted

8. The 7 Pillars of a Trusted Enterprise Cloud Platform1
Customer Isolation 2
Data Encryption 3
Security Controls
Explain 7 pillars and how each pillar covers various customer requirements in different areas.
Oracle Cloud Infrastructure’s security approach is based on seven core pillars. Each pillar has multiple solutions designed to maximize the security and compliance of the platform.
Customer Isolation: Allow customers to deploy their application and data assets in an environment that commits full isolation from other tenants and Oracle’s staff.
Data Encryption: Protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements with respect to cryptographic algorithms and key management.
Security Controls: Offer customers effective and easy-to-use security management solutions that allow them to constrain access to their services and segregate operational responsibilities to reduce risk associated with malicious and accidental user actions.
Visibility: Offer customers comprehensive log data and security analytics that they can use to audit and monitor actions on their resources, allowing them to meet their audit requirements and reduce security and operational risk.
Secure Hybrid Cloud: Enable customers to use their existing security assets, such as user accounts and policies, as well as third-party security solutions, when accessing their cloud resources and securing their data and application assets in the cloud.
High Availability: Offer fault-independent data centers that enable high-availability scale-out architectures and are resilient against network attacks, ensuring constant uptime in the face of disaster and security attack.
Verifiably Secure Infrastructure: Follow rigorous processes and use effective security controls in all phases of cloud service development and operation. Demonstrate adherence to Oracle’s strict security standards through third-party audits, certifications, and attestations. Help customers demonstrate compliance readiness to internal security and compliance teams, their customers, auditors, and regulators. 4
Visibility 5
Secure Hybrid Cloud 6
High Availability 7
Verifiably Secure Infrastructure
Confidential – Oracle Internal/Restricted/Highly Restricted

9. Oracle Cloud Infrastructure Security Capabilities at a Glance1
Customer Isolation
Default Storage Encryption, KMS, Database Encryption
User Authentication, Instance Principals, Authorization, Network Security Controls, Application and Edge Security Controls
Audit Logs, CASB-Based Monitoring
Identity Federation, Third-Party Security Solutions
Security Connectivity using VPN and FastConnect
Bare Metal Instances, VM Instances, VCN, IAM Compartments
3 Options for HA: multi-region, multi-AD, multi-fault domain within an AD
SLAs
Security Operations, Compliance Certifications and Attestations, Customer Penetration and Vulnerability Testing, Secure Software Development 2
Data Encryption 3
Security Controls
Explain OCI security capabilities that meet customer requirements for each of the seven pillars.
Tell the audience that the focus of today’s talk is Customer Isolation although we will also touch on three other pillars. 4
Visibility 5
Secure Hybrid Cloud 6
High Availability 7
Verifiably Secure Infrastructure
Confidential – Oracle Internal/Restricted/Highly Restricted

10. Deeper Isolation from Other Customers
Compute
Bare Metal Instances | VM Instances
Network
VCN and Subnets
Data
Data-at-rest encryption using customer-controlled keys
Back-end Infrastructure
Secure isolation between customer instances and back-end hosts
I want to isolate my cloud resources from other tenants, Oracle staff, and external threat actors, so we can meet our security and compliance requirements.
I want to isolate different departments from each other, so visibility and access to resources can be compartmentalized.
Identity and Access Management
Compartments and IAM policies
Confidential – Oracle Internal/Restricted/Highly Restricted

11. Confidential – Oracle Internal/Restricted/Highly Restricted

12. CMiC Use Case
CMiC is the leading provider of complete, integrated, and advanced enterprise level software solutions designed exclusively for the construction industry.
CMiC concluded their Oracle ERP stack would run best on Oracle Cloud Infrastructure.
What drove CMiC to choose OCI?
Wider range of shapes, including VM and bare metal options.
Native compute performance with Bare Metal offering.
OCI security framework, specifically segmentation with compartments.
Confidential – Oracle Internal/Restricted/Highly Restricted

