Security Architecture

Protect your organization's assets with a security architecture that prevents misconfiguration errors and implements mandatory security best practices.

We recommend that you understand the foundations of security at Oracle Cloud Infrastructure, and use this approach as a model when you develop your organization's own guiding principles for security. Oracle Cloud Infrastructure's security approach is based on seven core pillars. Each pillar has multiple solutions designed to maximize the security and compliance of the platform.

Oracle Cloud Infrastructure Security Pillar Description Example Solutions
Customer isolation

Deploy applications and data assets in an environment that commits full isolation from other tenants and Oracle's staff.

In the context of the Cloud Adoption Framework, your organization's enterprise architecture should define how to isolate application data and resources.

  • Bare metal and virtual machine (VM) instances
  • Virtual cloud networks (VCNs)
  • Oracle Cloud Infrastructure Identity and Access Management (IAM)
  • Compartments
Data encryption Protect data at-rest and in-transit in a way that lets you meet your security and compliance requirements.
  • Default encryption for storage
  • Oracle Cloud Infrastructure Vault service
  • Database encryption
Security controls Reduce risks associated with malicious and accidental user actions by managing access to services and segregating operational responsibilities.
  • User authentication and authorization
  • Instance principals
  • Network security control
  • Oracle Cloud Infrastructure Web Application Firewall (WAF)
Visibility Reduce security and operational risks by auditing and monitoring actions through comprehensive log data and security analytics.
  • Audit logs
  • Cloud access security broker (CASB) based monitoring and enforcement
Secure hybrid cloud Use existing security assets, such as user accounts, policies, and third-party security solutions, when accessing cloud resources and securing data and application assets.
  • Identity federation
  • Third-party security solutions
  • Site-to-Site VPN
  • FastConnect
High availability Ensure consistent uptime for workloads with fault-tolerant data centers that are resilient against network attacks.
  • Availability domains and fault domains
  • Service level agreements (SLAs)
Verifiably secure infrastructure Use verifiably secure infrastructure that implements rigorous processes and security controls in all phases of development and operation.
  • Security operations
  • Compliance certification and attestation
  • Customer penetration and vulnerability testing