Security: The Next Generation is Now!

During a keynote address on Tuesday, October 27^th at Oracle OpenWorld 2015, Oracle Executive Chairman & CTO Larry Ellison spoke about IT security. He said, “We need much better security. We need a next generation of security. We are not winning a lot of these cyber-battles. We are losing a lot of these battles.” With the advances in technology performance, security is no longer an optional component. It needs to be sewn into the fabric of our systems.

We need to push security lower into the technology stack, creating a multi-tiered security strategy. Higher tiers will automatically and transparently inherit the benefits of security implemented at lower levels. Security at lower levels becomes a force multiplier in cyber-battles.

Oracle defends the silicon tier with its SPARC M7 processors, in which hardware-based encryption is enabled by default. Oracle’s “Silicon Secured Memory” blocks a category of security bugs known as buffer overflows. Attackers exploit known vulnerabilities within application platforms and operating systems to cause buffer overflows and capture small bits of data. This data may provide administrative access to systems.

Using Oracle’s Advanced Security Option on top of the Oracle Database Enterprise Edition provides Transparent Data Encryption (TDE) at the database tier. All applications developed to read and write data to the database inherit the data encryption without any additional coding. Performance is not impacted due to TDE’s ability to leverage CPU-based hardware cryptographic acceleration available in Intel and SPARC platforms.

These are two examples of how security can be pushed lower into the technology stack to create the next generation of security. Security can no longer be an option or afterthought when developing systems; it should be architected into multiple layers to defend against various types of attacks. It is time we start winning the cyber-battles!