1 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Oracle Cloud Service Security and Technology Aykut Celik
Applications Technologist
Slide 2
2 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Safe Harbor Statement The following is intended to outline our
general product direction. It is intended for information purposes
only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and
should not be relied upon in making purchasing decisions. The
development, release, and timing of any features or functionality
described for Oracles products remains at the sole discretion of
Oracle.
Slide 3
3 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Oracle Cloud Service Momentum In less than three years 13 Data
Centers 38,000 Square Feet >10,000 Customers >21 Million
Users >19 Billion Txns/Day >1000 servers 1000s of VMs 19 PB
of Storage
Slide 4
4 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Technologies Services Governance Strategy Information Cloud
Security Strength in Depth Governance Secure Web Gateways End User
Security Security Information and Event Management (SIEM) Endpoint
Disk and Tape Encryption Multi-Factor Authentication for
Administrators Segregated Networks Power Broker for Privileged
Management Security Configuration Monitoring using EM Web
Application Firewall Option Transparent Data Encryption Option
Oracle Cloud Service Application Security Controls Security
Services Security Technologies Periodic Vulnerability Assessments
Automated Compliance Testing Real-time Security Event Correlation
& Monitoring Auditing and Self-Assessment Business Continuity
Planning & Testing Regulatory Compliance (SOX, PCI, HIPAA,
Federal) Governance, Risk & Compliance Documentation Security
Strategy Security Technical Design Reviews Security Technical
Assessments Secure Configuration
Slide 5
5 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Operating the Cloud Data Center & Security
Slide 6
6 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Oracle Public Cloud Data Centers 99.999% Availability Power &
HVAC State of the Art Facilities, Gen 4 Best in Class SLO, RPO, and
RTO Defense in Depth Security & Compliance 15,000 Global
Support Personal, 27 Languages EMEA Operating Region. Primary and
Secondary Data Centers Located within WE
Slide 7
7 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Data Centers Chicago Austin London Linlithgow Amsterdam Sydney
Singapore Japan 99.999% Availability Power & HVAC State of the
Art Facilities Best in Class SLA, RPO, and RTO Defense in Depth
Security & Compliance Ashburn 15,000 Global Support Personal,
27 Languages
Slide 8
8 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
High security rated data centers Access cards required and
inventoried nightly Multiple security zones & Man Traps
Biometric scanners 24 X 7 video surveillance Self-sustaining for 72
hours Personnel screening w/ formal onboarding and offboarding
Physical Data Center Security
Slide 9
9 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Monitoring, Alerting, Notifications Bozeman NOC Bozeman NOC
Reading NOC Reading NOC Bangalore NOC Bangalore NOC Oracle 24x7
Follow the Sun Monitoring & Support
Slide 10
10 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Oracle Cloud Operations Organization 500+ Dedicated IT Staff
supporting Oracle Cloud 7x24 Operations Nerve Center staff in a
follow the sun configuration Dedicated Security & Compliance
management staff Functional experts and architects in all key
support roles Application support Platform technologies (Middleware
& DB) Infrastructure support and system administration Network
administration: switches, firewalls, load balancers Facilities
& project management 100% of activities performed by Oracle
employees
Slide 11
11 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Security Certification Formal Change Management Secure Connection
(SSL/VPN) Oracle Access Management Network Security & Intrusion
Detection Segregated solution architecture Backup and Disaster
Recovery Malware protection 24x7 system monitoring Logical Data
Center Security
Slide 12
12 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Application Security Access Control SSO Enabled Built on Oracle
Identity Mgmt Database Security Separation of duties Activity
logging Application Security Role Based Access PII protection
Defense in depth
Slide 13
13 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Operating the Cloud Maintenance, Patching, Upgrade
Slide 14
14 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Operations Environments 1 Staging 1 Production Back up
Continual incremental back up Daily Snap shot Twice weekly archive
to tape and offsite storage
Slide 15
15 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Certifications Regulatory Compliance SOC 1 certified
Additional certifications upon request Additional services Advanced
Data Security Segregation of duties (DBA) Encryption of data at
rest* VPN Access Additional environments
Slide 16
16 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Performance 24x7 automated monitoring Intrusion Detection and
remediation IP Filtering/White listing Performance infrastructure
