This image illustrates the shared security responsibility model.

• You are responsible for security in the cloud.
  • Customer data: Manage user credentials and other account information.
  • Account access management, and application management: Guard against insecure user access behavior, implement strong IAM policies, and take care of patching your applications.
  • Network and firewall configuration: Use security rules and routing rules.
  • Client-side encryption: Use the Vault service to manage keys.
• Oracle is responsible for security of the cloud. We protect the hardware, software, networking, and facilities that run Oracle Cloud services.