Oracle Cloud Compliance and Security
Oracle’s mission is to build cloud infrastructure and platform services where Oracle customers can have effective and manageable security to run their important workloads. Oracle’s cloud security approach is based on seven core pillars. Each pillar has multiple components with the goal to improve security and compliance with certain standards applicable to the platform.
Customer Isolation: Allow customers to deploy their application and data assets in an environment that is based on isolation from other tenants.
Data Encryption: Provide controls that can protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements with respect to cryptographic algorithms and key management.
Security Controls: Offer customers effective and easy-to-use security management controls that allow them to manage access to their services and segregate operational responsibilities to help reduce risk associated with malicious and accidental user actions.
Visibility: Offer customers comprehensive log data that they can use to audit and monitor actions on their resources, to allow them to meet their audit requirements and help them reduce security and operational risk.
Hybrid Cloud: Enable customers to use their existing security assets, such as user accounts and policies, as well as third-party security solutions when accessing their cloud resources and securing their data and application assets in the cloud.
High Availability: Offer fault-tolerant data centers that enable high availability scale-out architectures and are resilient against network attacks, to provide consistent uptime in the face of disaster and security attack.
Verifiably Secure Infrastructure: Follow rigorous processes and security controls in all phases of cloud service development and operation. Demonstrate adherence to Oracle’s security standards through third-party audits, certifications, and attestations. Help customers demonstrate compliance readiness to internal security and compliance teams, their customers, auditors, and regulators.