13. Two Types of Instance Isolation
Bare Metal Instance
Complete workload and data isolation
Single-tenant
No Oracle-managed hypervisor
VM Instance
Multi-tenant
Hypervisor-based instances
Strong isolation controls
Customer Software
Single-tenant Bare Metal Instance with No Oracle Software
Only CMIC Software
We offer two types of instance isolation:
Bare Metal Instances offer complete workload and data isolation. Customers have full control of these instances. Every bare metal instance is a single-tenant solution. Oracle personnel have no access to memory or local storage while the instance is running. There is no Oracle-managed hypervisor on bare metal instances.
VM Instance is a multi-tenant solution. VM instances run on an Oracle-managed hypervisor and comes with strong isolation controls.
Both instances offer strong security controls. Customers who want to have higher performances instances and complete workload and data isolation prefer bare metal instances.
More information about bare metal and VM instances:
Bare metal (BM) instances: Physical servers are dedicated to a single customer who has complete control over the server. There is no Oracle- managed hypervisor and Oracle personnel have no access to memory or local (NVMe) storage while the instance is running. All network virtualization is performed off-box, and only the Oracle Integrated Lights Out Manager (ILOM) is accessible to the infrastructure (required in order to remotely reboot or reprovision instances). These BM instances offer consistent high performance and are immune to any noisy-neighbor issues. Customers have OS-level administrative privileges to the BM instance. After a customer terminates their BM instance, the server undergoes an automated disk and firmware-level wipe process to ensure isolation between customers.
Virtual machine (VM) instances: Customers with flexibility requirements or those who don't need a dedicate BM instance can opt for VMs. Multi- tenant customer VMs in Oracle Cloud Infrastructure are managed by a security-hardened hypervisor that provides strong isolation between customers.
Oracle Cloud Infrastructure instances use key-based SSH by default. Customers provide the SSH public keys to Oracle Cloud Infrastructure and securely use the SSH private keys for accessing the instances. Oracle highly recommends using key-based SSH to access Oracle Cloud Infrastructure instances. Password-based SSH could be susceptible to brute-forcing attacks, and are not recommended.
Oracle Linux images hardened with the latest security updates are available for customers to run on Oracle Cloud Infrastructure instances. Oracle Linux images run the Unbreakable Enterprise Kernel (UEK) and support advanced security features such as Ksplice to apply security patches without booting, which allows enterprises to live-update their instances without any disruption. In addition to Oracle Linux, Oracle Cloud Infrastructure makes a growing list of other OS images available, including CentOS, Ubuntu, and Windows Server. Customers may also bring their own custom images. All Oracle-provided images come with secure defaults including OS-level firewalls turned on by default.
VMs
Oracle-Managed
Hypervisor
Multi-tenant VM Instance
Confidential – Oracle Internal/Restricted/Highly Restricted

14. Virtual Network: Secure, Private Network
ORACLE CLOUD DATA CENTER REGION
AVAILABILITY DOMAIN 1
Virtual Cloud Network
Subnet-A
Subnet-n
AVAILABILITY DOMAIN 2
Subnet-B
Subnet-n1
AVAILABILITY DOMAIN 3
Subnet-C
Subnet-n2
Secure connectivity options
Customers
Customer
Data Center
Each customer’s traffic is completely isolated in a private L3 overlay network
Network segmentation is done via subnets
Private subnets: No internet access
Public subnets: Instances have public IP addresses
Customers can control VCN traffic
VCN stateful and stateless security lists
Route table rules
Customers can use a Service Gateway that provides a path for private network traffic between a VCN and a public Oracle Cloud Infrastructure service such as Object Storage
Customers can use VCN peering for securely connecting multiple VCNs without routing the traffic over the internet or through your on-premises network
Oracle’s Virtual Cloud Network gives customers the complete set of network services they need in the cloud with the same network flexibility they have today on-premises.
You can build an isolated virtual network with granular controls, including subnets and security lists.
We provide secure and dedicated connectivity from your data center to the cloud with multiple providers like Equinix and Megaport.
You can provide end customers high performance and predictable access to your applications with services like provisioned bandwidth load balancing.
All networking services are API-driven and programmable for more automated management and application control.
FastConnect
IGW
Load Balancing as a Service
and
Managed DNS Service
VPN
Confidential – Oracle Internal/Restricted/Highly Restricted

