Oracle has had quite a journey. From being a Database Organization to being a force to reckon with in the Cloud and Security domain, Oracle has evolved.
We provide what we call Trust Fabric, which embraces both your on-premise as well as your Cloud systems.”
Akshay Aggarwal, Cloud Specialist Director- Manageability & Security, Oracle APAC
How has Oracle evolved from a simple Database Organization to being what it is today?
Classically, Oracle has been a very strong database organization. Slowly Oracle navigated its way into the enterprise application (ERP) side and got good success on the application side. We realized that you need a technology platform because a lot of people wanted to innovate beyond what you can do in your applications because applications are out of the box. So the providers set for functionalities. But the moment you say, I want to innovate and bring in some bit of differentiation from my competition; you need a technology stack which can provide you all the flexibility to do integration, to develop mobile applications, web application, web portals and those kinds of things. That’s how Oracle got into more and more things. And then, security always was important. It was actually a security project that oracle was doing for the Department of Defense. That is how Oracle came into being. We are the custodian for data, we make sure that we put in all the checks and balances for ensuring that data is secured at all times. So, irrespective of where the data is located, security is paramount.
What is Oracle’s relationship with its customers?
Today, Oracle has thousands of production. It becomes difficult for us also to visualize how customer sees us because we help customers in so many different ways. But one thing Oracle has been consistently working towards is making sure that they meet their solutions for the enterprise. So, they have always been an enterprise organization providing IT solutions for large enterprises. We have been very good at that because we know what the expectation is. Large enterprises need solutions which can scale, are highly secure and manageable, which can run in a distributed as well as centralize fashion globally in multiple data centers of customers.
So, the enterprises’ needs are different from that of the SMB customers. An SMB customer care about say, ‘Can you give me this function? If you can do that, give me a CRM system, my work is done’. They don’t look at scalability because it is not the need of the hour for them. But for enterprises, they would say, ‘I need it on all the operating systems. I want compatibility with all the other systems, which I am running in my environment’. So that’s the good thing about Oracle, that we understand the intricacies of what the enterprise needs.
What has Oracle’s journey with Cloud been like?
What we are seeing for the past five to 10 years is that enterprises are slowly moving towards the Cloud. Oracle had to step back and look at what should be the right strategy for them to move into the Cloud. When you have thousands of products running day in and day out for customers in their data centers and you are supporting them, you suddenly cannot decide that now I will make them available in the Cloud.
A lot of vendors decided to move those systems which are running on premise into the Cloud without doing any changes. But that was not a scalable model because Cloud needed a very different thought process in terms of how systems should run. They should be Cloud native. They should be very thin because the enterprise systems are very heavy. Something where you can bring in all the flexibilities of the Cloud in both in terms of usage as well as in terms of pricing. Beyond a point you cannot leverage your own premise stack to do the same thing. So, Oracle took the decision that they want to launch everything in the Cloud and whatever they had in on-premise, they would like to have a replica of that in the Cloud. But they want to develop that from scratch because it doesn’t make sense otherwise. So, that is what we are doing.
We are seeing success in the application space where our applications are all available in the Cloud, whether you talk about ERP, HCM, supply chain management or customer experience, all of them are there in the Cloud. Now that doesn’t mean we do not provide an on-premise model.
Where does Security come into play?
The biggest concern that we see and where people are very conscious, especially enterprises while moving to the Cloud is Security. They do not want to do any anything critical in the Cloud unless they are absolutely sure that the vendor whose solution they are using, is ensuring that their data which is going into the Cloud, is secure and taken care of. The way I have been securing it in a cocoon in my data center, you as a vendor is able to take care of it in the same manner or even better. Now I would say that’s a blessing for the customers because, we can address security because of the fact that we know it and we are a large organization which knows intricacies about so many different customers, we are able to put in the security measures in a way like no other and we are able to give them a transition to the Cloud.
Now having said all of this, as I said, Security is extremely important. All of the CIOs and CISOs we talk to their decisions are completely based on how secure our systems are. So, we provide what we call Trust Fabric, which embraces both your on-premise as well as your Cloud systems. Because if your security is only bound to a particular environment and doesn’t take care of the other one, then there can be gaps. Some of the technologies that we provide in this space is Identity Management. We provide the complete stack around Identity Governance as well as Access Management. Whether you run an application or system in the Cloud or in-premise, we can manage the identity and we can provide a seamless access to all these systems using a single sign-on based technology. So, how are you assessing the risk associated to the requests which are coming in and now that your systems are in both places, trust fabric approach should work on both sides and make sure that I assess the level of trust of that particular person in real time and provide you access according to that based on a two factor authentication or multifactor authentication.
So, security is becoming a very different problem altogether because now we are trying to address customers who have systems running on premise and they have systems running in Cloud or multiple Clouds.
Knowing how much risk is there in any transaction is extremely important. Hence, the importance of data leakage prevention while using your Cloud solutions. Because people are doing all sorts of things in the Cloud. There are sanctioned applications and unsanctioned applications in the enterprise. And people are working on both sides in parallel. So assessing the risk associated around the data leakage and making sure that you stop the people at the right time from doing those activities, is something we definitely look at.
What is your Portfolio for Security Solutions?
We provide security and different layers. So for database we have data security solutions. Things like encryption. We provide that for the database and make sure that anything in transit or at rest is completely encrypted. We have masking solutions which can ensure that if you are moving data from one environment to another, you are able to mask it so that even if people get access to it, they are not able to misuse it.
We have solutions for privilege Access Management for database specifically. Because what we feel is a lot of times people provide complete access to their database administrators and they have all the access to the database and to the database transactions which are getting stored. Even all the financial transaction information is in the hands of the database administrators. So we have a system called Database Vault. This actually stops providing any additional access to the database administrators. And thereby database administrators can do it’s administration work, but cannot look at the transactions, which reduces the possibility of insider threat by stopping these privileged users from moving ahead. We also offer Database Activity Monitoring to see, you know what kind of activity is happening within the database.
Our Cloud security solution, CASB assesses the user behavior. And based on the risk generated by our CASB solution, it instructs the identity and access management solution to provide access accordingly.
In terms of Innovation, last year Oracle came up with an Autonomous model. The customers can do only so much to take care of security of their data in the Cloud. We as the leader in the database space provide security in an autonomous fashion. We provide security by default, which means you don’t have to worry about security of your system at any point of time. You just use the system, the encryption of it, the masking of it, how backup is taken, the security patches, everything is completely AI based. It completely takes away the pains that people had in terms of upgrading and making sure that systems are up and running. And all of this is done in real time. There is no downtime at all. So, with autonomous offering that we have come up with, we are providing autonomous security, which is like auto secure and auto patching. All of that is done by itself without any downtime.
There is something called a shared responsibility, that when customers are going in for Cloud solutions, just the way the service provider has a responsibility to provide all the security measures around that, the usage of the Cloud and the Security, for that is the responsibility of the end company.