31. Security Introduction - Oracle Cloud Infrastructure Foundations - video Dailymotion

Psycho Killer

Watch 31. Security Introduction - Oracle Cloud Infrastructure Foundations - Psycho Killer on Dailymotion

Transcript

00:00welcome to this module on oci security let's start with an introduction

00:07so in security you always hear this term called shared security model what does this actually

00:17mean well in an on-premises environment you own the whole stack and you are responsible for

00:24security end-to-end as you move to the cloud some of the responsibilities transfer to the

00:29cloud provider in this case oracle and some are retained by you so that is what we mean by a

00:35shared security model what does it look like in the cloud well in the cloud oracle cloud infrastructure

00:41is responsible for security of the cloud which means things like the physical data center the

00:48physical network the physical host even virtualized virtualization layer making sure it's passed and

00:54it's up to date all those are responsibilities of oracle so that's basically the security of the

01:00cloud you're responsible for security in the cloud what does that mean well that means you are

01:06responsible for the data you're responsible for the endpoints devices mobile or or or pcs or your

01:12servers of your pcs which are accessing them and you are responsible for account and access management

01:19so uh identities and access management and there are some other things you are responsible for

01:24like if you are using operating systems you need to make sure they are patched and kept up to date so

01:29this is the the model in the cloud some responsibilities shift to the cloud provider some responsibilities

01:34are still retained by you so let us look at the oci security portfolio available currently with

01:42available currently in oci i have put in this slide the use cases and the services so you really

01:50understand not just the services but you also understand the context in which they operate

01:55in oci security is built in using the defense in depth methodology meaning security is built in at various

02:03layers of the stack so a good way to represent this is break down these services by use cases and then

02:11list the oci security services that are available for each use case so let's start at the very bottom

02:19with the infrastructure protection and here you can see there are several services which are listed

02:27because this is an introduction lesson i am just going to go through these quickly and cover couple of

02:34them at each layer so the first one here is a service called web application firewall it protects

02:41applications from malicious and unwanted internet traffic it can help mitigate layer 7 ddos attacks and

02:48then there is also a service which is called network firewall and that monitors your network for

02:54malicious activity and it can help with intrusion detection and prevention so this layer is all about

03:02infrastructure protection the layer on top of this is around identity and access management and it

03:09primarily deals with your users who have access to your systems who are the users and then what kind

03:15of level of access do they have what kind of permissions do they have to your systems then we also have

03:23services like multi-factor authentication and mfa or multi-factor authentication is a method of

03:31authentication that requires the use of more than one factor to verify a user's identity and then there are a

03:40few other services at this layer the next layer up is around operating system and workload protection so like

03:49previous layers this layer also has many services let me quickly touch on couple of them shielded instances

03:57you see there they are kind of a virtual machine that offer additional security for customers who

04:03need to meet strict compliance and security requirements so for example one of the features

04:09in shielded instances is secure boot and what it does is when a vm starts up it only uses trusted software

04:18due to that secure boot so that's one feature which is there and there are several other features

04:23then we have something like dedicated vm host which is a bare metal machine single tenant dedicated to

04:30you where you can run your vms and then we have a service like os management which monitors and

04:37manages updates and patches not just for a single machine but literally could be thousands of machines

04:44so at scale so this layer is all about operating system and workload protection then the next layer up

04:50is around data protection this is super critical the first two components you see here are related to

04:56a service which is called vault this service helps you centrally manage the encryption keys that protect

05:04your data and the secret credentials like passwords that you use to access resources now we also have a

05:11service called certificates which lets you create and manage certificate authorities also referred to as

05:19CAs and certificates themselves so this layer all about is about the services that help

05:25meet the use cases for data protection finally we have this layer which is called detection and remediation

05:34it is also referred to as cloud security posture management the whole idea is to improve

05:40an organization's security posture so the services here are continuously monitoring your environment

05:47and if they notice any kind of misconfiguration or user activities or operator activities it can notify

05:53you it can actually also automatically remediate the problem so the first service listed there you see

06:00cloud guard is a service which does that it does cloud security posture management then there's also a

06:06service called security zones and think about this as the way it works is you designate your compartments as

06:14secure zones and these comply with oracle security policies so and you can define these policies like

06:21you cannot have public access resources cannot have public access encryption is required etc and the resources

06:28you define in these security zones actually will comply with these security policies so in a nutshell

06:34this is a very high level overview of security services but i hope that this gives you a good overview of how

06:40these security services are categorized based on the use cases and how it is implemented in this defense

06:47in depth mechanism where you have security built in at different layers of the stack so uh how does

06:54this all operate as you can see in this graphic here um you have uh an environment where you have some

07:01virtual networks and you are using various security services whether it's vulnerability scanning whether it's uh

07:08auditing whether it's bastion service uh or the vault or the identity access management uh service so again

07:16we'll in the next subsequent lesson we'll get into many of these services in detail uh but just keep in mind

07:21we have a very broad and extensive set of security services so just to recap in the cloud when you move to

07:28the cloud it basically you you get this shared security model uh and you you are responsible for some of the

07:36security uh aspects and the cloud provider takes care of the other aspects and then uh security is not

07:43just one service or an add-on there's a whole extensive set of services available in different layers of

07:49the stack we went through went over some of those next lessons we will look into some of these in greater

07:55details i i hope you found this lesson useful thanks for watching

31. Security Introduction - Oracle Cloud Infrastructure Foundations

Category

Transcript

Be the first to comment

Recommended