Oracle is expanding its security portfolio and helping more partners achieve Oracle Partner Network Specialisations in Security and Systems Management Cloud Services.
The Oracle Identity SOC (Security Operations Center) portfolio is built around announcements first unveiled at Oracle OpenWorld 2017. It is to be backed by new partner programmes such as the Identity SOC Security Network and integration to security products from other vendors.
According to Rohit Gupta, group vice president, Cloud Security, Oracle: “Built on our advanced artificial intelligence and automation technologies, Oracle Identity SOC portfolio now offers cloud-native identity governance combined with adaptive security designed to protect our customer’s cloud and digital services.
“In addition to strengthening internal security monitoring, Oracle’s comprehensive cross-stack threat detection capabilities provide broad threat detection range, less noise from false positives and a high level of accuracy in detecting and remediating threats against the enterprise’s most important IT asset–its data.“
What is Oracle focusing on?
Oracle is claiming to be the first to offer a cloud-native identity governance service for hybrid cloud environments. It is integrated into its cloud applications and is intended to appeal to customers who want greater trust in cloud applications. This includes its SaaS application portfolio, the Oracle Identity SOC portfolio and the Oracle Management Cloud.
Integrating the new security solution across all its cloud solutions makes sense. It removes the risk of a security disconnect between products. It also makes it easier for customers to buy into and deploy it across their cloud portfolio. More importantly for both the company and its key enterprise customers, it removes any reason to deploy another vendors solutions.
A new feature that will appeal to customers with complex hybrid environment is the Oracle Configuration and Compliance Cloud Service. This looks at how certain applications are configured across the entire customer IT estate. It then applies machine learning to discover those that do not meet compliance requirements and remediates them. It will be interesting to see how many customers use the automatic remediation option here. Most are likely to run it in report mode initially. This is to make sure that any changes do not make an application unusable or unstable.
New partner programmes aimed at providing greater knowledge and support
There are several new partner programmes. The Oracle SOC Security Network will be available through the Oracle Cloud Marketplace. It is to deliver integration with security products such as firewalls, threat intelligence and endpoint security. These are areas where it is not going to build its own solutions. As such it needs to deliver integration with third-party products.
What is not clear is whether it will actually build any of these itself or if it expects companies selling those products to do their own integration. Looking through the Oracle Technology Network there didn’t seem to be any specific guidance on the development of integration components with its security solutions. There was also no indication of much stricter or tougher testing. This is disappointing.
Oracle is also going to increase its efforts to help its partners achieve qualifications in security products and cloud services.
What does this mean?
Security and especially identity management is finally becoming core to vendors as well as customers. Oracle knows that customers want a secure cloud to operate in. Secure means more than just Oracle protecting the data. It has to help its customers who will have multiple cloud environments and applications to manage. The fact that it has built a lot of this new solution around its Cloud Access Security Broker (CASB) product shows it realises that.
There are still questions to be answered. How much will the company do to ensure its products are properly integrated into the leading security solutions? At the moment it appears to be putting the onus on those other vendors. However, vendors such as IBM and Microsoft with whom it competes, also have large, complex and comprehensive security solutions. If it wants customers to use the solutions it has developed rather than competitor solutions it will need to do some integration work itself.