15. Confidential – Oracle Internal/Restricted/Highly Restricted

16. 7 Eleven Use Case
7 Eleven needed to create a Disaster Recovery site for all Oracle applications
What drove 7 Eleven to choose OCI?
Best of breed for Oracle on Oracle applications.
Exadata in the cloud.
Comprehensive security capabilities, including:
Fine-grained IAM policies to control who can administer the Exadata Database Service
Compartments for isolating different cloud resources
Federation with ADFS
Secure Linux images and patching via Ksplice without re-booting live instances
Hello, I am Shabir Firdaus, Enterprise Architect at 7 Eleven. My areas of expertise is Oracle Technologies. In 711 we have a large footprint of Oracle. It provides HR, Finance, Retail Accounting, Product Lifecycle Management and Reporting business functions to the enterprise.
Due to new critical functionalities getting added and the importance of providing continuous support to our franchisee and corporate stores, we felt need to have a disaster recovery site. We have strict audit requirements and presence of Class 4 data in these systems. Oracle Cloud became the obvious choice as it met all the requirements.
First one is authentication. We setup authentication through federation with our ADFS. Initially we federated with Oracle Cloud Infrastructure but later, due to enabling of other Oracle Services, we federated using Oracle Identity Cloud Service.
We had authorization requirements on who gets to see and do what. Using IAM policies, we were able to manage it at various levels. I will talk about it more on the next slide.
At 711, there are different groups managing different kind of resources. Compartments helped in isolating the resources and give ownership to different groups. I will talk it more on the next slide.
As you know customers are responsible for patching operating systems in compute instances. New Linux kernel updates come out about once a month. Obviously, you wish to apply patches without any disruption to our production workloads. With Ksplice, you can install those same important kernel security and bugfix updates while the system is running, with no disruption. Ksplice lets you apply 100% of the important kernel security updates without rebooting. You don't need to stop any running applications and you don't need to reboot to install. 
Confidential – Oracle Internal/Restricted/Highly Restricted

17. 7 Eleven Disaster Recovery
Legacy Applications
DNS
Failed
Over State
DNS
Just to give an overview of architecture of the disaster recovery. I have taken an example of one of the applications, Oracle ERP.
It have few applications servers on VM’s and database on Exadata. Database is getting sysnc using Data Guard and application including NAS mounts are getting copied over using rsync. Application and other applications communicate using DNS resolution. After failover, we just change the DNS entries and the application is available again and once the on-premise site is up, it becomes the failover site.
Active Link
Active Link
EBS Application on Oracle Compute
EBS Application
EBS Application
Periodic Copy Using Rsync
Periodic Copy Using Rsync
EBS Application on Oracle Compute
Active Data Guard
Active Data Guard
Database
Database
Failover Database
On-Premises (Production)
Failover Database
On-Premises (Production)
Only EBS shown for illustration. Other applications follow same architecture 17
Confidential – Oracle Internal/Restricted/Highly Restricted

18. IAM Compartments for Departmental Isolation
7 Eleven Tenancy
Compartment – Networking
VCN
DRG
FastConnect
Subnets
vNICs
Compartment – Shared Infrastructure
File System Service
AD DNS
Policy 1
Policy 2
As I mentioned before, at 7 Eleven we have different groups managing different resources. Network team manages resources related to their area like VCN, DRG, Subnets and vNIC’s. Same with Database, we have separate groups for Exadata Database administration and Application administration. There are some resources that are maintained by shared services group.
With the use of compartments we were able to isolate these resources for each group. Owners of the each group were able to define IAM policies that will allow read, use and management of their resources by other groups.
We have started the Cloud journey in IaaS and so far it has been excellent. We were able to complete the design and implement it in 3-4 weeks. We hope to improve as we move forward with procuring PaaS and integrate with IaaS.
Compartments
Best used for: Setting access control boundaries
Logical container used to organize and isolate cloud resources; each resource is in exactly one compartment
Compartments are hierarchical and are best for creation permission boundaries. A parent compartment’s policy is inherited by child compartments
Compartments are global; distinct from physical containers like Regions and Availability Domains
Resources can be connected/shared across compartments
Compartment – Production Applications
Compute Instance
Block Volumes
Compartment – Production Databases
Exadata
Policy 3
Policy 4
Confidential – Oracle Internal/Restricted/Highly Restricted

