copyright © 2015 oracle and/or its affiliates. all rights...
TRANSCRIPT
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 1
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
2 Oracle Confidential – Internal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Agenda
1. World Class Scale and Ranking
2. Security
1. People, Processes, and Technologies
3. Customer examples
4. Summary
5. Resources
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Security: The Cloud Enabler
48%
Oracle Public
of organizations already believe moving from traditional on-premises to a public cloud could provide better security overall
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
World Class Scale Oracle Company Statistics
• US $37 Billion total GAAP revenue in FY 2016
• 420,000 customers
• 310,000 Oracle Database customers
• 120,000 Oracle Fusion Middleware customers
• 110,000 Oracle Applications customers
• 6,000 engineered systems customers
• More than 25,000 partners worldwide
• More than 135,000 employees, including:
• 40,000 developers and engineers
• 16,000 support personnel
• 18,000 consulting experts
• More than 3.1 million students supported annually in 110 countries
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle Cloud
Oracle has been in the cloud business since 1998 with Oracle On-Demand
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
World Class Scale Oracle Cloud Growth (YoY%)
Oracle Confidential – Internal/Restricted/Highly Restricted 7
95% 100% 150%
354 398
449 487
706 723 735
913
0
100
200
300
400
500
600
700
800
900
1000
Total Storage (PB)
23209 30656 31570
39818
54011
64275 72611
78386
0
10000
20000
30000
40000
50000
60000
70000
80000
90000
Virtual Machines
15000
20000
25000
30000
35000
40000
45000
50000
55000
60000
Q3
FY1
3
Q4
FY1
3
Q1
FY1
4
Q2
FY1
4
Q3
FY1
4
Q4
FY1
4
Q1
FY1
5
Q2
FY1
5
Q3
FY1
5
Q4
FY1
5
Q1
FY1
6
Q2
FY1
6
Q3
FY1
6
Tenants (End of Quarter)
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
27M+ Weekly Active Cloud Users
83,000+ VMs in
20+ Global Data Centers
– Carrier Neutral, Enterprise Class
45+ Billion Transactions per Day
Cloud Customers in
190+ Countries 35 Languages
56,000+ Cloud Enterprise Tenants
1,600+ Cloud Operations Professionals
8
1,075+ PB Total Storage Under Mgmt
$5.5 Billion Annual Research and Development Spend
24 x 7 Tier I Support Global IT Operations Team
World Class Scale Oracle Cloud Statistics
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Gartner Magic Quadrant Ranking Oracle APaaS Cloud Service • Strong Vision • Seamless Transition to Cloud • Complete Cloud Stack • PaaS for SaaS • Support for Hybrid Cloud
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Gartner Magic Quadrant Oracle IPaaS Cloud Service • More than 250 Customers in < 1 Year • First appearance in GMQ and already
ahead of MS, SAP, IBM and 10 others • Oracle rated among highest for support
and overall satisfaction
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle PaaS Uptime Calendar – CY Q2/2016
11
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Build, deploy, manage and protect enterprise, world-class datacenters and Oracle facilities worldwide
Technology
Deploy and manage industry leading solutions across Oracle cloud
Process
Deploy and enforce stringent processes and controls across cloud and infrastructure operations
People
Hire the best talent and train them on Oracle’s operational, development, and security practices
Oracle Public 12
Oracle – Trust and Operational Excellence Part of Oracle’s DNA
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Physical
Physical
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 13
People
• 1600+ cloud operations professionals
• 16,000 support personnel
• 18,000 consulting experts
• 40,000 developers and engineers
• Follow Oracle Secure Coding Standards
• 1,700 security Point of Contacts for tactical implementation of OSSA
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Global Nerve Centers & Staffing
• 24 x 7 Tier I Support • Global IT Operations Team
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 15
Process
• Oracle Security Oversight Committee
• Chaired by Safra Katz, CEO/CFO
• IT and Cloud Operations
• Oracle Software Security Assurance
• Secure Coding Standards
• Vulnerability handling
• Define and drive open standards:
• SCIM, Oauth, Oasis KMIP, etc.
