Oracle now requires multifactor authentication on all instances within its cloud environment, Oracle Cloud Infrastructure.
Every new tenancy is created with MFA enabled by default for cloud administrators, Oracle said. The company also “seeded” all preexisting systems to have a default Oracle Cloud Console policy to enforce the use of MFA.
Oracle provides a number of tools to give cloud administrators the ability to manage configuration and access control policies to create security policies, share data, and grant administrative rights. For example, all instances on OCI are created as private by default, which reduces the likelihood of a data breach where sensitive data was accidentally stored in a public storage bucket. The cloud administrator has to use the OCI Identity and Access Management service to deliberately make the OCI instance public. OCI IAM is also used to enforce zero trust policies and principle of least privilege. Security Zones can be used to enforce a policy of “no public buckets,” so that no one can accidentally change an instance from being private to public.
And cloud administrators should use Oracle Cloud Guard to monitor configuration policies and to detect and alert teams on changes to buckets and access policies, Oracle said.“The benefits of MFA are so impactful that we’ve decided to implement it by default across all OCI tenants,” Oracle said.
Source: www.darkreading.com