News, news analysis, and commentary on the latest trends in cybersecurity technology.
Oracle Enables MFA by Default on Oracle CloudOracle Enables MFA by Default on Oracle Cloud
Mandatory multifactor authentication is just the latest in Oracle's commitment to have security built-in by default into Oracle Cloud Infrastructure.
November 3, 2023
Oracle now requires multifactor authentication (MFA) on all instances within its cloud environment, Oracle Cloud Infrastructure (OCI).
Every new tenancy is created with MFA enabled by default for cloud administrators, Oracle said. The company also "seeded" all preexisting systems to have a default Oracle Cloud Console policy to enforce the use of MFA.
Oracle provides a number of tools to give cloud administrators the ability to manage configuration and access control policies to create security policies, share data, and grant administrative rights. For example, all instances on OCI are created as private by default, which reduces the likelihood of a data breach where sensitive data was accidentally stored in a public storage bucket. The cloud administrator has to use the OCI identity and access management (IAM) service to deliberately make the OCI instance public. OCI IAM is also used to enforce zero-trust policies and principles of least privilege. Security zones can be used to enforce a policy of "no public buckets," so that no one can accidentally change an instance from being private to public.
Cloud administrators should also use Oracle Cloud Guard to monitor configuration policies and to detect and alert teams on changes to buckets and access policies, Oracle said.
"The benefits of MFA are so impactful that we've decided to implement it by default across all OCI tenants," Oracle said.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023