Oracle unveils zero trust packet routing for enhanced security
Oracle has introduced Oracle Cloud Infrastructure Zero Trust Packet Routing, incorporated within the network fabric of Oracle Cloud Infrastructure (OCI). This new feature aims to mitigate unauthorized data access by decoupling network security from the underlying architecture.
This initiative is a part of Oracle's collaboration with Applied Invention and other organisations to establish a new open standard in 2023. OCI Zero Trust Packet Routing enables organisations to define security attributes on resources and create natural language policies that control network traffic based on the accessed resources and data services. Consequently, organisations can protect themselves from network misconfigurations, which are among the most frequent causes of security breaches. OCI is the first cloud provider to implement Zero Trust Packet Routing into its platform.
Philip Bues, Senior Research Manager of Cloud Security at IDC, commented, "As public clouds emerged, enterprises had the opportunity to redefine how they address network security. However, they carried over most of the same concepts that tightly coupled security and network configuration. A single mistake in a highly complex cloud network can result in exposure. OCI Zero Trust Packet Routing enables organisations to decouple network configuration from security, helping to eliminate the effects of human network configuration errors. This new standard driven by Oracle flips this all too often checkbox item on its head to provide an innovative solution for organisations that simplifies compliance efforts, reduces the burden on security teams, and ultimately strengthens security."
Danny Hillis, Co-founder of Applied Invention, added, "Traditional security tools try to protect sensitive data by blocking access, but history shows it is almost impossible to anticipate all the ways a hacker might attempt to infiltrate a network. With Zero Trust Packet Routing, the network does not allow any data to move through the network without explicit permission. Organisations using Oracle Cloud Infrastructure can now take advantage of this to better safeguard their data. Oracle is the first to offer this new level of security, and we're hopeful other cloud platforms will follow."
The ZPR standard addresses the ongoing changes in an organisation's network architecture each time a new application is launched, an instance is scaled up, or additional database servers are added. Traditional network architecture-based security approaches can be time-consuming and complex due to the numerous configuration points that need securing and auditing. The responsibility often falls on the network teams, increasing the likelihood of human error.
OCI Zero Trust Packet Routing aims to resolve these challenges by isolating network security from network architecture. Organisations can write security policies to enforce security intent at the network layer, ensuring that any traffic not explicitly permitted by policy is restricted at the network level.
This separation allows organisations to enhance their security posture by limiting access to sensitive data to a specific path such as the request origination host, network segment, or target data service. This limitation helps reduce the attack surface area and prevent data exfiltration based on compromised credentials.
The implementation of natural language policies also streamlines compliance, enabling security teams to demonstrate to auditors that the necessary security controls are in place. By restricting access to a single authorised path, these policies simplify proving compliance.
Furthermore, the approach simplifies security management by applying security controls based on security attributes. Once set, these attributes automatically enforce the security controls, reducing the need for network-layer security rules based on characteristics such as IP addresses and ports.
Jae Evans, Global Chief Information Officer and Executive Vice President at Oracle, said, "Though cloud network security has evolved over the last two decades, organisations are still increasingly vulnerable to unauthorized access and exfiltration of sensitive data due to security controls heavily reliant on user credentials. OCI Zero Trust Packet Routing enables organisations to set security attributes on specific resources and then blocks traffic to those resources at the network level, making data security easier to understand, manage, and audit. It changes the paradigm of security in the cloud to protect organisations from malicious actors and the business-altering consequences of data breaches."