• IT-ISAC member
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
People
Technology
Physical
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle Public 16
Visibility Governance Transparency
Overall Cloud Security Objectives
Comprehensive
Enterprise-wide
3rd Party audit reports
Over 100 reports
Per month
Security incidents
Auditing procedures
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Oracle Public Cloud - Security Oversight and Governance
Oracle Confidential – Internal/Restricted/Highly Restricted 17
CORPORATE SECURITY
BUSINESS AUDIT AND ASSESSMENT
SOFTWARE SECURITY ASSURANCE
IT INDUSTRY INFORMATION SHARING AND ANALYSIS CENTER (IT-ISAC) MEMBER
SECURE DATA CENTERS
CORPORATE SECURITY SOLUTIONS ASSURANCE PROCESS (CSSAP)
Comprehensive Policy, Process, Monitoring and Enforcement!
PLATFORM HARDENING AND CONFIGURATION MONITORING
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Part of the Service Subscription
Security and Data Privacy
• 3rd party testing is conducted on every major release of each cloud service
• 3rd party reports provided to customers
• Over hundred distributed each month
• Daily “blackbox” Scanning
18
Vulnerability Assessments
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Security Operations : Incident Response
• Dedicated Cloud Security Teams Provide: – Detection
– Mitigation
– Forensics
– Notification
• Incident Response Efforts Coordinated With: – Global Information Security
– Global Product Security
– Privacy & Security Legal
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 20
Technology
• Security Cloud Services for identity, development, analytics, compliance and data protection
• Secure layers of defense across SaaS, PaaS, and IaaS
• Encryption, redaction and masking of data in prod and nonprod
• Privileged user controls on both Oracle and customer administrators
• And more…
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
SaaS PaaS IaaS
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Operational Excellence Mission Critical Cloud Computing
• Mission Critical Service Delivery – IT requirements designed in and consumable by customers
• Defense in Depth Cloud Security – Not dependent on a single security tactic or approach
• Full Stack Ownership – Full control of design, performance, and delivery
• Comprehensive Regulatory Compliance Controls – Highest common denominator approach to consistent delivery
Integrated Scalable Secure
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Comprehensive Security Controls for the Cloud
Oracle Public
PHYSICAL ACCESS (IT STAFF)
INTRUSION DETECTION
MOBILE SECURITY
Segregation of duties
Data masking
Encryption and redaction
SIEM Network security
Infrastructure Monitoring
Biometric scanner
Video surveillance
Man traps
Access card Security zones
Secure identity
Application management
Content management
CUSTOMER ACCESS AND AUTHENTICATION
LOGICAL ACCESS (IT STAFF)
GOVERNANCE AND AUDITING
Antivirus/anti-spam
Personal firewalls
VPN + 2 factor auth
Desktop encryption
IP Address filtering
IPSec VPN
TLS for HTTP, FTP encrypt
Daily scans Patch and versioning
Access reviews
Daily app code scans
DATA ACCESS OIDC/OAuth SAML
IPSec VPN Site2Site (Corente)
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Oracle Public 23
Security Cloud Services: Enabling Faster and More Secure Cloud Adoption
Identity Cloud Service
Compliance Cloud Service
Security Monitoring & Analytics Cloud Service
Hybrid Data Security Protection: Database Security
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
API Platform Cloud Service
More to come
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Oracle Public 24
Identity Cloud Service
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Hybrid Identity Manage user identities for both cloud and on-premises applications with enterprise-grade hybrid deployments Open and Standards-based Rapidly integrate cloud and on-premises applications using a 100% open and standards-based solution Secure Defense In-depth Gain layers of defense with identity hosted as an Oracle Public Cloud (OPC) service and integrated with
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 25
Physical
• 19 Tier 3+ enterprise grade datacenters worldwide
• Multiple physical layers of defense including access controls
• Access cards, biometrics, man-traps, secure zones
• Surveillance and alerts for physical entry and disaster recovery/HA
Oracle Public Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 26
Operational Excellence Oracle Cloud Data Centers
Local Data Residency
• 19 “strategic” Oracle Cloud data centers
• Emphasis on Carrier Neutral facilities to achieve best possible peering and participate in local network exchange
• Primary metro regions are multi-vendor campuses with fiber inter-connects
• Contracting usage based model, specifically variable metered power
• State of the Art • 99.999% availability • ISO certified
