This work package provides organisations with expert guidance to design, assess, and implement a security architecture aligned to the Oracle Cloud Infrastructure (OCI) Well‑Architected Framework, with a focus on:
Security Pillar
Operational Excellence Pillar
Reliability Pillar
Performance Efficiency & Cost Optimisation (security‑relevant aspects)
Zero Trust Architecture alignment
The service ensures OCI environments are secure, resilient, compliant, and operationally mature, enabling organisations to modernise safely across multi‑tenancy, multi‑region, and hybrid architectures.
Assess OCI environments against the OCI Well‑Architected Framework (Security Pillar).
Develop an OCI‑aligned Cloud Security Reference Architecture.
Strengthen identity, network, workload, data, and operational security.
Improve monitoring, detection, and automated response capabilities.
Establish governance, policies, and continuous assurance processes.
OCI Well‑Architected Security Review with risk‑prioritised remediation plan.
OCI‑aligned Cloud Security Reference Architecture blueprint.
Hardened IAM, network, data, and workload controls.
Updated governance, policies, and operational processes.
A multi‑phase OCI security transformation roadmap.
OCI tenancy governance using Compartments, Policies, and Tagging.
Identity Domains and IAM governance.
Security policy development and harmonisation.
Compliance mapping (ISO, NIST, CIS, PCI, HIPAA, GDPR).
Cloud risk assessment and threat modelling.
OCI Governance Framework
Compartment & Policy Architecture Pack
Security Baseline & Compliance Mapping
IAM role design, dynamic groups, and least privilege.
MFA, identity federation, and SSO.
Privileged Access Management (PAM) using OCI IAM & Vault.
Workload identity governance (Instance Principals, Resource Principals).
Zero Trust identity architecture.
IAM Hardening Pack
Privileged Access Governance Model
Zero Trust Identity Architecture Blueprint
VCN design, segmentation, and isolation.
Zero Trust network patterns using Private Endpoints, Service Gateways, and ZTNA.
OCI Network Firewall, WAF, and DDoS protection.
Secure hybrid connectivity (FastConnect, VPN).
Secure remote access and identity‑aware proxy patterns.
OCI Network Security Architecture
Zero Trust Network Segmentation Design
Firewall & WAF Configuration Blueprint
Data classification and sensitivity‑based access.
Encryption at rest and in transit (OCI Vault, HSM).
Tokenisation and key management.
Data Loss Prevention (DLP) and insider risk controls.
Secure storage and access governance for Object Storage, Autonomous DB, MySQL, NoSQL.
Data Protection & Governance Framework
Encryption & Key Management Design
OCI Storage & Database Security Pack
Secure container and serverless architecture (OKE, Functions).
API security using API Gateway & WAF.
Secure DevOps and CI/CD pipeline integration (DevOps Service, GitHub, GitLab).
Vulnerability scanning and patching (OCI Vulnerability Scanning Service).
Application & Workload Security Pack
DevSecOps Integration Guide
API & Workload Trust Architecture
Compute, Database, Storage, and PaaS hardening.
Secure Landing Zones aligned to OCI best practices.
CSPM, CIEM, CWPP integration using OCI Cloud Guard.
Configuration baselines aligned to CIS OCI Benchmark.
OCI Infrastructure Hardening Standards
Cloud Guard Integration Blueprint
Secure Landing Zone Architecture
SIEM/SOAR integration using Oracle Cloud Guard, Logging, and third‑party SIEMs.
Threat detection using Cloud Guard, Vulnerability Scanning, and Audit Logs.
Automated remediation using Functions, Events, and Resource Manager.
Incident response playbooks for OCI workloads.
Monitoring & Telemetry Strategy
Detection Engineering Use Case Library
OCI Incident Response Playbook Pack
Multi‑AD and multi‑region resilience patterns.
Backup, disaster recovery, and failover design (Data Guard, Object Storage, Autonomous DB).
Chaos engineering and resilience testing.
Post‑incident review and continuous improvement.
Resilience & Continuity Framework
Multi‑Region Resilience Architecture
Continuous Improvement Model
OCI IAM, MFA, federation
Privileged access governance
Workload identity (Instance/Resource Principals)
VCN segmentation
Private Endpoints, Service Gateway, ZTNA
OCI Network Firewall, WAF, DDoS
Classification, encryption, tokenisation
OCI Vault & HSM
DLP & insider risk controls
OKE/Functions hardening
API Gateway & WAF
DevSecOps & CI/CD security
Secure Landing Zones
Cloud Guard, Vulnerability Scanning
CIS benchmark alignment
Cloud Guard SIEM/SOAR
Logging & Audit
Automated remediation
OCI Well‑Architected Security Review Report
OCI Cloud Security Reference Architecture Blueprint
Identity, Network & Data Hardening Packs
Monitoring, Detection & Automation Design Pack
Governance & Operating Model Framework
Executive Summary & Board‑Level Presentation
OCI Zero Trust Landing Zone
Secure DevOps / DevSecOps Integration Guide
Continuous OCI Security Monitoring Service
Multi‑Cloud Security Architecture
OCI Compliance Accelerator (ISO, NIST, CIS, PCI, HIPAA)
Initiation & Discovery
OCI Well‑Architected Security Review
Architecture & Policy Design
Identity, Network & Data Hardening
Monitoring & Automation Integration
Governance & Capability Uplift
Optional: Continuous OCI Security Assurance
Lead OCI Security Architect
Zero Trust Architect
Identity & Access Specialist
Cloud Network Engineer
DevSecOps & Workload Security Specialist
Governance & Compliance Analyst
Project Manager
Fixed‑price for assessment, architecture, and governance phases.
Time & materials for engineering and integration.
Subscription/retainer for continuous OCI security assurance.
Cloud misconfigurations → Cloud Guard & IaC.
Identity sprawl → IAM governance & Access Approval.
Data exposure risks → encryption, DLP, access governance.
Operational resistance → training & clear operating models.
Tool sprawl → consolidation into OCI‑native controls.