It’s been said aspects of our industry is living in the “Dark Ages” of security. Businesses are tied to outdated views and rely on tools and tactics from the past, yet we are surprised when chaos breaks out. Security breaches and other vulnerabilities continue to create significant disruptions to our customers’ businesses. As an industry and society, we must leave antiquated approaches behind and forge a new path as data volume and data sources proliferate.
Here are two points of view on how to address the problem of data vulnerability.
Focus one: The changing role of IT security
The first focus is on data security and data science changing the role of IT security. In recent years, the overall IT market has seen the rise of four technologies that continue to have a profound impact on the dynamics of the industry:
➢ Mobility: Usage of smartphones, tablets and other devices connected to the Internet has grown dramatically.
➢ Social Media: Defined as a group of applications that allow the creation and exchange of user-generated content over the Internet, social media’s relevance has evolved from closely-knit groups of friends to large communities and the enterprise world.
➢ Cloud Computing: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort.
➢ Big Data & Analytics: The gathering and processing of massive amounts of information, fueled by the increasing number of mobile devices (ranging from phones, transponders, sensors and other network enabled embedded devices).
These four areas are driving growth in the IT industry but they also impose a number of new constraints, especially when it comes to security. As more and more devices get connected to global networks, getting us even closer to the Internet of Things, the potential for security breaches is constantly increasing and the level of protection of enterprise and government IT security systems have been consequently lowered.
In the past, IT security systems were modeled like a fortress with impressive walls, moats and arrow slits. All features were dedicated to protect from intrusion. But this model is now evolving to a more open and inviting model, which is driving organizations to open the walls of the IT “fortress”. In turn, security needs have not at all gone away and have only increased.
Focus two: Secure to the Core
At this year’s Oracle OpenWorld, Oracle emphasized shifting the focus of infrastructure to security. Security features should be pushed down the stack as low as possible (think as low as the silicon in microprocessors) to allow for the highest security possible. That way, every application using a particular database inherits the security encryption and data protection capabilities. In fact, the last we checked, hackers have not yet figured out a way to download changes to a microprocessor because silicon is so hard to alter.
Part two is that security features should be always-on. There should be no way to turn off encryption or data protection. This seems like common sense but it’s good to reiterate.
SPARC M7: Now is the time
Oracle’s vision for security is embodied by the following three precepts:
➢ Security at each layer;
➢ Security in between layers;
➢ Security between systems.
In each of these areas, Oracle’s philosophy is to follow best practices by default, integrate security at the design phase, implement security policies reflecting business imperatives and provide tunable controls.
Since Oracle owns the complete stack from silicon to database and applications, we are in a unique position to address security at every layer in the stack and bring them together in our servers, storage and engineered systems.
At the bottom of the stack you now find the SPARC M7 processor, which takes Oracle’s engineered systems philosophy into the core technology for computing systems: co-engineering the chip with software for optimum security and efficiency.
The M7's biggest innovations revolve around what is known as "software in silicon," a design approach that places specific software functions directly into the processor through specialized engines. Because these functions are performed in hardware, a software application runs much faster. And because the cores of the processor are freed up to perform other functions, overall operations are accelerated as well. Such speed and efficiency is essential for platforms in which security should be on by default.
Customer and partner momentum
The powerful message here is around the dramatic innovations we’ve made with software in silicon on the SPARC M7 processor, especially around the topic of security.
But don’t take our word for it. Oracle has a number of customer and partner testimonials on these new systems as well as new world record benchmarks which demonstrate why these new servers are a big deal to the infrastructure needs of the secure cloud.
Oracle also offers partners, customers and university researchers access to the Software in Silicon Cloud, which provides developers a secure and ready-to-run virtual machine environment to install, test, and improve their code in a system with SPARC M7 processors running Oracle Solaris.
The calendar year may have just come to a close, but we can expect the size, severity and complexity of cyber threats to continue increasing.
As the age of digital transformation continues to pave the way for our industry, information security needs to remain a chief priority.