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Cloud Security Alliance – “Treacherous 12” ORACLE CLOUD
SECURITY
Data Breaches
Insufficient Identity, Credential, and Access Management
Insecure Interfaces or APIs
System Vulnerabilities
Account or Service Hijacking
Malicious Insiders
Data Loss
Insufficient Due Diligence
Abuse of Cloud Services
Denial of Service
Advanced Persistent Threats
Shared Technology Vulnerabilities
Confidential – Oracle Public 27
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Deployment Options and Security
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
OPC – Security Deployment Options SaaS
• Data Encryption at Rest • Included for most services offered • Oracle manages keys
• Break Glass • Subscriber has control over who, when, how access to their data is allowed • All such access is audited and reports made available for review • Three entitlement types
• Support Team • DBA • App and Mid-Tier admin
Database Vault Datasheet Security Agenda Benefits
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
OPC – Security Deployment Options PaaS-DBCS (Requires High Performance or Extreme Service)
• Database Vault • Protects against insider threat by preventing privileged users [Oracle Cloud Ops DBAs] from accessing your private
applications data using Oracle Database Vault Realms and pre-built Protection Policies. • Helps mitigate risk in addressing regulatory compliance requirements • Database Vault Reports (attempted violations, vault policy reports) • Subscriber controls access for support personnel
• Transparent Data Encryption (TDE) and Data Redaction • Tablespaces are encrypted by default • Subscriber manages the keys • Data Redaction removes sensitive fields at presentation time
• Data Masking Cloud to Cloud • Transform sensitive data for non-production and reporting activities • (On premise to cloud requires on premise license)
• Label Security • Label-based “Mandatory Access Control” solution
Database Vault Datasheet Security Agenda Benefits
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
OPC – Security Deployment Options IaaS/Compute
• Bring your own license (BYOL) – DBVault, Transparent Data Encryption, etc • Storage Cloud Service – can encrypt data being stored as object using Java library
• If TDE not appropriate, such as using IaaS but not using Oracle database
• Subscriber manages encryption keys
Database Vault Datasheet Security Agenda Benefits
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 32
Customer Examples
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 33
One Optimized View End to end insight from field to factory.
Shift from manufacturing to digital and IoT. Operating efficiency–200 ERPs down to 40.
Solution Cloud PaaS & Cloud ERP
Digitally Connect Securely ingest machine-grade data at scale and analyzes it to
deliver outcomes–fast
Predictive Maintenance IoT automating and improving processes, logistics
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 34
Customer Experience South Australia based organization.
Allow customers to manage medication refills, prescription history, notifications
Solution Mobile Cloud
Scale and Performance Mobile solution to serve +300,000 members
Secure Integration to on-premises applications and other Oracle and non-
Oracle SaaS applications
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 35
Mobile Wallet Payment for New Business Venture in 4 months
• Java Cloud Service to quickly deploy “mWallet” payment system for customers across Gulf region
• Delivering mobile and PoS capability to small businesses
• Predicting tripling of market uptake in 12 months • 24x7 availability with multi-DC deployment • 25% better performance in Oracle Cloud than On-
Premise • 50% lower cost of operation in Oracle Cloud than
on-premise
50% less IT budget required for mWallet
project deployment and updates.
3000 Txn/min Based on initial customer uptake, with 300% growth
expected year on year
Live Since Q1FY16
Elbooq
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Security is Critical to Oracle’s Cloud Platform
36
Oracle Cloud is Protected by Oracle’s Security Solutions Security in the Foundation
• Data and API Protection
• Account Management
• Single Sign-On
• Access Control
• Audit and Reporting
Software as a Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (IaaS)
Oracle
Clo
ud
Secu
rity
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Built in
security controls
at every layer
Comprehensive
security for
the cloud
Trust and
Operational
Excellence
Integrated Cloud Platform
CLOUD
Consistent
across hybrid
deployments
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
Resources
• Cloud Security Whitepaper – https://cloud.oracle.com/en_US/compute?lmResID=1385171309534&resolvetemplat
efordevice=true&tabID=1383678920245
• Oracle Software Security Assurance Process – http://www.oracle.com/us/support/assurance/overview/index.html
38