Load balancers Transaction Accelerators Cloud Management Oracle
Enterprise Manager Customer Cloud Portal
Slide 17
17 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Customer Cloud Portal
Slide 18
18 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Architecture Shared Resources Hardware/Storage/Network
Identity Management Cloud Monitoring Environments Data isolation
Application isolation Data import/export Application Clusters
Virtualization Layer Hardware Layer Storage Grid Enterprise
Management Database Clusters Identity & Access Management
Tenant 3 Tenant 2 Tenant 1 Tenant 3 Tenant 2 Tenant 1 Shared Cloud
ResourceVirtual Cloud Tenant Resource
Slide 19
19 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Architecture Virtual Multi-Tenancy
Slide 20
20 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Data Encryption File Encryption Contents can be encrypted as
created Oracle Wallet key management Personally Identifiable
Information Data in Motion Data at Rest
Slide 21
21 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Upgrade Process Customer scheduled upgrades when requested Current
and previous releases supported Upgrade Process Customer requests
upgrade Oracle updates staging environment Customer performs
acceptance testing Customer notifies Oracle when to upgrade
production Oracle upgrades customer production environment
Slide 22
22 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Operating the Cloud Support Processes and Policies
Slide 23
23 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Cloud Security Practices and Policy Documents All documents are
available on Oracle.com/Contracts Select Oracle Cloud
ServicesOracle Cloud Services Review cloud specific documents as
listed. Direct questions regarding cloud policies to the global
business practices team for guidance ORACLE CLOUD HOSTING AND
DELIVERY POLICIES Oracle Cloud-SaaS Hosting and Delivery Policies
(PDF)Oracle Cloud-SaaS Hosting and Delivery Policies Oracle
Cloud-SaaS Enterprise Hosting and Delivery Policies (PDF)Oracle
Cloud-SaaS Enterprise Hosting and Delivery Policies DATA PROCESSING
SERVICE AGREEMENT Data Processing Agreement (PDF)Data Processing
Agreement ORACLE CLOUD SERVICES DESCRIPTIONS Service
Descriptions
Slide 24
24 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Oracle Cloud Services Policies Off-Boarding Off-boarding - To
enable customers to obtain their data from their hosted SaaS
environments following service contract termination Full Data file
is available up to 60 days after contract termination Back up and
Recovery Full backups are written to disk daily and copied to tape
everyday; backup tapes are sent to offsite facility once a week and
retained at an offsite facility for five weeks 1 Hour Recovery
Point Objective 12 Hour Recover Time Objective Refreshes Refresh
non-production environment with data from production environment
Schedule performed once with each release Based on customer request
through SR process(opt-in model) Support Traditional customer
support through Oracle Support Level 2 & up OPC services
include Premier Support with Guaranteed First Response Time for
level 1 issues Availability Up to 1 week provisioning process
Ability to log in and access service All Customers = 99.5% uptime
Environment Upgrades Oracle will perform upgrades to the Customer
environments as new services versions become available. Environment
Upgrades are scheduled every quarter System Maintenance A 3-hour
window will be used for all critical/emergency patches and bug
fixes (change mgt policy says qtr, SLO policy says monthly) every
two weeks. Targeted to occur during the statistically lightest
utilization period for the deployment region. The service is
unavailable during maintenance Environments Exadata/Exalogic
servers 2 Environments - Production & Staging Additional
environments at a fee Additional storage at a fee Cloud Hosting and
Delivery policies are available at
oracle.com/contractsoracle.com/contracts
Slide 25
25 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle My
Oracle Support Support.Oracle.com Service Request Management
Priority Handling Knowledge Base Health Checks & Risk Analysis
Patch Advice & Upgrade Advisors Configuration Management
Automated Service Requests Web 2.0 Capabilities Oracle Expert
Community Peer Community 140K+ Members Personalized Dashboard
Community Knowledge Seamless Enterprise Manager Integration 24/7
Technical Support 24/7 Online Resources My Oracle Support Community
Lifetime Support Product Support Alerts Software Update Tools
Security Resources Oracle Explorer Data Collector Embedded
Diagnostic Tools Performance Enhancements Feature Enhancements New
Releases Security Patches Bug Fixes Integrated Patch Sets
Integrated Software (such as Firmware) Updates
Slide 26
26 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Additional Options
Slide 27
27 Copyright 2014 | Oracle and/or its affiliates. All rights
reserved. | CONFIDENTIAL Not for Distribution Outside of Oracle
Additional Options Additional environments Single Sign On (SAML2)
IP Whitelisting Encryption at Rest Database Audit Vault (Fusion
Applications only) Database Firewall (Fusion Applications
only)