Get Started. It's Free
or sign up with your email address
OCI Security by Mind Map: OCI Security

1. Shared Security Model

1.1. on-premises

1.1.1. You manage security

1.1.1.1. Applications

1.1.1.2. Data

1.1.1.3. Runtime

1.1.1.4. Middleware

1.1.1.5. Operating System

1.1.1.6. Visrtualization

1.1.1.7. Server

1.1.1.8. Storage

1.1.1.9. Networking

1.2. OCI

1.2.1. you manage

1.2.1.1. Applications

1.2.1.2. Data

1.2.1.3. Runtime

1.2.1.4. Middleware

1.2.1.5. Operating System

1.2.1.6. Customer responsible for security in the cloud

1.2.1.6.1. Patching applications and OS

1.2.1.6.2. OS Configuration

1.2.1.6.3. IAM

1.2.1.6.4. Networking security(VCN)

1.2.1.6.5. Endpoint protection

1.2.1.6.6. Data classification

1.2.1.6.7. Compliance

1.2.2. Oracle manage

1.2.2.1. Visrtualization

1.2.2.2. Server

1.2.2.3. Storage

1.2.2.4. Networking

1.2.2.5. Oracle Responsible for security of the cloud

1.2.2.5.1. Physical security for the data center

1.2.2.5.2. Hardware

1.2.2.5.3. Software

1.2.2.5.4. Networking

2. Security services

2.1. Security Services

3. IAM

3.1. Use RBAC

3.2. Multi-factor Authentication(MFA)

3.2.1. Use of more than one factor to verify a user's identity

3.2.1.1. Eg

3.2.1.1.1. Use Password

3.2.1.1.2. Use Devices

3.3. Federation

3.3.1. Enterprise use an identity provider (IdP) manage login and password

3.3.2. Your administrator can federate with supported idp

3.3.2.1. Active directory(AD)

4. Data protection

4.1. Block Volume

4.1.1. Data encrypted at-rest

4.1.2. Data encrypted in-transit

4.1.3. BYOK

4.2. File Storage

4.2.1. Data encrypted at-rest

4.2.2. Data encrypted in-transit

4.2.3. BYOK

4.3. Object Storage

4.3.1. Data encrypted at-rest

4.3.2. BYOK

4.3.3. Private Buckets

4.3.4. Pre-authentications Request

4.4. Data Base

4.4.1. Transparent Data Encryption

4.4.2. Data Safe

4.4.2.1. Security Assessment

4.4.2.2. User Assessment

4.4.2.3. Data discovery

4.4.2.4. Data Masking

4.4.2.5. Activity Auditing

4.4.2.6. No extra cost to use

4.4.3. Data Vault

4.5. Key Managment

4.5.1. BYOK

4.5.2. Centralized key management capabilities

4.5.3. HA

4.5.4. Durable

4.5.5. Secure key Storage

4.5.6. Use

4.5.6.1. Hardware security modules(HSMs)

4.5.6.1.1. Is a physical computing device that safeguards digital keys

4.5.6.1.2. Provides crypto processing

4.5.6.2. FIPS 140-2

4.5.6.3. HSM hardware is tamper-evident

4.5.6.4. Delete keys from device when it detect tampering

4.5.7. Integration with select OCI Services

5. OS and workload isolation

5.1. Dedicated VM host

5.1.1. Security os Bare Metal

5.1.2. Single-tenant

5.1.3. Pay only dedicates VM Hosts

5.1.4. Control and Convenience

5.1.4.1. Control over placement across DVMs

5.1.4.2. Oracle Optimize it automatically

5.1.4.3. Oracle hypervisor and hadware

5.1.4.3.1. Manage

5.1.4.3.2. Monitor

5.2. OS Management Service

5.2.1. Execute and automates common and complex management

5.2.2. Packages Management

5.2.3. Configurations management

5.2.4. Security / compliance reporting

5.2.5. Enables live patching of critical components

5.2.6. Linux Kernel w/o downtime

5.2.7. Configured by default for Oracle Linux Instances in OCI

6. Infrastructure protection

6.1. Network protection

6.1.1. Gateways

6.1.2. Security List

6.2. OCI Web Application Firewall(WAF)