Maximum Security Zones provides both preventative and detective security controls for cloud environment. Maximum Security Zones is the preventative control, designed to stop from making bad implementation choices that would weaken security posture.
The new Maximum Security Zones service within OCI aims to help you minimise this risk. A security zone is a preventative control, which, by nature of the fact that it contains sensitive data and resources, is restrictive by design. For example, Maximum Security Zones will release with a maximum security policy enabled. ]
In OCI, we need to create security zone and attach it to compartment to maintain the resources within the compartment. All policies defined in that security zone will be applicable across OCI resources within that compartment.
Once a security zone is created, operations are monitored in real-time against the control plane and blocked if they don’t meet the security policy.
For example, if your security zone has policy that prevents from creating public object storage in that compartment, it never allows you to choose that option while creating it and flashes security zone alert while creating such public object storage.
In this way, OCI resources can be protected and secured.
