Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Web Application Firewall

End of Bibblio RCM includes -->

Security Takes the Stage at Oracle Industry Connect

Security is a supporting player at Oracle Industry Connect. Is it hero or villain to the assembled customers and partners?

When security is mentioned at an IT industry conference, it's normal to say, "Security took center stage." At Oracle Industry Connect in Orlando, Fla., it would be more correct to say that security was hanging out in the crowd stage-left, in a role with a credit two-thirds of the way down the billing. In other words, security made the stage but it was in a small, mostly non-speaking role.

In a series of sessions that all point in the direction of moving every function, service and customer to a cloud infrastructure, security was generally seen as a solved problem. In his Tuesday afternoon keynote discussion, Oracle CEO Mark Hurd was asked whether security had transitioned from an issue that kept companies out of the cloud to one that is part of the justification for moving to a cloud infrastructure. He agreed that this has, in fact, become the case for Oracle customers.

"I do think the security levels in our cloud are so much higher than you could ever achieve in your own environment on-premise," Hurd said. The reasons for this, he said, have to do with expertise, technology and infrastructure size. "When you get into these environments it's very hard to secure all of this at scale," he explained.

One of the factors that allows Oracle to provide security at scale, Hurd said in a Q&A session with journalists and analysts, is simplicity. "Our cloud is literally one configuration. We have to secure that one environment," he said. Hurd expanded on the "one environment" statement by saying that the entire Oracle cloud is built on one version of operating system, one version of one database manager and one Oracle-defined hardware platform. A patch or update to the "master" software image can be quickly propagated across the entire cloud.

Hurd contrasted the Oracle cloud to the situation faced by many customers. "Our customers have to secure tens of servers, tens of operating systems, tens of databases and they tend to be 14 to 18 months behind us in patching," he said. As result, "We're going to do security better. It's simpler; we have the technology."

On the second day of the conference, the heads of Oracles global business units (GBUs) were asked about security as part of a group Q & A session with journalists and analysts. Sonny Singh, SVP and GM of Oracle's financial services global business unit, said that his group addresses security through three broad initiatives. First, he said, they can, "...leverage underlying platforms with inherent security built in." He explained that this involved the security features of the cloud platform as well as the streamlined infrastructure Hurd spoke of.

Next, Singh said, they are required to have definitive processes that can demonstrate compliance with the myriad regulations and laws under which financial institutions operate around the world. Finally, he said, "We partner with the other GBUs. We can learn on a very quick cycle from the other units." Hurd referenced something similar in talking about Oracle's ability to learn from its customers when he said, "Our customers, on average, will get attacked a lot. We see all sorts of tricks and innovation and we patch to that."

All of the advancements and advantages that come from Oracle's approach to security are critical, Singh said, because the demand is rising in lock step with customers' shift to the cloud. "Scrutiny has gone up with the move to the cloud," Singh said. "The security onus has shifted from the customer to Oracle." It's a contractual and regulatory spotlight that grows brighter for a security -- a player that has moved out of the wings and is inching closer to center stage.

— Curtis Franklin, Security Editor, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31943
PUBLISHED: 2022-07-01
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-32093
PUBLISHED: 2022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
CVE-2022-32094
PUBLISHED: 2022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
CVE-2022-32095
PUBLISHED: 2022-07-01
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
CVE-2022-32384
PUBLISHED: 2022-07-01
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet.