OOW 2017: Securing the database

During Day One of Oracle Open World 2017, it was all about databases and cybersecurity, including how Oracle is heading towards its ambitions to have these two fully automated.

A self-driving database is a big deal; think of the manual labour costs and human error risk which could be eliminated, not to mention the better agility and flexibility as a result. But for Oracle’s cybersecurity product to be semi-autonomous as well, could be an even bigger deal.

Oracle CTO, Larry Ellison, said, “This is the most important thing, we have done in a long, long time.

Here’s why.

Dozens, if not hundreds of reports around cybersecurity, and especially high-profile ransomware and data breach events, have highlighted how the lack of IT security hygiene had exacerbated the spread of WannaCry, Petya,.. it will likely be highlighted during the next big cybersecurity event, as well.

It’s only a matter of when.

Database security

A key IT security practice, the applying of patches whenever vulnerabilities were discovered, was especially emphasised in many cybersecurity news coverage.

Protecting systems and data from being compromised, seems to be so simple – just patch our systems when a vulnerability is discovered, right?


IT security professional, Mahathir Abdul Malek, had talked about the steps required before a patch could be applied.  He had shared, that analysis is important, to reveal whether IT needs to patch immediately or wait for its patch cycle.

Clearly, patching systems, isn’t as simple as it looks, and the biggest challenge of all is that some patches require systems to undergo some downtime. That is unacceptable for some industries like manufacturing, or even mission-critical workloads.

And then, during Oracle CEO Mark Hurd’s keynote on Monday, he said, “The average patch is a couple of months, too late.”

When a customer had shared with Hurd that it takes 4 to 5 months to patch Oracle systems, Hurd shared that to his knowledge, it actually takes one year.

Oracle’s Autonomous Cybersecurity offering, together with Oracle Autonomous Database, claims to address this huge headache, because the new database product will auto-patch and auto-update itself, besides auto-tune its performance, and auto-provision for itself.

It also claims to be able to auto-patch systems, without any downtime required for the system.

What’s next?

Another key IT security practice, backing up of data, is also highly recommended, as a measure against ransomware attacks.

If not incorporated already, perhaps this would be one of many more security features Oracle would build into their databases, as they try to address a very risky landscape, and reassure a more-panicky-than-usual market, about the security of their database offerings.

If Oracle’s security sensitive customers, are asking the same questions of the database company, as they would any other cybersecurity vendor, Oracle would have to consider, if not already, insider threats, Distributed Denial of Service (DDoS) attacks, virtualisation, and many more, popular but typical cybersecurity trends.

On Sunday, Ellison had claimed their artificial intelligence technology, which powers both their database and cybersecurity offerings, as being revolutionary.

More details about their Autonomous Cybsersecurity solution, will be revealed in 23 hours, at Moscone North, Hall D.


(This journalist was a guest of Oracle’s to Open World 2017 in San Francisco)



Cybersecurity 101: Above all else, obfuscate the enemy


Living on a prayer: SMB bug from WannaCry attack, still not being patched

There are no comments

Add yours