November 3, 2023 at 08:41AM
Oracle now requires multifactor authentication (MFA) for all instances in its cloud environment, Oracle Cloud Infrastructure. New tenancies have MFA enabled by default for cloud administrators, and preexisting systems have a default policy to enforce MFA. Oracle provides tools for managing configuration and access control policies, including the ability to create security policies, share data, and grant administrative rights. Instances on OCI are created as private by default to reduce the risk of data breaches, and OCI Identity and Access Management service is used to control public access. Oracle recommends using Oracle Cloud Guard to monitor configuration policies and detect any changes to buckets and access policies. MFA is implemented across all OCI tenants to maximize its benefits.
According to the meeting notes, Oracle now requires multifactor authentication (MFA) for all instances within its cloud environment, Oracle Cloud Infrastructure (OCI). Every new tenancy is created with MFA enabled by default for cloud administrators. Additionally, Oracle “seeded” all preexisting systems to have a default Oracle Cloud Console policy to enforce the use of MFA.
Oracle provides tools for cloud administrators to manage configuration and access control policies, create security policies, share data, and grant administrative rights. For example, all instances on OCI are created as private by default to reduce the risk of a data breach. Cloud administrators need to use the OCI Identity and Access Management (IAM) service in order to deliberately make an OCI instance public. OCI IAM is also used to enforce zero trust policies and the principle of least privilege.
To further enhance security, Oracle recommends using Security Zones to enforce a policy of “no public buckets,” ensuring that instances cannot be accidentally changed from being private to public. Oracle Cloud Guard can be used by cloud administrators to monitor configuration policies and detect and alert teams on changes to buckets and access policies.
According to Oracle, the benefits of MFA are significant, which is why it has been implemented by default across all OCI tenants.