Welcome to this lesson on Security Zones and Security Advisor. Security Zone is to configure a location in which you cannot disable security. Security Advisor is a service that unifies Security Zone, cloud guard and some other capabilities together in a cohesive whole. In this lesson, we will look into both of these services. First let's look at Security Zones. What are these Security Zones? Well, we talked about that you have resources in your compartments. As you can see here, you have two compartments. Compartment A and compartment B, you could designate compartment B as a Security Zone. What does that mean? Well, that means that this particular compartment, once it's assigned this Security Zone nomenclature, has a set of Security Zone recipes. These are nothing but your policies which get enforced here. Anytime there's a policy violation, that operation is denied. What does that look like? Which services are supported? Well, the core primitives today are supported including: networking, storage, compute, and databases. What does that actually mean? Well, if you specify that subnet always have to be private. If you create a public subnet, that operation will be denied. If the rule says that the customer managed master encryption keys have to be used instead of provider managed master encryption keys. If that is violated, the operation will be denied. The idea is you take a portion of your tenancy, think about your own home. You have the most secure items you have, whether it's your passport or documents or jewelry or something else, you could keep that in a secure wallet, make it fire safe, etc. It's protected in case of any breach or a natural disaster. The same idea applies here. You take your tenancy, not everything in your tenancy is super secure, but some elements in your tenancy, some portions of it are going to be super secure. You create a Security Zones. Sometimes it's also referred to as Max Security Zones. The resources which are kept there have policies applied to them, recipes applied to them, and those policies cannot be violated. It's a simple way to think about for Security Zones. Security advisor is really a combination service that takes the functionality that is provided by cloud guard and Security Zone, as well as some of the other security services, and bring them together. In a way, it's our own point of view on how security should be done. The services which are supported today are: object storage, file, storage, block volume, and virtual machines. Again, some of the examples we talked about earlier, buckets cannot be public and that can be enforced by Security Advisor. The Security Advisor will walk you through on how to create a bucket in a Security Zone. It comes with its own set of requirements. You have to use a customer managed key, and so on and so forth. Security advisor would actually go through the steps required to do that. In our demos, we can take a look at how it works, and then you will understand it a little bit better compared to just going through the slides. Just to recap, these two again are unique services. Security Zones configure a location in which you cannot disable security. Security advisor, unifies Security Zone, cloud guard, other security capabilities together in a cohesive whole. I hope you found this lesson useful. Thanks for watching.
