Welcome to this module on OCI security. Let's start with an introduction. Insecurity, you always hear this term called shared security model. What does this actually mean? Well, in an on-premises environment, you own the whole stack and you are responsible for security end-to-end. As you move to the Cloud, some of the responsibility is transferred to the Cloud provider in this case Oracle, and some are detained by u, so that is what we mean by a shared security model. What does it look like in the Cloud? Well, in the Cloud, Oracle Cloud Infrastructure is responsible for security of the Cloud, which means things like the physical datacenter, the physical network, the physical host, even virtualization layer, making sure it's past and it's up-to-date. All those are responsibilities of Oracle, so that's basically the security of the Cloud. You're responsible for security in the Cloud. What does that mean? Well, that means you are responsible for the data, you are responsible for the endpoints, devices, mobile or PC, or your servers of your PCs which are accessing them and you are responsible for account and identities and access management and there are some other things you are responsible for. Like if you're using operating systems, you need to make sure they are patched and kept up to date, so this is the model in the Cloud, some responsibility shift to the Cloud provider. Some responsibilities are still retained by you. Let us look at the OCI security portfolio available currently in OCI. I have put in this slide the use cases and the services, so you really understand not just the services, but you also understand the context in which they operate. The first layer, this builds on layered approach and it also good because it shows you that the security follows defense in depth, meaning you have security in different layers of the stack. It's security is not just an add-on, it's not just something that you access separately. It's defense in depth. It is available at different layers of the stack. The first thing we start with is infrastructure protection and this basically we have several services for DDoS, Web Application, Firewall, etc, which helps with infrastructure protection. DDoS can be categorized into layer 7, layer 3 and 4, and we have services for each of the layers. The WAF helps with some of the layer 7 DDoS protection and layer 3 and layer 4 DDos protection is turned on by default. Then, moving beyond that, you need to protect the operating system and workload protection. We have several capabilities to help there, I have a service call, OS management, which helps with automating patches and simplifying package deployment. We have bare metal servers, or you could have dedicated host, which you could isolate in a single tenant model, etc. Then on top of that, we have these set of services which provide you intelligence on security detection and also automatic remediation. Sometimes these are referred to as Cloud security posture management capabilities, CSPM and under this services, we have a whole lot of capabilities like Cloud guard and security zones, and we'll look into each of these in subsequent lessons. Data protection is as important as always. There are many services which you can leverage, including key management provided to a service called Walt. There's a service called data safe, which is available with our Cloud databases, etc. On top of that, and one thing to keep in mind here is encryption is always turned on by default in OCI and then on top of that, you have identity and access management, where you can manage authentication and authorization and also things like multi-factor authentication. This is our security lineup. The thing to keep in mind is all defense in depth. Security, as you can see here, is implemented at various layers of the stack. How does this all operate? As you can see in this graphic here, you have an environment where you have some virtual networks and you are using various security services. Whether it's vulnerability scanning, whether it's auditing, whether it's Bastion Service or the Walt or the identity access management service. Again in the next subsequent lesson, we'll get into many of these services in detail. But just keep in mind, we have a very broad and extensive set of security services. Just to recap, in the Cloud, when you move to the Cloud, basically, you get this shared security model and you are responsible for some of the security aspects and the Cloud provider takes care of the other aspects. Then security is not just one service or an add-on. There's a whole extensive set of services available in different layers of the stack. We went over some of those. Next lessons we will look into some of these in greater details. I hope you found this lesson useful. Thanks for watching.
