Encryption, memory integrity, and tight software integration aligns silicon with cybersecurity requirements As summer turned to fall, the IT industry got together at VMworld and then Re:Invent to celebrate cloud computing. This translated to software-defined everything – data centers, networking, storage, etc.Yup, we are deep into a hype cycle where the entire industry is in a state of gaga over all things associated with software like flexibility and agility. Great stuff but software has to run somewhere so there is and always will be market for high-performance hardware. This week at Oracle Open World, Oracle (a company synonymous with software) actually introduced a new piece of hardware along these lines, the SPARC M7. Now any CPU announcement is bound to focus on raw horsepower and this one is no different. The M7 is a 32-core, 256-thread CPU built for high-performance computing. Perfect for database queries and big data analytics but Oracle’s new processor also provides some built-in cybersecurity improvements including:Hardware-assisted encryption. Cryptographic operations are hardware-intensive, placing a real burden on off-the-shelf CPUs that can impact overall system performance. This is especially true for on-line transaction systems and highly-virtualized cloud data centers demanding encrypted communications between VMs. The M7 is designed for cryptographically-intensive environments by providing hardware-assisted encryption/decryption in all 32 cores. With this enhancement, Oracle claims that the new M7 much faster end-to-end encryption than any other commercial CPU available today. Existing applications that already use SPARC-based encryption will automatically gain additional performance from new M7 processors with no modifications to the code.Silicon-based memory integrity protection. Common exploits like buffer overflows write data to a memory buffer, overrun the buffer’s boundary, and then overwrite adjacent memory segments to execute malcode and compromise systems. With M7, Oracle is adding security controls at the CPU level for real-time checking of access to memory as a countermeasure to this type of attack. This is especially useful for protecting multi-terabyte in-memory databases that often contain oodles of sensitive data. The M7’s silicon-secured memory protection is utilized by the Oracle 12c database by default and Oracle is providing APIs so developers can enhance security protection for other types of applications. Tight software integration. While M7 security resides deep within a CPU, Oracle is making sure to utilize its silicon-based security across its software portfolio. For example, M7 security is tightly-integrated with the Solaris 11.3 operating system for encryption acceleration across the databases, Java, existing applications, ZFS file system, as well as network, and host virtual machine migration. M7 encryption is also tightly-coupled with the Oracle key manager. This is an important detail for highly-secure enterprises. As the old cybersecurity adage states: ‘Encryption is easy, key management is hard.’ Oracle is also hinting at future hardware/software security additions to create more trustworthy tamper-resistant systems.Oracle marries the M7 processors with new servers (T7 and M7) and the SuperCluster M7, calling these systems, “the world’s most secure systems for apps and cloud.” Yes, this is a marketing label, but it’s worth noting that Oracle believes the addressable M7 market spans way beyond just super-charging Oracle databases alone. The CPU is really designed for today’s enterprise requirements – massive big data analytics systems, burstable cloud applications, and flexible hybrid clouds. Given today’s cloud computing innovation, it’s easy to follow the herd and believe that hardware no longer matters. Those of us that have been around the industry for a few years have heard this rhetoric before. In truth however, there will always be a place for advanced hardware that can offload operations and greatly accelerate overall system performance and throughput. With its M7 introduction, Oracle is demonstrating that it is one of few companies that still recognizes this artful balance between hardware and software – even in a software-defined world. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe