Oracle announced it is participating in an industry-wide initiative to design a new open standard for network and data security that will help organizations better protect their data in distributed IT environments. Under this new initiative, Oracle will collaborate with Applied Invention, other major technology providers, and other leading organizations from across industries, including Nomura Research Institute, Ltd. (NRI), a leading global provider of consulting services and system solutions. This new standard will enable networks to collectively enforce shared security policies, enhancing the security architecture organizations already use without changing existing applications and networks. To support this new initiative, Oracle plans to release the Oracle Zero-Trust Packet Routing Platform based on the new standard that will help organizations prevent unauthorized access or use of their data without adding extra hurdles for legitimate activities.
“Over the last 20 years, the cybersecurity industry has produced many incremental changes, but we need a fundamentally new approach to protect our data in the increasingly complex cloud era. Organizations need a way to describe their data security policies in one place where they be can easily understood and audited, and they need a way to ensure those policies are enforced across their entire computing infrastructure, including their clouds,” said Mahesh Thiagarajan, executive vice president, Security and Developer Platforms, Oracle Cloud Infrastructure. “To meet this need, Oracle is working with Applied Invention and other technology leaders to launch an effort to create an open, Zero-Trust Packet Routing (ZPR) standard. This will be developed and governed by an industry consortium with Oracle’s participation. We invite collaboration from across the entire technology industry, because broad adoption and interoperability will create a stronger and more consistent data protection for everyone.”
Oracle and Applied Invention are helping create and promote a new network and data-centric security standard that will address these challenges. It will enable organizations to protect their data throughout its entire lifecycle without changing the underlying architecture that includes their distributed cloud environments. To achieve this, the standard will use an intent-based security policy that humans can read, audit, and understand. This intent will be enforced at the network layer, with all traffic containing authenticated attributes about the sender, receiver, and type of data in motion. The network uses these attributes to constrain where that data can move. Technology providers and users that implement or interoperate with the standard will be able to use the devices of their network to help track and block threats to their data wherever it is stored, creating a unified layer of security. As a result, it will be more difficult to exploit many common security vulnerabilities created by coordinating and configuring large numbers of devices and security mechanisms. For example, if an authorized user of an application attempts to export data to another environment where it is at risk for misuse, the policy could detect the violation of security intent, block data movement, and create an alert on the incident.
SOURCE: Prnewswire