News, news analysis, and commentary on the latest trends in cybersecurity technology.
Oracle Enables MFA by Default on Oracle Cloud
Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.
Oracle now requires multifactor authentication (MFA) on all instances within its cloud environment, Oracle Cloud Infrastructure (OCI).
Every new tenancy is created with MFA enabled by default for cloud administrators, Oracle said. The company also "seeded" all preexisting systems to have a default Oracle Cloud Console policy to enforce the use of MFA.
Oracle provides a number of tools to give cloud administrators the ability to manage configuration and access control policies to create security policies, share data, and grant administrative rights. For example, all instances on OCI are created as private by default, which reduces the likelihood of a data breach where sensitive data was accidentally stored in a public storage bucket. The cloud administrator has to use the OCI identity and access management (IAM) service to deliberately make the OCI instance public. OCI IAM is also used to enforce zero-trust policies and principles of least privilege. Security zones can be used to enforce a policy of "no public buckets," so that no one can accidentally change an instance from being private to public.
Cloud administrators should also use Oracle Cloud Guard to monitor configuration policies and to detect and alert teams on changes to buckets and access policies, Oracle said.
"The benefits of MFA are so impactful that we've decided to implement it by default across all OCI tenants," Oracle said.
About the Author(s)
You May Also Like
Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024