At the Oracle Open World 2015 conference this week, Oracle revealed what it describes as a major breakthrough in IT security that prevents attacks from being launched at the processor level.
Oracle CEO Larry Ellison says the latest generation of SPARC M7 processors now assigns numbers to units of code and memory on the processor that have to match before that code can be executed. If they don’t match, the processor will not only not run that code, it can also request patches in real time to fix vulnerabilities and send alerts to other systems, regardless of processor type, that the data center is under attack from a potential threat.
As part of this expanded focus on security, Ellison also committed to making certain that encryption is turned on in the Oracle cloud and that, going forward, Oracle will make it impossible to turn encryption off for two reasons. The first is that the impact that encryption has on application performance is now negligible. The second is that Oracle wants to assure customers that none of its employees can actually view customer data when running in cloud, which Ellison says is something no other provider of cloud applications and services can absolutely assure customers.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
In the wake of attacks such as Heartbleed and Venom, Ellison says it has become apparent that as far as security is concerned, the IT industry as a whole is simply not getting the job done. As such, Ellison says Oracle began investigating ways to thwart those attacks at the silicon level versus forcing customers to invest in IT security technologies that are clearly not up to the task.
The degree to which IT organizations would theoretically move away from x86 processors to take advantage of the new security capabilities that are inherent in SPARC processors remains to be seen. After all, trillions of dollars have already been invested in applications that run on Intel servers. But at the same time, IT organizations are investing billions of dollars in IT security products and services that in the main don’t actually contribute much to their bottom line.