Oracle Cloud Infrastructure (OCI) has gained five new security capabilities to further safeguard the public cloud platform from cyberattacks. However, the announcement did not mention any new Oracle partner developments on the enterprise MSSP front.
The new capabilities, which build on Oracle's existing Cloud Guard and Maximum Security Zones features, include:
1. OCI Network Firewall, which is a cloud-native, managed firewall service that is powered by Palo Alto Networks VM-Series Next-Generation Firewall technology (NGFW).
2. Oracle Threat Intelligence Service, which aggregates threat intelligence data across different sources and manages this data to "provide actionable guidance for threat detection and prevention in Oracle Cloud Guard and other OCI services," the company said.
3. Oracle Cloud Guard Threat Detector, which identifies misconfigured resources, insecure activity across customer environments, and potential malicious threat activities. This sounds a bit like cloud security posture management (CSPM) services that are common across Amazon Web Services, Google Cloud Platform and Microsoft Azure.
4. Oracle Security Zones, which also is similar to CSPM capabilities on other clouds. Oracle customers can create Security Zone policies and apply them to various cloud infrastructure types (e.g., network, compute, storage, database, etc.) to "ensure cloud resources stay secure and prevent security misconfigurations."
5. Oracle Cloud Guard Fusion Applications Detector is CSPM for Oracle Fusion Cloud Applications. It's available first for Oracle Fusion Cloud Human Capital Management and Oracle Fusion Cloud Enterprise Resource Planning. The company did not disclose when additional applications would be supported.
Oracle Cloud Security: MSP and MSSP Partnerships?
Oracle did not say if or how it would promote the five security services to third-party MSPs and MSSPs. The company's partner ecosystem includes mid-market and enterprise-class MSPs that help to optimize, monitor and manage Oracle applications on behalf of end-customers. Also, some MSSPs -- such as Onapsis -- specialize on Oracle platform and ERP application security.
In stark contrast, Oracle's public cloud rivals are actively building MSSP-centric partner programs. Examples include:
- Amazon Web Services (AWS) in August 2021 introduced the Level 1 MSSP Competency for AWS Partners as it tries to foster new partnerships with MSSPs and ISVs. AWS Partners can earn this competency to deliver AWS security and monitoring as a fully managed service.
- Google is building the Chronicle MSSP Partner Program.
- Microsoft continues to aggressively expand MISA — the Microsoft Intelligent Security Association. MISA is designed to drive software integrations and interactions between MSSPs and ISVs (independent software vendors) and Microsoft Azure Sentinel for cloud=based SIEM, among other areas of opportunity.