REDWOOD SHORES, Calif. –– At their company's annual Media Days event earlier this month, Oracle executives offered some perspectives on cloud and cybersecurity issues affecting just about every enterprise with an IT system. And that means virtually every business on Earth.
Edward Screven, Oracle’s chief corporate architect, participated in a fireside chat with Dorian Daley, Oracle executive vice president and general counsel, to discuss how the company's customers--which now number a whopping 400,000 globally--are approaching cloud and cybersecurity issues and how they are now protecting their business data.
Here are a few takeaways from their discussion (YouTube video):
- Business customers now perceive cloud as a way to mitigate security issues, rather than as a potential security problem. “I think there definitely has been kind of a sea change in general attitude,” Screven said. “A few years ago when I talked to customers, security was actually kind of an objection." The arguments about the importance of the data haven’t changed, but the perception of cloud--and cloud vendors--has changed.
- Businesses are looking to make security someone else's problem. "I mean, they want us to be responsible for providing the fundamental security of their environments and of their data. And they're right to do so,” Screven said.
- Businesses now realize that cloud vendors provide security functionality that can help defend themselves from attacks perpetuated by large hacking organizations. That focus is reflected in the way cloud systems are architected, often in very homogenous ways that “narrow the attack vector,” in Screven’s words. Rather than having to defend for a large variety of server, storage, and switching vendors and configurations acquired over the years, cloud providers can maintain a minimal set of variations.
- On the resource front, cloud providers benefit from economies of scale that ordinary businesses simply do not have. “There's just this basic economic question: How can we possibly secure ourselves against this incredible threat if all of our resources are dispersed? The answer is we can't,” Screven said. Cloud providers like Oracle can concentrate resources focused on solving security problems for tens of thousands of customers. “We can build highly secure systems in a way that customers could never dream of doing,” he said.
- Ironically, businesses continue spending money on people to address an issue that can only be resolved with technology. Yes, people need to be trained to not respond to phishing attacks, but the vast majority of attacks rely on overwhelming people power with bot power. “The most important secrets of companies and governments are available through these networks running on computers that are sometimes managed by people who are overwhelmed by the task of patching and otherwise securing data,” Screven said.
According to “Security in the Age of AI,” a report unveiled by Oracle during Media Days, businesses often realize that the source of many of their security issues is human error, but they try to address this problem by hiring more people.
“That doesn't really make sense logically,” Screven said. “What we need to secure our systems is more automation.”
Michael Hickins is a former editor of eWEEK and of the Wall Street Journal. He currently works at Oracle.