Oracle announced the availability of Oracle Cloud Infrastructure Zero Trust Packet Routing which is built into the network fabric of Oracle Cloud Infrastructure (OCI). This helps to curtail any unauthorised access to data by separating network security from the underlying architecture. Based on the 2023 initiative to develop a new open standard with Applied Invention and other organisations, OCI Zero Trust Packet Routing enables organisations to set security attributes on resources and write natural language policies that limit network traffic based on the resources and data services accessed. As a result, organisations can safeguard themselves from one of the most common causes of compromise—network misconfigurations. OCI is the first cloud provider to implement Zero Trust Packet Routing (ZPR) into its platform.
“As public clouds emerged, enterprises had the opportunity to redefine how they address network security,” said Philip Bues, senior research manager, cloud security, IDC. “However, they carried over most of the same concepts that tightly coupled security and network configuration. A single mistake in a highly complex cloud network can result in exposure. OCI Zero Trust Packet Routing enables organisations to decouple network configuration from security, helping to eliminate the effects of human network configuration errors. This new standard driven by Oracle flips this all too often checkbox item on its head to provide an innovative solution for organisations that simplifies compliance efforts, reduces the burden on security teams, and ultimately strengthens security.”
“Traditional security tools try to protect sensitive data by blocking access, but history shows it is almost impossible to anticipate all the ways a hacker might attempt to infiltrate a network,” said Danny Hillis, co-founder, Applied Invention. “With Zero Trust Packet Routing, the network does not allow any data to move through the network without explicit permission. Organisations using Oracle Cloud Infrastructure can now take advantage of this to better safeguard their data. Oracle is the first to offer this new level of security, and we’re hopeful other cloud platforms will follow.”
The new ZPR standard was needed as an organisation’s network architecture changes each time an application is launched, a new instance is scaled up, or additional database servers are added. Using a traditional network architecture-based security approach is time-consuming due to the sheer complexity of securing and auditing the configuration points. In addition, responsibility is transferred to network teams to implement security requirements, which can result in human error.
OCI Zero Trust Packet Routing helps address these challenges by separating network security from network architecture and enabling organisations to write security policies to enforce security intent at the network layer. This means traffic not explicitly allowed by policy will be restricted at the network level. As a result, organisations can:
⦁ Improve security posture: Security teams can restrict access to sensitive data to a specific path, such as request origination host, network segment, or target data service. This helps reduce the attack surface area and safeguard against data exfiltration based on compromised credentials alone.
⦁ Streamline compliance: Security teams can quickly and easily prove to auditors that the necessary security controls are in place to meet compliance requirements by limiting access to a single, authorised path with natural language policies.
⦁ Simplify security management: Security teams can restrict access to sensitive data based on security attributes. Once a security attribute is set on data, security controls are automatically enforced based on the policies in place. This minimises the need to deploy network-layer security rules based on characteristics such as IP addresses and ports.
“Though cloud network security has evolved over the last two decades, organisations are still increasingly vulnerable to unauthorised access and exfiltration of sensitive data due to security controls heavily reliant on user credentials,” said Jae Evans, global chief information officer and executive vice president, Oracle. “OCI Zero Trust Packet Routing enables organizations to set security attributes on specific resources and then blocks traffic to those resources at the network level, making data security easier to understand, manage, and audit. It changes the paradigm of security in the cloud to protect organisations from malicious actors and the business-altering consequences of data breaches.”