Skip to main content

What differentiates Oracle from other cloud providers when it comes to security?

(Image credit: Future)

Cybersecurity is an important aspect and it becomes more precarious when organisations are flocking to the cloud to deploy mission-critical apps.

Data is the new oil of the 21st century.

The opportunity that the cloud presents also brings in challenges and that is the nature of the opportunity.

Among the big data breaches that caught the attention last year was Capital One, a client of Amazon Web Services (AWS), which announced a data breach that has exposed personal information such as transaction data, credit scores, payment history, balances, and for some linked bank accounts, social security numbers of 106 million people across the US and Canada.

The data breach was an exploit of a configuration issue in a firewall, something that's typically rectified by routine security audits and controls. This incident shows how today's enterprise security deployments are increasingly complicated as the risk landscape is always evolving.

Equifax was fined for not patching 2% of its database management while the rest were patched while more than 1m people’s biometrics, usernames and passwords were stolen from Superma’s Biostar 2 security platform.

According to security researcher firm VpnMentor, employment and personal details of thousands of British professionals as well as data stored by several British consulting firms were unprotected on AWS S3 database for the past many years.

 “There is no challenge that is greater today than the risks that we can be exposed to. As we become connected, the threats become more real with a larger surface area and the bad guys are also using the same emerging technologies to rage a highly sophisticated war against us,” Steve Daheb, Senior Vice-President at Oracle Cloud, said.

 “We believe that it is the role of the technology provider to do the integration work for you, whether that is through automation or services and support while you focus on what is good for the company,” he said.

Imagine a product that self-patches, self-manages and eliminates human error and that is what differentiates Oracle from AWS and other cloud providers, he said.

“There will be 3.1m cybersecurity professionals needed in the US alone and we cannot find enough people,” he said.

Patching in microseconds

Not every company can afford to hire security professionals, Wim Coekaerts, Senior Vice-President for Operating Systems and Virtualisation Engineering at Oracle, said and added that a lot of people think that cloud is not secure and so, “we will have our own security standards and features”.

That is the wrong approach, he said, and everybody has to start from scratch and it is dangerous.

“We as a company can hire a lot of security professionals to do it at scale.  For us to scale, we have to do it ourselves in an autonomous database and autonomous cloud,” he said.

To do patching, he said that they [customers] need to bring down the apps, then the database and after patching, they need to reboot the OS, restart the database and the apps.

“From a technical point of view, you have to do all these steps. From a practical point of view, a company has to hire a project manager. He has to contact the apps people whether they will agree for the downturn and then he has to talk to the database folks,” he said.

So, the whole schedule of patching by an individual company is really expensive. So, the company is getting exposed for a few months, he said.

Oracle claims that it has an IP that allows it to patch the OS in eight microseconds without bringing down the system.

“We have done 120m patches in four hours across the entire cloud and nobody knew. We did not reboot the server or the apps.  It is really important to do patching without downtime. If it is going to impact the user, they don’t want to do it and there is going to a delay,” Coekaerts said.

Moreover, Oracle does it for you and not as an add-on.

Safer internet initiative

Christa Johnson Scura, Internet Intelligence at Oracle, said that internally, Oracle has data scientists and data engineers in the cloud security product space to make it smarter and automated.

By launching the “Internet Routing 3D Visualisation” service, as part of safer internet initiative, she said that Oracle aims to increase the public’s understanding of internet routing events such as BGP leaks, which redirects traffic from its intended recipient for the purpose of scamming visitors or for simply stealing data or due to misconfiguration errors that cause a black hole for internet traffic and hijacks through visualisations.

According to Internet Society, a not-for-profit organisation, more than 12,000 routing outages or routing leaks occurred in 2018.

“Oracle’s aim is to make the internet safer so all users can feel confident of moving sensitive data to the cloud and operating critical workloads in an online environment,” Gil said.

Oracle has a totally different approach when it comes to security, Daheb said and “we have to think about it more holistically when it comes to multi-cloud and hybrid-cloud environments. It is also about protecting top-level users to the apps, to the data and to the infrastructure.”

“We look at how to use AI, machine learning and autonomous-based technologies and deploy them into our security offerings.  The data is encrypted by default,” he said.

Moreover, he said that what Oracle is offering is an intelligent and self-managing database to bring a high degree of automation to routine administrative tasks.

An autonomous database is a cloud database that eliminates complexity, human error and manual management associated with database tuning, security, backups and updates; tasks traditionally performed by the database administrators.

With an autonomous database, he said these types of breaches don’t happen and autonomous capabilities are built on every component of the product portfolio.

According to KuppingerCole Analysts AG, Oracle has been named as an overall leader in database and big data security in 2019.

That is why Oracle’s database and cloud infrastructure are well protected and encrypted, Daheb added.