Mythics Blog

Oracle OCI is FedRAMP Authorized for IaaS, and Why It Matters

Posted on September 3, 2019 by Erik Benner

Tags: Oracle, FedRAMP, IaaS, Oracle OCI, Oracle Cloud Infrastructure, Oracle Cloud, OCI

Recently Oracle received FedRAMP Moderate Authorization for many of their IaaS technologies.

UPDATE: Oracle Achieves FedRAMP Authorization for Oracle Cloud Infrastructure - ORACLE #OOW19 PRESS RELEASE (09-16-2019)

FedRAMP stands for Federal Risk and Authorization Management Program and is a government program that standardizes the approach to security assessments for cloud service providers (CSP). The idea behind the program is to ensure that the CSPs offerings are secure enough to be used by federal agencies, for multiple levels of sensitive information. Very few CSPs have been able to gain FedRAMP authorization due to the requirements of the program. By moving from FedRAMP In Process to Authorized, Oracle has confirmed their commitment to providing a secure cloud that can handle some of the most stringent security requirements in the industry. Multiple cloud offerings from Oracle have passed through the FedRAMP process, and due to Oracle’s adoption on continuous delivery and continuous integration, you can be assured that new services are in the current pipeline for FedRAMP.

Multiple Oracle IaaS technologies are now FedRAMP Authorized; many like compute, storage, and networking, are basic services that other CSPs provide. What sets Oracle apart is the database technology that is now offered in a FedRAMP authorized environment. Only Oracle can provide a database technology that can scale from 2 to 368 cores in a single database. It can scale to over 300TB of storage, I/O performance exceeding 4 million IOPS, and at the same time provide a truly highly available database for 24x7x365 operations.

Let’s cover these Database advantages in some more detail.

First is the scalability. Oracle has several options for the Database, enabling a database to start as small as a single core, or as large as 368 cores, all to a SINGLE database. This gives the customer the ability to scale well beyond what other cloud providers can offer, where a limit of 36 cores is more common. Not only does the CPU scale, but so does the memory, enabling a database to access over 5,632GB of RAM, where other clouds quickly hit a wall around only 144GB of ram. Combining this huge memory footprint with the In-Memory feature, and your reports will run significantly faster, we often see reports that use to run for hours now run in minutes.

I/O Performance is also a place where Oracle leads the pack, enabling databases to exceed over 4million write I/O Operations Per Second (IOPS) and over 360/GBs of throughput. IOPS is a key feature for responsive databases, especially business and mission-critical workloads like HCM systems, ERP systems, Medical healthcare systems, and other critical workloads.  Other CSPs often run into IOPS limits that are under 100k per instance. Fats I/O performance also enables more consolidation of your database, reducing the number of systems and cores required to run your workload.

Next is the availability of your data. A simple failover technology that other CSPs use is not enough for critical databases. Mission and business-critical databases require that the data is available 24x7x365, and ONLY the Oracle cloud can provide the same RAC technology that your current existing databases in your datacenter currently use. RAC enables not only scalability but also high availability, to the extent that if a compute node fails, the database never goes offline. This technology is available for both virtualized and physical systems in the cloud, enabling even small database to provide a truly highly available database that can stay online when other CSPs may fail.

Finally, we can look at security.  By default, every Oracle database in the cloud is encrypted and encrypts with keys that only you, the customer has access to. While other CSPs can encrypt, often the encryption is not enabled by default and their tech support staff have access to the keys, increasing the threat surface and reducing the security of your data. Oracle OCI also includes network-layer protection by default, with the firewalls blocking traffic by default (Other CSPs often leave the door wide open) and Oracle also includes protection from Denial Of Service attacks for free, adding to the security.

Interested in leveraging the Cloud for your agency or business and mission-critical application? Please reach out to Mythics, and learn why customers choose Mythics to architect, migrate and support for cloud migration projects.

The journey to the cloud can be difficult to navigate. Mythics is here to help guide your cloud adoption to ensure your success. Contact Us or email

Erik Benner, VP Enterprise Transformation, Mythics Inc.


Oracle Cloud Infrastructure-Government Cloud has been FedRAMP Authorized since 8/27/2019. To review the authorization details, visit and


  • ! No comments yet

Leave a Comment