Transcending the Dark Ages of Information Security in 2016

It’s been said that aspects of our industry are living in the “Dark Ages” of security. Businesses are tied to outdated views and rely on tools and tactics from the past, yet we are surprised when chaos breaks out. Security breaches and other vulnerabilities continue to create significant disruptions to our customers’ businesses. As an industry and society, we must leave antiquated approaches behind and forge a new path as data volume and data sources proliferate.

Here are two points of view on how to address the problem of data vulnerability.

Focus one: The changing role of IT security

The first focus is on data security and data science changing the role of IT security. In recent years, the overall IT market has seen the rise of four technologies that continue to have a profound impact on the dynamics of the industry:

These four areas are driving growth in the IT industry, but they also impose a number of new constraints, especially when it comes to security. As more and more devices get connected to global networks, getting us even closer to the Internet of Things, the potential for security breaches is constantly increasing. The level of protection of enterprise and government IT security systems has been consequently lowered.

In the past, IT security systems were modeled like a fortress with impressive walls, moats and arrow slits. All features were dedicated to protect from intrusion. But this model is now evolving to a more open and inviting model, which is driving organizations to open the walls of the IT “fortress.” In turn, security needs have not at all gone away; they have only increased.

Focus two: Secure to the Core

At this year’s Oracle OpenWorld, Oracle emphasized shifting the focus of infrastructure to security. Security features should be pushed down the stack as low as possible (think as low as the silicon in microprocessors) to allow for the highest security possible. That way, every application using a particular database inherits the security encryption and data protection capabilities. In fact, the last we checked, hackers have not yet figured out a way to download changes to a microprocessor because silicon is so hard to alter.

Part two is that security features should be always-on. There should be no way to turn off encryption or data protection. This seems like common sense but it’s good to reiterate.

SPARC M7: Now is the time

Oracle’s vision for security is embodied by the following three precepts:

In each of these areas, Oracle’s philosophy is to follow best practices by default, integrate security at the design phase, implement security policies reflecting business imperatives and provide tunable controls.

Since Oracle owns the complete stack, from silicon to database and applications, we are in a unique position to address security at every layer in the stack and bring them together in our servers, storage and engineered systems.

At the bottom of the stack you now find the SPARC M7 processor, which takes Oracle’s engineered systems philosophy into the core technology for computing systems: co-engineering the chip with software for optimum security and efficiency.

The M7's biggest innovations revolve around what is known as "software in silicon," a design approach that places specific software functions directly into the processor through specialized engines. Because these functions are performed in hardware, a software application runs much faster. And because the cores of the processor are freed up to perform other functions, overall operations are accelerated as well. Such speed and efficiency is essential for platforms in which security should be on by default.

Customer and partner momentum

The powerful message here is around the dramatic innovations we’ve made with software in silicon on the SPARC M7 processor, especially around the topic of security.

But don’t take our word for it. Oracle has a number of customer and partner testimonies on these new systems as well as new world record benchmarks that demonstrate why these new servers are a big deal to the infrastructure needs of the secure cloud.

Oracle also offers partners, customers and university researchers access to the Software in Silicon Cloud, which provides developers a secure and ready-to-run virtual machine environment to install, test and improve their code in a system with SPARC M7 processors running Oracle Solaris.

The calendar year may have just come to a close, but we can expect the size, severity and complexity of cyber threats to continue increasing.

As the age of digital transformation continues to pave the way for our industry, information security needs to remain a chief priority. Let’s work together to ensure the security and reliability of our information systems.

All the best,

Joel Borellis

Joel Borellis is group vice president, Partner Enablement at Oracle. Monthly guest blogs such as this one are part of The VAR Guy’s annual sponsorship. Read all of Oracle’s guest blogs.