Oracle's Security Responsibilities
Security in the cloud is a shared responsibility between you and Oracle. In general, Oracle provides security of cloud infrastructure and operations, such as cloud operator access controls and infrastructure security patching.
Oracle is responsible for the following security requirements. Except where noted, these points are not covered in further detail in this guide.
Area | Details |
---|---|
Physical security |
Oracle is responsible for protecting the global infrastructure that runs all services offered in Oracle Cloud Infrastructure. This infrastructure consists of the hardware, software, networking, and facilities that run Oracle Cloud Infrastructure services. |
Security patching |
Oracle conducts security patching monthly to ensure that Oracle Cloud Infrastructure services have up-to-date security patches. |
Network security |
|
Data that you provide |
Oracle Integration protects and encrypts all data received by using Oracle-managed keys. |
Security and vulnerability scanning |
Oracle performs security and vulnerability scanning using the Oracle Vulnerability Scanning service. Additionally, a process is available if your organization wants to run a vulnerability scan. See Oracle Cloud Security Testing Policies in the Oracle Cloud Infrastructure Documentation. |
Compliance |
Oracle Integration has reached compliance for SOC 1, SOC 2, ISO 27001, PCI DSS, and HIPAA. Certification details are available upon request, with some requiring an NDA Master Agreement with Oracle. For publicly available information, see Oracle Cloud Compliance. |
Data encryption |
|
Data durability |
Oracle takes regular backups of your data. Oracle recommends that each organization perform their own backup, as well. See Data Visibility. |
Service tenancy durability |
Oracle is responsible for the retention of the data in the activity stream. Oracle retains the data for the time period specified by your Oracle Integration edition. See Oracle Integration Editions in Provisioning and Administering Oracle Integration 3. Your organization determines the level of data that is included in the activity stream as well as the retention period. For details, see Data Visibility. |
Process isolation and data isolation |
Oracle isolates data by service instance. Each service instance stores its data individually. |