This week, Supply Chain Matters is attending the Oracle Open World Conference being held in San Francisco. This year’s Open World has an overwhelming theme reflecting Oracle’s declared year of innovation related to Cloud computing. There have been a slew of product announcements, frankly too many to mention in any one blog commentary. In our previous Open World commentary, we focused on the announced SCM Public Cloud suite of applications.
Today, Oracle former CEO and now CTO Larry Ellison delivered his second keynote address and again reiterated all of the various new Cloud based products that have been announced. Several years ago, when Oracle declared that it would be more than just a software and middleware provider, many scoffed. In 2015, the fruits of a far broader strategy that emphasized engineered systems that spanned computing hardware, database systems, middleware, analytics and packaged applications has transformed to a provider now laser focused on enabling Cloud based computing from multiple dimensions. That includes a full competitive thrust at existing Cloud based infrastructure providers such as Amazon Web Services.
Supply chain teams are acutely aware of the mission-critical aspects for many cross-functional and cross-business processes. Security of information is a very, very big deal, in supply chain applications and considerations of deployment of many Cloud based applications will be centered in information security assurances. That is especially relevant for Cloud based order management, supply chain planning and supply chain business intelligence systems.
That is why it was so refreshing to hear a senior and quite influential tech senior executive publically declare today that information security is not what it should be. Ellison declared that tech vendors and users are not winning the current wave of cyber-battles, and that the “current state-of-the-art is not getting the job done.”
Oracle has therefore been on a mission to address data security in the Cloud with a design principle that information security must be implemented lower in the IT architecture stack, namely at the database level, where all data can be encrypted. Ellison further declared that security measures must be always on with no “off” buttons. “Users and IT should not be able to randomly turn on and off information security.”
To that end, Oracle announced a series of database security applications; the most profound is a new micro-processor termed M7 Microprocessor, which embeds information security at the silicon level. The micro-processor includes a hidden “color key” and lockset attached to every request for memory allocation. All queries to that data require validation of the key with any mismatch triggering a security alert. In non-IT terms, the analogy is that of an electronic toll booth, that each time you pass an electronic reader, your electronic tag is validated.
Ellison further challenged system selection teams evaluating a Cloud based application vendor to seek answers to two rather critically important questions:
“Can you, the Cloud hosting vendor, see our data?”
“Can your engineers and database administrators read our data?”
Ellison’s retort was that most Cloud vendors would have to answer yes to both of these questions, and that should be an unacceptable answer. Instead, Oracle has opted for an all-encryption Cloud-based data model where the encryption keys remain under customer control and/or custody.
For supply chain systems selection teams, these are important questions to resolve, particularly when considering information related to customers, suppliers, products and other proprietary data. Heed such advice and insure that your IT support team include information security requirements criteria and mitigation processes concerning any Cloud-based tech provider.