The section will detail the process of approaching Zero Trust security with oracle cloud infrastructure. Also, what are the following advantages if you do it?
What Is Zero Trust Security With Oracle Cloud Infrastructure?
Zero Trust security is a concept that is based on the principle of least privilege. It means that each component of the cloud infrastructure is granted only the minimum access. To other components as needed for their function.
Additionally, a component should not have more access than necessary to maintain its function.
In general, it looks like this:
How To Approach Zero Trust Security With Oracle Cloud Infrastructure?
The process of approaching zero-trust security with oracle cloud infrastructure will be outlined below.
1. Enable SaaS Firewall By Default.
According to the zero-trust security principle, each component in the cloud infrastructure must have only the minimum access. To other components as needed for their function.
So, if you want to approach zero trust with your oracle cloud infrastructure. You can enable the SaaS firewall by default and utilize it with your environment.
This will increase zero trust security a little bit but also, you can use it with your non-zero trust environment too.
It will be good to have it enabled by default if you are not familiar with how zero trust works. Or don’t know how to do it properly.
Furthermore, if you want to use your firewall for your application in Oracle Cloud Infrastructure. Then you can disable it at all and use only the oracle provided firewall for your application and data center.
2. Restrict Access To Services Using Network Security Groups (NSGs).
According to the principle of least privilege, a component should not have more access than necessary to maintain its function. So if we want to follow this principle with our Oracle Cloud Infrastructure environment.
Then we should restrict access. Especially, to services using network security groups (NSGs).
For example, we want to put a web server into some subnet and restrict access only from certain IP addresses.
So that only one or two IP addresses would be allowed. Which a web server can be accessed from the outside world.
This is also one case where a SaaS firewall could help us. By providing IP address filtering out of the box without any configuration from us. But this will not help if you are using only Oracle networking.
Especially in cases when we need different rules for external and internal traffic. So using NSGs would be a better option for this case.
3. Create Separate Security Groups For Each Environment
In most cases, the zero-trust security approach will be the same for all environments. The difference will be only in the number of environments you have in your Oracle Cloud Infrastructure environment.
For example, if you have only one environment then it would not be a good idea to create separate security groups for each environment. But if you have more than one environment, then it would be a good idea to do this.
Especially if you have different security rules for different environments. Because in this case, you need to maintain the same rules for all environments.