So far, I have discussed generic concepts, IAM, Networking and Key Management pertaining to OCI Gen-2 Cloud. In this part I am going to discuss the Edge Security Service that is available in Oracle Cloud Infrastructure OCI Gen-2 Cloud. OCI Edge Dyn Security services protect Applications and APIs in the multi-cloud environments.Continue reading “Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part V (Edge Security Services)”
So far, I have discussed generic security concepts, IAM and Networking pertains to OCI Gen-2 Cloud. In this part I am going to discuss the Key Management Service that is available in Oracle Cloud Infrastructure OCI Gen-2 Cloud.
Oracle Cloud Infrastructure Key Management Service OCI KMS is a managed service that provides you with centralized management of the encryption of your data. KMS can be used to create master encryption keys and data encryption keys. KMS helps to rotate keys to generate new cryptographic material, enable or disable keys for use in cryptographic operations, assign keys to resources, and use keys for encryption and decryption.Continue reading “Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part IV (Key Management)”
In my previous blog posts, I have discussed the generic security concepts and Identity and Access Management in OCI. This part of the series discusses OCI Networking Service. Its concepts and best practices for securing networks in OCI.
High-throughput and reliable networking is fundamental to public-cloud infrastructure that delivers compute and storage services at scale. As a result, Oracle has invested significant innovation in Oracle Cloud Infrastructure networking to support requirements of enterprise customers and their workloads. Oracle Cloud Infrastructure regions have been built with a state-of-the-art, non-blocking Clos network that is not over-subscribed and provides customers with a predictable, high-bandwidth, low latency network. The data centers in a region are networked to be highly available and have low-latency connectivity between them.
In this post, I will go into depth on the components that make up the networking layer, and the security rules which can be applied to them.
In my previous blog post Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part I , I have discussed the seven pillars of information security upon which Oracle Cloud Infrastructure OCI (Oracle Gen-2 Cloud) is built. The cloud shared security and responsibility model was discussed along with the concepts such as Regions, Availability Domains and Fault Domains. This part discusses the Identity and Access Management for OCI. It provides authentication and authorisation for all the OCI resources and services.
An enterprise can use single tenancy shared by various business units, teams, and individuals while maintaining the necessary security, isolation, and governance, and this post will go into the concepts involved in this.Continue reading “Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part II (Identity and Access Management)”
Previously, I have discussed Oracle’s overall information security portfolio in blog entry – Oracle Information Security – Where it begins, Where it ends. It was pertaining to information security in Oracle Cloud Infrastructure – Classic and On-Premises suite of products including Identity and Access Management and Database Security.
In a series of five blog posts, I am going to cover the security concepts in Oracle Cloud Infrastructure (aka OCI or Oracle Gen-2 Cloud). The Oracle Cloud Infrastructure (OCI) is a trusted enterprise cloud platform that offers customers deep control with unmatched security. It provides Oracle customers with effective and manageable security to confidently run their mission-critical workloads and store their data.Continue reading “Oracle Cloud Infrastructure OCI Gen-2 Cloud Security – Part I”
AD Delegated Authentication is a way to synchronise user passwords between an on-premises Microsoft Active Directory enterprise directory structure and Oracle Identity Cloud Service (IDCS). Users can use their AD passwords to sign in to IDCS to access resources and applications protected by Oracle IDCS. We will use Office365 as one of the target applications. Oracle IDCS can provision user into Office365 and keep users synchronised.
The following diagram 1 depicts the scenario:
Diagram 1: Logical architecture of scenario
Oracle Identity Cloud Service (IDCS) protects Oracle IaaS, PaaS, SaaS and On-Premises applications. Oracle IDCS provides federated single-sign on experience to its clients. It follows open standards such as SAML 2.0, OAuth 2.0 and OpenID Connect 1.0. In the federation model, Oracle IDCS can either act as an Identity Provider (IdP) or a Service Provider (SP) or both.
Oracle IDCS has a built-in feature that provides multiple social identity providers such as Google, Facebook, LinkedIn and Twitter. It uses underlying OAuth 2.0 protocol to interact with the Social Identity providers. This article presents how to configure IDCS to allow for Social Logins. Let me explain this concept with the sequence diagram below: