CloudComputing: "Oracle wants to remove the 'off' switch from security"

He emphasized the following points:

Oracle wants to remove the “off” switch from security, building it into computing by default at an ever-lower level of the technology stack.

As if it weren’t bad enough that retail credit card databases are being pilfered on a regular basis, this year the US government had to admit it lost 20 million personnel records, which included background checks and fingerprints. The CIA had to pull personnel out of embassies for fear that their cover had been blown.

Making security features optional may have made sense at one point, when security features like encryption had a greater impact on processing speed, but it doesn’t make sense anymore. One of the advantages of Oracle’s cloud services is that security will always be enabled by default.

One of the ways to make security better is to make it more fundamental to computing. It’s better to have security at the database level than in the application (although it’s okay to have both) because all applications can inherit that security. Similarly, it’s better to have security at the level of the processor than the operating system because silicon is more tamper-proof.

Oracle is acting on that belief with the SPARC M7, the latest generation of the processor family Oracle acquired with its purchase of Sun Microsystems in 2010. Beyond hardware-based encryption, which is enabled by default, the SPARC M7 is distinguished by a technology called “Silicon Secured Memory,” which blocks a widely exploited category of security bugs known as buffer overflows. In a buffer overflow, a rogue program gains control of data that should properly be under the control of another program. This was a factor in both last year’s Heartbleed SSL security vulnerability and the more recent Venom bug. Silicon Secured Memory can also weed out more innocent buffer overflows caused by programming errors.