• United States



Deputy News Editor

Oracle’s Larry Ellison decries poor state of security, says he’s fixed it

Oct 28, 20152 mins
Application SecurityData and Information Security

Ellison claims Oracle's new servers would have stopped Heartbleed in its tracks

Oracle Chairman Larry Ellison has put better security at the heart of his pitch for the company’s new products, though it could be a tough sell for a man who’s long claimed his products are “unbreakable.”

“We need much better security,” Ellison said Tuesday in a speech at Oracle OpenWorld. “We need a next generation of security because we’re not winning a lot of these cyberbattles. We haven’t lost the war, but we’re losing a lot of battles.”

He pointed to recent breaches including one at the U.S. government that exposed more than 20 million personnel records, and talked up new Oracle products that he said will better protect companies’ data. They include servers based on a new microprocessor, the Sparc M7, which has functions to improve security embedded in the silicon itself.

Ellison claimed one of those functions, called silicon secured memory, would have uncovered the recent Heartbleed bug and “stopped it in real time.”

It’s a compelling message for Oracle’s customers, many of whom are losing sleep at the prospect of becoming the next Target or Sony Pictures. But it’s also a delicate message to sell for a company that makes one of the world’s most widely used databases. It’s akin to admitting its current products aren’t completely secure, and Ellison said as much on Tuesday.

“It’s been our goal for a very long time to deliver a product that was highly secure,” he said. “We have more security features and have been doing this longer than anybody, and I’m still saying that with all the things we’ve already done, it’s still not enough.”

His message to customers: this time we’ve got it right. Put your data on Oracle’s hardware systems, or in Oracle’s cloud, and your security fears are over.

Ellison announced a couple of new products on stage, including another of the company’s preconfigured, “engineered” systems. It’s called, unimaginatively, the Oracle Private Cloud Machine for PaaS and IaaS, and Ellison joked that it has “half the reference manual in the name itself.”

The box, he said, provides exactly the same hardware and software stack that Oracle runs in its own cloud, making it easier for customers to move workloads back and forth. It’s a similar pitch that Dell makes for its Microsoft Azure appliances.

He also announced that Enterprise Manager, Oracle’s management tools for all its products, is now available as a cloud service.