What is a Cloud Access Security Broker (CASB) solution?
Cloud Access Security Brokers (CASBs) address security gaps that may arise as a result of an organization’s transition to the cloud. CASB solutions enforce an organization’s access policies governing usage across the cloud stack (IaaS, PaaS and SaaS), thereby ensuring secure access to and usage of cloud resources by administrators and users. The traditional definition used by analysts for CASB focused mainly on enterprise SaaS applications. However, CASBs expands to cover security of the broader cloud stack, including IaaS. Oracle CASB Cloud Service is a pioneer in IaaS protection focusing on a heterogeneous multi-vendor SaaS, PaaS and IaaS strategy.
What is Oracle Cloud Access Security Broker (CASB) for Oracle Cloud Infrastructure (Oracle Cloud Infrastructure)?
Oracle CASB monitors the security of Oracle Cloud Infrastructure deployments through a combination of pre-defined Oracle Cloud Infrastructure-specific security controls and policies, customer-configurable security controls and policies, and advanced security analytics using machine learning for anomaly detection. Oracle CASB security functionality includes monitoring security configuration of Oracle Cloud Infrastructure resources, monitoring credentials and privileges, user behavior analysis (UBA) for anomalous user actions, and threat analytics for identifying risk events. For customers with heterogeneous multi-cloud deployments, Oracle CASB supports monitoring of other public clouds such as AWS, Azure, Office 365, Salesforce, and more.
Why do you need Oracle CASB for Oracle Cloud Infrastructure?
Customers use Oracle Cloud Infrastructure for their mission-critical workloads when security is an important consideration. Security of Oracle Cloud Infrastructure workloads follows the Shared Responsibility Model with onus on customers to securely configure Oracle Cloud Infrastructure services used by their applications, while Oracle is responsible for security of the underlying cloud infrastructure. In this context, the ability to monitor security configuration and use of their Oracle Cloud Infrastructure resources is an important requirement for customers. This includes monitoring changes to configurations, adherence to mandated security policies such as key rotation and password management policies, and detecting anomalous behavior and/or use of various resources. Oracle CASB offers automated security monitoring of Oracle Cloud Infrastructure resource configuration and usage, and alerting on deviations from security baseline, thereby helping customers maintain security of their Oracle Cloud Infrastructure applications.
What are the key value propositions of using Oracle CASB for Oracle Cloud Infrastructure?
Some of the key value drivers for using Oracle CASB for Oracle Cloud Infrastructure are:
- Rolling out applications faster and with a better security posture: Oracle CASB provides comprehensive Oracle Cloud Infrastructure security monitoring and integrates tightly with Oracle Cloud Infrastructure without the need for any agents or additional software components. Oracle acts as a full-stack cloud provider with single channel for customer security feedback and is able to swiftly deliver Oracle CASB functionality for the monitoring of Oracle Cloud Infrastructure resources.
- A single tool to provide comprehensive security visibility for Oracle Cloud Infrastructure: Oracle CASB provides visibility into all Oracle Cloud Infrastructure resources by gathering information across Oracle Cloud Infrastructure logs and configuration data. It provides out of the box policies and security controls that enable customers to enhance the security posture of their deployment right away. Oracle CASB is a stand-alone solution enabling the most comprehensive security monitoring of Oracle Cloud Infrastructure deployments.
- Higher productivity and lower total cost of ownership: Oracle CASB has pre-configured policies and controls for Oracle Cloud Infrastructure, so experts in each service such as Compute, Storage, Network and IAM can focus on higher value activities. In the absence of a tool such as Oracle CASB, customers would need to spend significant resources and effort to develop Oracle Cloud Infrastructure-specific security rules within their Security Information & Event Management (SIEM) tools, for monitoring their Oracle Cloud Infrastructure deployments.
What are some examples of Oracle CASB security monitoring of Oracle Cloud Infrastructure?
Oracle CASB has pre-defined Oracle Cloud Infrastructure-specific security and policy controls available out of the box. Below are examples of Oracle Cloud Infrastructure security monitoring provided by Oracle CASB.
- Monitoring configuration and use of resources in customer tenancies: Examples of Oracle Cloud Infrastructure resource security monitoring include public object storage buckets, overly broad source IP ranges (0.0.0.0/0) in Virtual Cloud Network (VCN) Security lists, allowing traffic on sensitive ports in VCN Security List, instantiating an VCN Internet gateway (IGW), TLS certificate expiration on Load Balancers, and deletion of storage resources (block storage volumes, object storage buckets, databases).
- Monitoring IAM users and credentials: Examples of IAM security monitoring include granting of administrator privileges to IAM groups, changing membership of administrators IAM group, age of IAM keys and passwords, IAM user password complexity, and MFA enablement status for IAM users.
- User behavior analytics (UBA): This allows detection of any anomalous IAM user behavior across Oracle Cloud Infrastructure services using machine learning techniques.
What kind of integrations does CASB have and how does that help Oracle Cloud Infrastructure?
Oracle CASB integrates with multiple other products, some of which are listed below.
- Cloud Solutions:
- Amazon Web Services
- G Suite
- Office 365
- Oracle Enterprise Resource Planning (ERP) Cloud
- Oracle Human Capital Management (HCM) Cloud
- Oracle Sales Cloud
- Azure Active Directory
- Ping Identity
- Oracle Identity Cloud Service
- IBM QRadar
- Firewall/Secure Web Gateway
- Check Point
- Palo Alto
- Data-Centric Audit and Protection (DCAP)/Data Loss Protection (DLP)
- Office 365 DLP
- IT Service Management
- Threat Intel
- Digital Element
- Custom feeds
- Integrated Compliance
How do I enable Oracle CASB to monitor Oracle Cloud Infrastructure?
To enable CASB monitoring of Oracle Cloud Infrastructure, create an Oracle Cloud Infrastructure application instance with Oracle CASB, and provision with API key credentials of a least-privilege IAM user authorized to get configuration information and audit logs from the Oracle Cloud Infrastructure tenancy. To register an Oracle Cloud Infrastructure application instance to monitor a customer tenancy, customers provide tenancy OCID, IAM user OCID, public key fingerprint of the IAM user API key, and private key of the IAM user API key.
How is Oracle CASB for Oracle Cloud Infrastructure priced?
Oracle CASB can be leveraged as part of the Universal Credit Model that Oracle provides for cloud services. By leveraging this model, you can turn on Oracle CASB and configure it to monitor Oracle Cloud Infrastructure, and available credits are automatically deducted from your account. See CASB Pricing for more information.
Where can I find further information on using Oracle CASB for Oracle Cloud Infrastructure?
Oracle CASB for Oracle Cloud Infrastructure documentation lists detailed instructions on enabling and using the product. See CASB Documentation.