When security is mentioned at an IT industry conference, it's normal to say, "Security took center stage." At Oracle Industry Connect in Orlando, Fla., it would be more correct to say that security was hanging out in the crowd stage-left, in a role with a credit two-thirds of the way down the billing. In other words, security made the stage but it was in a small, mostly non-speaking role.
In a series of sessions that all point in the direction of moving every function, service and customer to a cloud infrastructure, security was generally seen as a solved problem. In his Tuesday afternoon keynote discussion, Oracle CEO Mark Hurd was asked whether security had transitioned from an issue that kept companies out of the cloud to one that is part of the justification for moving to a cloud infrastructure. He agreed that this has, in fact, become the case for Oracle customers.
"I do think the security levels in our cloud are so much higher than you could ever achieve in your own environment on-premise," Hurd said. The reasons for this, he said, have to do with expertise, technology and infrastructure size. "When you get into these environments it's very hard to secure all of this at scale," he explained.
One of the factors that allows Oracle to provide security at scale, Hurd said in a Q&A session with journalists and analysts, is simplicity. "Our cloud is literally one configuration. We have to secure that one environment," he said. Hurd expanded on the "one environment" statement by saying that the entire Oracle cloud is built on one version of operating system, one version of one database manager and one Oracle-defined hardware platform. A patch or update to the "master" software image can be quickly propagated across the entire cloud.
Hurd contrasted the Oracle cloud to the situation faced by many customers. "Our customers have to secure tens of servers, tens of operating systems, tens of databases and they tend to be 14 to 18 months behind us in patching," he said. As result, "We're going to do security better. It's simpler; we have the technology."
On the second day of the conference, the heads of Oracles global business units (GBUs) were asked about security as part of a group Q & A session with journalists and analysts. Sonny Singh, SVP and GM of Oracle's financial services global business unit, said that his group addresses security through three broad initiatives. First, he said, they can, "...leverage underlying platforms with inherent security built in." He explained that this involved the security features of the cloud platform as well as the streamlined infrastructure Hurd spoke of.
Next, Singh said, they are required to have definitive processes that can demonstrate compliance with the myriad regulations and laws under which financial institutions operate around the world. Finally, he said, "We partner with the other GBUs. We can learn on a very quick cycle from the other units." Hurd referenced something similar in talking about Oracle's ability to learn from its customers when he said, "Our customers, on average, will get attacked a lot. We see all sorts of tricks and innovation and we patch to that."
All of the advancements and advantages that come from Oracle's approach to security are critical, Singh said, because the demand is rising in lock step with customers' shift to the cloud. "Scrutiny has gone up with the move to the cloud," Singh said. "The security onus has shifted from the customer to Oracle." It's a contractual and regulatory spotlight that grows brighter for a security -- a player that has moved out of the wings and is inching closer to center stage.
— Curtis Franklin, Security Editor, Light Reading