Everyone knows that the cloud is the future. But organizations still contemplating whether to store their sensitive data in the cloud might be excused for wondering whether their information will remain safe.
There is no shortage of news about public cloud data breaches nowadays as a worsening threat landscape continues to test the resolve of security practitioners.
Meanwhile, public cloud security involves new considerations for organizations that have traditionally relied upon on-premises security – not the least being a "shared responsibility" model, which defines a division of security responsibilities between cloud vendors and their customers.
At first blush, all that might sound daunting. But with the right cloud security, migrating your data and applications doesn’t need to turn into the Wild West. In partnership with Oracle, Symantec is delivering key components of its Integrated Cyber Defense Platform, optimized for Oracle Cloud, to help customers shift from on premises to the cloud. (Symantec also delivers security for other leading public cloud providers.)
We spoke recently with Simon Moran, Symantec’s Vice President of Cloud Security, to learn more.
Q. Why does public cloud security require special expertise?
A. Public cloud security is different from on-premises security because public cloud instances are componentized, preconfigured, and template based. They’re also dynamic, mobile, orchestrated, and automated. The public cloud model isn’t set up to support extensive configuration efforts and long tuning cycles, two hallmarks of traditional on-premises security. Also, public cloud architecture isn’t structured for retrofitted on-premises security systems. The cloud needs cloud security.
Q. What should organizations be aware of regarding cloud security?
A. Most public cloud security risks originate from components managed by the enterprise. Knowing where the lines of responsibility lie is critical. Cloud service providers are responsible for the security of the cloud. With Infrastructure as a Service deployments, organizations are responsible for the security of their data, platform, identity and access management, operating systems, antivirus and antimalware solutions, hardening of the systems, and so on. In other words, Oracle is responsible for securing the cloud itself, while customers are responsible for securing their data and workloads in the cloud. That’s where Symantec can help. Symantec protects applications and instances—the subscriber-controlled components in Oracle Cloud.
Q. How does Symantec help customers maximize the Oracle Cloud platform?
A. Symantec helps protect an enterprise’s Oracle Cloud Infrastructure platform so that they can securely migrate legacy on-premises applications to the Oracle Cloud, deploy new cloud-native applications and services, and leverage elastic capacity to meet spikes in demand. Our deep understanding of what makes the public cloud unique is key to our ability to fully protect the Oracle Cloud Infrastructure platform. Moving to the cloud is a journey— not a one-time event—so companies need a well-formulated hybrid security approach. When organizations use Symantec products in their move to the cloud, companies feel secure, knowing that we give them the same level of security that they enjoy today on premises, which is a critical consideration because public cloud deployments have a much larger attack vector.
Q. How can customers add Symantec’s security products to their Oracle Cloud deployments?
A. Symantec offers organizations everything they need to secure their Oracle Cloud Infrastructure. And they can consume our products in whichever method works best for them, whether that’s as a Bring Your Own License model or an “as-a-service” model. Our cloud security solutions also deliver capabilities such as infrastructure hardening and protection] and management of confidential data, business-aware security and risk visibility, industry leading malware and threat detection, and endpoint protection.
Q. How are Symantec and Oracle working together on cloud security?
A. We are working closely together to construct an architecture that helps customers ensure that their cloud infrastructure will always be secure. Bringing together the endpoints and the Oracle Cloud Infrastructure platform will transform cloud security for business applications. The advanced security services and monitoring capabilities of this next-generation environment will ensure complete protection from the user’s workstation to the cloud application.