Vendor Report: Oracle Cloud Security - 70160

This document is an evaluation of Oracle’s platform for Cloud computing from an information security perspective. Oracle offers a comprehensive set of tools and technologies upon which to build Cloud services. These services which can be built range from IaaS (Infrastructure as a Service) using Oracle VM Server software and Sun hardware through to SaaS (Software as a Service) built upon the Oracle Database technology and Oracle Fusion Middleware. The Oracle platform is based on Oracle Exalogic Elastic Cloud hardware and Oracle Exadata Database Machine. The tools enable Cloud services to be built and configured in a way that meets the key challenges for information security in the Cloud. Oracle also offers “Oracle on Demand” which is a public Cloud service provider for Oracle applications, middleware and database. This service is not covered in this document.

Many organizations are moving towards a Cloud model for IT to optimize the procurement of IT ser-vices from both internal and external suppliers because the services are delivered through the Internet in a standard way. The Cloud is not a single model but covers a wide spectrum ranging from applications shared publicly between multiple tenants to virtual servers used by one customer and hosted internally. The information security risks associated with Cloud computing depend upon both the service model and the delivery model adopted. The common security concerns across this spectrum are ensuring the confidentiality, integrity and availability of the services and data delivered through the Cloud environment.