19. Storage Encryption and Key Management
Default data-at-rest encryption using unique Oracle-managed keys
Block Storage, Remote Volumes, Object Storage and File System Storage
Oracle Key Management
Encrypt your data using keys that you control
Highly available, durable, and secure key storage using per-customer isolated partitions in FIPS Security Level 3 certified HSMs
Centralized key management capabilities, and integration with select Oracle Cloud Infrastructure services
Confidential – Oracle Internal/Restricted/Highly Restricted

20. Highly Secure Infrastructure and Geographic Security Compartmentalization
Back-end hosts are securely isolated from customer instances via segmented networks and ACLs
Fine-grained ingress and egress policies to control network traffic
Geographic security compartmentalization
A potential attack on a region has no impact on other regions due to regional isolation model and internal service credentials
Confidential – Oracle Internal/Restricted/Highly Restricted

21. Additional Security Services
CASB Monitoring
Security configurations and users
Credentials usage and age
Risk identification based on threat analytics
DDoS Prevention as a Service
Protection against L3/L4 attacks
Web Application Firewall (WAF)
Protection of internet-facing customer applications  
CASB-based security monitoring performs OCI resource activity configuration checks, IAM user behavior analysis and IP reputation analysis.
Oracle CASB monitors security of OCI deployments through a combination of pre-defined OCI-specific security controls and policies, customer-configurable security controls and policies, and advanced security analytics using machine learning for detecting anomalies. Following are the different types of security monitoring done by Oracle CASB,
Security misconfiguration of OCI resources: Oracle CASB monitors configurations of OCI compute , virtual networks, and storage, based on OCI security best-practices. An example is alerting on OCI Object Storage buckets made public.
Monitoring of credentials, roles and privileges: OCI Identity and Access Management (IAM) security policies assign various privileges (inspect, read, use, manage) to IAM groups. Oracle CASB monitors OCI IAM users and groups for excessive privileges, and changes to administrator groups. OCI IAM credentials (console password, API keys) authenticate IAM users, and CASB monitors these credential usage and age. Any deviations from the acceptable standards can result in alerts.
User behavior analysis (UBA) for anomalous user actions: User logins and access patterns are analyzed to establish expected behavior, and deviations from this expected baseline are detected with advanced analytics such as machine-learning (ML) algorithms. UBA generates risk scores for events, and customers have options to configure security alerts based on risk score thresholds.
Risk events from threat analytics: Oracle CASB is integrated with third-party threat intel feeds, and uses them to analyze accesses to customer OCI tenancies, in order to detect security threats such as accesses to OCI resources from suspicious IPs, anomalous pattern of IP addresses used etc.  
See Oracle Genius Bar for CASB Demo
Confidential – Oracle Internal/Restricted/Highly Restricted

22. Verifiably Secure Infrastructure
Why is Oracle Cloud Infrastructure Gaining the Trust of Customer Security Teams? 1
Customer Isolation
A world-class security team
Foundational core and edge security capabilities built around 7 pillars
Deeper customer isolation
Easy to use IAM policies
Geographic security compartmentalization
Secure access to APIs via asymmetric keys 2
Data Encryption 3
Security Controls
Which security benefits would get Oracle customer from OCI?
- Forty years of proven expertise in enterprise software security
- A world-class security team with a strong background in security engineering and research
- Strong security capabilities in multiple OCI services as discussed on the slide 4
Visibility 5
Secure Hybrid Cloud 6
High Availability 7
Verifiably Secure Infrastructure
Confidential – Oracle Internal/Restricted/Highly Restricted

23. Oracle Cloud Infrastructure Security Collateral
Security White Paper
GDPR White Paper
Security Best Practices Guide
Infrastructure Services Documentation
Confidential – Oracle Internal/Restricted/Highly Restricted

24. cloud. oracle. com/iaas cloud. oracle. com/tryit cloud. oracle
cloud.oracle.com/iaas cloud.oracle.com/tryit cloud.oracle.com/jumpstart Visit Oracle Cloud Infrastructure Genius Bar #OCI-A01
Thanks for your time, and I hope you learned more about how you can partner with us to transform your business.
If you want to get hands on, please try one of our hour-long hands on labs here!
We’re also happy to answer any questions in the innovation showcase
Finally, to try many of the solutions I talked about, for free, visit cloud.oracle.com/jumpstart
Thank you again!