Security remains biggest concern says Oracle founder

Larry Ellison says ability to turn off security features in software makes no sense

Attendees view Oracle’s Team USA’s AC72 catamaran at Oracle Cloud Plaza on Howard Street during the OpenWorld conference in San Francisco
Attendees view Oracle’s Team USA’s AC72 catamaran at Oracle Cloud Plaza on Howard Street during the OpenWorld conference in San Francisco

Security is a top concern and needs to be always on and enacted as far down the security stack as possible, said Larry Ellison, Oracle founder, executive chairman and chief technology officer, in his second keynote speech this week at Oracle's OpenWorld conference.

“The biggest concern we have as an industry, and biggest concern consumers have, is security,” Mr Ellison said.

“We need next generation security, because we are not winning the cyber battles. We have not yet lost the war, but this is a technology confrontation, sometimes at the country level,” he said.

“We have to rethink how we deliver technology, especially as vast amounts of data are moved to the cloud. If we are going to move lots of data to the cloud, we have to make sure it is secure.”

READ SOME MORE

Yet most software is designed with key security features such as encryption being an option, which users can turn on or off, he noted.

“The always-on rule of thumb means it should be impossible to turn off encryption. The idea of turning on and off security features makes no sense.”

Introducing new features on Oracle’s M7 microprocessor, he said security should be pushed down to the silicon level if possible in computing.

The chip now included memory intrusion detection security that would prevent exploits such as the Heartbleed and Venom viruses. The chip prevents attacks by blocking access to memory that belongs to another application, Ellison said.

“Even the best hackers have not figured out a way to download changes to your microprocessor,” Mr Ellison said. “You can’t alter the silicon. That’s really tricky.”

Not all servers in a network would need the chip, either, because once an attack is detected and blocked, an alert is issued that would allow other servers to be be secured, he said.

He said Oracle would continue to integrate security features at chip level, and develop more chips.

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology