Analyst: Ron Westfall
Publication Date: September 17, 2024
Document #: MCNRW202409
At Oracle Cloud World 2024 (OCW24), Oracle Cloud Infrastructure (OCI) introduced OCI Zero Trust Packet Routing (ZPR). OCI ZPR is built to decouple network configuration from network security to help prevent data breaches that result from human error.
What Is Covered in This Article:
- Oracle prioritizes strengthening the cloud security posture of organizations by separating network security from network architecture.
- OCI ZPR’s policy language simplifies the creation of rules that define which resources can communicate with each other.
- Oracle’s position in the enterprise market by offering more secure, multi-cloud capabilities.
Oracle Introduces OCI Zero Trust Packet Routing into the Network Fabric of OCI
The News: Oracle announced the availability of Oracle Cloud Infrastructure Zero Trust Packet Routing (ZPR) which is built into the network fabric of Oracle Cloud Infrastructure (OCI). This solution is developed to help curtail any unauthorized access to data by separating network security from the underlying architecture.
OCW24: Oracle Unveils OCI ZPR to Simplify Cloud Security
Analyst Take: Oracle is advocating a new approach to cloud security that focuses on building ecosystem-wide support of ZPR technology, which can ensure the network does not allow any data to move through the network without explicit permission. Based on the 2023 initiative to develop a new open standard with Applied Invention and other organizations, OCI ZPR can enable organizations to set security attributes on resources and write natural language policies that limit network traffic based on the resources and data services accessed.
Consequently, organizations can protect themselves from one of the most frequent causes of security breaches—network misconfigurations. In my opinion, OCI can claim to be the first cloud provider to implement ZPR into its platform.
OCI ZPR’s policy language simplifies the creation of rules that define which resources can communicate with each other. OCI ZPR policies use metadata to reference the specific data resources being accessed and their associated security attributes. Policies restrict access so that only a designated originator, such as a compute instance, can access a specific data resource. If an authorized request tries to access the resource through any other path, the request will be denied. As such, even though unprotected databases with easily guessable credentials can be compromised within minutes, a single line of OCI ZPR policy can effectively prevent such exposure.
OCI ZPR Directly Addresses Topmost Cloud Security Pain Points
I find that ZPR is directly addressing security real pain points for enterprises and organizations. By proposing to decouple security policies from the complexities of network configurations, OCI can provide a breakthrough in network security that enables Chief Information Security Officer (CISO) decision makers at enterprises and organizations to enforce security policies comprehensively across users and systems. This allows security teams to create policies that are enforced directly at the network layer.
Implementing security with a traditional network architecture is a time-consuming process because of the extensive complexity involved in securing and auditing numerous network configuration points. The responsibility for implementing security policies has shifted to network teams, whose primary objectives of achieving low latency and high availability often conflict with security goals.
OCI ZPR is positioned to significantly simplify operations, enabling network administrators to maintain a flat network while allowing security teams to effectively safeguard resources as intended. It can simplify audit and compliance processes by implementing clear, intent-based policies and security attributes for resources.
To understand access requirements, auditors need to review subnets, classless inter-domain routing (CIDR) blocks, routing tables, security groups, network ACLs, rules based on IP, port, and protocol, as well as firewall rules that define ingress and egress restrictions. OCI ZPR simplifies the process of determining which hosts and services can communicate with each other. As a result, auditors can become confident that security policies will be enforced on all properly labeled resources, even if the network configuration changes.
OCI ZPR at the Beginning of Cloud Security Ecosystem Journey
While there is cause for early stage enthusiasm, there is a journey ahead. While ZPR has the potential to create an identity-aware network security layer with the proposed ZPRnet namesake, the technology is a work in progress.
Oracle and its ZPR creator partner, Applied Invention, need to enlist a critical mass of cloud supply chain partners to support ZPR. Above all, they need the solid backing of an established standards organization, i.e., the Internet Engineering Task Force (IETF), to give it the standards-backing imprimatur to spur broader consideration and adoption.
Overall, it is a logical solution to the major problem of making security policy management and enforcement simpler. If Oracle manages to secure wider ecosystem support and backing, I believe their solution will be significantly less complex compared to current methods. By implementing policies based on the authenticated identity and attributes of both the data and the communicators, ZPR can be established as a virtual network overlay on top of IP.
Facilitating adoption and simplifying implementation, enterprises can integrate ZPR using standard IP on both software and hardware without needing any modifications to their existing applications and networks. I believe that will prove a key differentiator for OCI. The open-source reference approach validates Oracle’s commitment to make ZPR influential on an ecosystem-wide basis.
Fulfilling Enterprise Security Priorities
Oracle has long been the backbone of data management for large enterprises, especially those in regulated industries such as finance, healthcare, and telecommunications. Its robust database technologies, such as the Autonomous Database and Exadata, are trusted by enterprises that require high levels of security, performance, and reliability.
The ability to potentially run OCI ZPR on multiple clouds provides enterprises with greater flexibility, allowing them to avoid vendor lock-in while continuing to benefit from Oracle’s technology. In a world where resilience and redundancy are becoming increasingly important, the OCI ZPR approach ensures that enterprises can operate their most critical workloads across different cloud environments, reducing risk and improving operational efficiency.
Looking Ahead: OCI ZPR Aligning with the Era of Multi-Cloud Operations
As enterprises increasingly adopt hybrid multi-cloud strategies, the ability to securely integrate services across cloud providers will become a key competitive differentiator. OCI ZPR not only supports the value of cross-cloud collaboration but also addresses long-standing pain points such as ensuring secure data movement.
For enterprises, this means greater flexibility, lower costs, and enhanced opportunities for innovation. By safeguarding multi-cloud operations and data management, OCI is paving the way for a future where cloud platforms are truly interoperable, delivering the full benefits of the cloud without the limitations that have traditionally held businesses back.
As the cloud market continues to evolve, the OCI ZPR proposition can usher in a turning point in the journey toward a fully secure, hybrid multi-cloud world. The days of isolated, siloed cloud environments and associated complex security implementations are behind us, and the future of enterprise IT looks more secure, efficient, and dynamic than ever before.
See the complete Oracle press release on the Oracle site.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Oracle Q1 FY2025 Results: OCI and AI Drive Growth in Industry-Specific Solutions
Oracle and Google Cloud Finally Tie the Interconnect Knot
Oracle Database 23ai: Taking Enterprise AI to the Next Level
Author Information
Ron is an experienced, customer-focused research expert and analyst, with over 20 years of experience in the digital and IT transformation markets, working with businesses to drive consistent revenue and sales growth.
He is a recognized authority at tracking the evolution of and identifying the key disruptive trends within the service enablement ecosystem, including a wide range of topics across software and services, infrastructure, 5G communications, Internet of Things (IoT), Artificial Intelligence (AI), analytics, security, cloud computing, revenue management, and regulatory issues.
Prior to his work with The Futurum Group, Ron worked with GlobalData Technology creating syndicated and custom research across a wide variety of technical fields. His work with Current Analysis focused on the broadband and service provider infrastructure markets.
Ron holds a Master of Arts in Public Policy from University of Nevada — Las Vegas and a Bachelor of Arts in political science/government from William and Mary.