Case Studies Archive Search Case Studies

Customers Entrust Their Enterprise Applications and Data to Oracle Managed Cloud Services and F5

For more than 15 years, Oracle Managed Cloud Services has been providing Oracle customers with a viable alternative to hosting enterprise applications on premises. With F5 being an integral part of its cloud infrastructure, Oracle Managed Cloud Services can protect its customers’ enterprise applications and data from web-based vulnerabilities to comply with a broad range of regulatory mandates.

Business Challenges

IT organizations today are dealing with increasingly difficult challenges, among them, the need to meet complex security, privacy, and regulatory requirements; a shortage of skilled in-house experts; lack of time to manage complex environments; and the need to scale operations with limited IT budgets. Many organizations are opting to move to a managed cloud model, choosing to outsource enterprise applications rather than continue to manage them on premises. Oracle Managed Cloud Services has been providing this model for more than 15 years. Its primary mission is to give customers flexibility when it comes to their investment in Oracle enterprise applications such as Siebel CRM, PeopleSoft, Hyperion, Oracle E-Business Suite and many others—services that can be provided on the customer’s premises or at an Oracle or partner’s data center.

Oracle Managed Cloud Services serves hundreds of customers in 40 countries across 22 industry vertical markets, including banking and finance, insurance, biotech, pharmaceuticals, retail, and transportation. Within its twelve data centers worldwide, Oracle Managed Cloud Services processes more than 5.3 billion database transactions per hour. And with a staff of more than 3,300 Oracle network, database, application, and security experts, it provides the broadest range of cloud-based security offerings that comply with various government and industry-specific regulatory requirements.

Security had always been a high priority for Oracle Managed Cloud Services, and with the dramatic increase in cyber threats over the last few years, adopting a multi-layered approach to security was critical to its business. “To fully protect our customers’ enterprise applications and data, we needed to incorporate a web application firewall as part of our multi-layered defense strategy,” says Leonid Stavnitser, Senior Director of Managed Security Services for Oracle Managed Cloud Services. While a network firewall protects the network itself, a web application firewall, or WAF, protects web applications and servers from web-based attacks such as those that attempt to shut down a public-facing website, redirect a user to a malicious website, intercept and steal confidential data, or grant an attacker access to unauthorized systems.

Many enterprises are finding it increasingly expensive to provide multi-layered security controls on their own premises and, in fact, some are willing to compromise needed protection due to the high cost. Oracle Managed Cloud Services’ customers have the benefits of a strong security and compliance foundation available to all clients, as well as a broad portfolio of Managed Security Services to choose from to meet specific security and compliance requirements. “When potential customers realize that Oracle Managed Cloud Services has the economies of scale to make million-dollar investments in the latest security controls, they recognize the distinct advantages of this deployment model and are ready to consider cloud a preferred alternative to traditional on-premises management of Oracle’s applications,” says Stavnitser. 

Functionally, BIG-IP ASM is a comprehensive WAF solution and delivers exactly the protection we need. Leonid Stavnitser, Senior Director of Managed Security Services, Oracle Managed Cloud Services

Solution

From the beginning, Oracle Managed Cloud Services has used BIG-IP Local Traffic Manager (LTM) in its data centers to intelligently manage the flow of network traffic and offload compute-intensive processes such as SSL termination. “We have had a very strong technology partnership with F5 for years, so when we decided to add a web application firewall to our service offerings, it made sense for us to look at F5’s BIG-IP Application Security Manager [ASM],” says Stavnitser. His team did their due diligence in evaluating other vendor solutions, as well.

“Our primary requirement was to ensure that the WAF solution we chose did the job we needed it to do,” says Stavnitser. “Secondly, it needed to fit easily into our managed cloud architecture; we didn’t want to make our existing infrastructure more complex.” Other considerations: How easy would the WAF be to manage and monitor? Would it require additional administration or a new skillset to operate and maintain? Would it provide the necessary scalability? Would it require additional rack space and power?

“These were all considerations that were at top of our list,” says Stavnitser, “After evaluating several vendors’ solutions, it was obvious that F5 was the best choice, for a number of reasons.” 

Benefits

When asked about the benefits that BIG-IP ASM has brought to Oracle Managed Cloud Services, Stavnitser answers without hesitation.

Comprehensive protection

“Functionally, BIG-IP ASM is a comprehensive WAF solution and delivers exactly the protection we need,” says Stavnitser. He notes that BIG-IP ASM is a mature product, yet it continues to evolve, for example, providing more and better ways to fend off new types of cyber attacks. It also enables customers to comply with a growing number of regulatory requirements and standards such as PCI DSS, HIPAA, DoD, NIST, and many others. “When customers come to us, the first thing they see is that we have a WAF available to them as a managed service, so they know we can meet the specific regulatory requirements that require a WAF without requiring them to make any CapEx investments, hire, and train their own staff.”

In the near future, Oracle Managed Cloud Services will implement F5’s IP Intelligence Service, which links to a real-time database of well-known malicious hosts. “IP Intelligence is a valuable add-on that will give us yet another layer of defense by enabling us to detect and terminate malicious connections immediately at the edge of our network,” says Stavnitser. “With this service, we can minimize the chance of blocking legitimate users from accessing their applications and balance that against the need to stop malicious traffic from ever entering the network.”

Flexibility

BIG-IP ASM supports Oracle Managed Cloud Services’ goal of providing flexibility to its customers. “Because BIG-IP ASM is a value-added security service, we have the flexibility to enable the service for customers who require it at the time we provision their environment, or later as an add-on service, when they have a need for it,” says Stavnitser. “At the same time, we’re not overloading or overcharging customers who have no need for it.”

Seamless integration

As part of the BIG-IP unified platform of products, BIG-IP ASM integrates seamlessly into Oracle Managed Cloud Services’ existing architecture, so there was no disruption to its existing infrastructure. “Other WAF solutions would have required us to deploy additional appliances in our network infrastructure and make them part of the routing chain, which would have added complexity and been far more expensive,” says Stavnitser. He adds that his staff was already familiar with F5 technology, so the learning curve with F5 was not nearly as steep as it might have been with another vendor’s solution.

Monitoring

BIG-IP ASM is a critical element of Oracle Managed Cloud Services’ security monitoring ecosystem because it integrates with the organization’s Security Information and Event Management (SIEM) system. This SIEM system enables Oracle Managed Cloud Services to quickly identify, analyze, and recover from security events and also document that its systems conform to various compliance requirements. “Our SIEM is our primary security monitoring and incidence response service, and BIG-IP ASM helps us maintain the effectiveness of that service.”

Stavnitser sums up by saying, “One of the reasons we have such a strong technology partnership with F5 is because its solutions integrate seamlessly into our cloud infrastructure. That gives us the flexibility to offer our customers the security services they need when they need them. Bottom line is that F5 helps us keep our business secure and, at the same time, grow the business.”