Oracle, a security company? – InfoSec Europe 2017

A couple of weeks ago I spent 3 days exhibiting at InfoSec Europe 2017 in London, an event I have been attending as either an exhibitor or visitor for a number of years. This year definitely seemed to be the busiest I have seen with a good mix of your usual, large vendors, as well as some great presence from the smaller security companies, clearly spending their annual marketing budgets getting their name out there with big, shiny stands.


So, what was Oracle doing at a security conference I hear you ask? Don’t worry, you are not alone! During the course of the event, a number of the visitors to the Oracle stand asked me that same question.

Questions such as:

“What does Oracle do in the security space?”

and, of course, my favorite,

“You’re just a database company, right?”

Yes, it’s true, Oracle is a database company and has been for nearly 40 years. However, in case you have been living under a rock for the last couple of decades, that is by no means all that we do. As the 2nd largest software company in the world, database is only one string of our considerable bow. In the security space, specifically around software, Oracle has strong security credentials at all layers of the stack from applications to disk. In fact, if you search on the history of Oracle you will find some interesting information related to the name “Oracle”, its history, and our first customer.

So, what were we talking about on the Oracle stand to demonstrate our credentials and to show that, actually, whilst we aren’t just a database company, we do have a market leading experience in this area which is extremely relevant to today’s security conversation?

1.      EU GDPR (Well, wasn’t everyone?)

Whether you like it or not, GDPR is coming and surveys show that the UK is woefully unprepared for it. It seemed that GDPR was this year’s buzzword at InfoSec with most stands relating their solutions to GDPR, even when the link seemed tenuous at best. However, unlike some vendors, Oracle was not proposing to make you “GDPR compliant” or to solve all of your GDPR challenges. We know our strengths and where we can help customers. Think about it, where is most of your personal, digital data, which is relevant to GDPR stored? Yes, you guessed it, in a database, and as the market leader, for many visitors to InfoSec, that is the Oracle database. We understand data and furthermore, know how to secure it at source. The Oracle database has a wide range of security controls, both built-in and as additional options, which can help mitigate a number of risks identified within GDPR. This is the same whether you are using the database on-premise or in the cloud.

Whilst we have technological controls, many of my conversations with customers on this topic identify the initial GDPR challenge as finding out where their sensitive data is, before they can even think about securing it. Therefore, we also had Oracle Consulting on the stand sharing their invaluable insight with visitors on what they are seeing on their projects and how they are helping customers with a pre-packaged GDPR engagement.

2.      Identity Security Operations Centre (SOC)

Identity management has had a chequered history at InfoSec. Some years, most of the Gartner MQ vendors are exhibiting, whilst other years, not so much. Why do I think that is? Well, for me it’s quite simple, I don’t see traditional IDM as a security problem. Yes, when done properly, IDM can reduce risk, but I see IDM as a business-driven project. However, I think the role of IDM is changing. Identity can no longer be treated as a standalone project. Looking at the bigger security challenges, Identity forms a crucial part of broader security monitoring and enforcement solutions. On Thursday at the event, we had Oracle’s Group Vice President for Security, Rohit Gupta, introduce Oracle’s Identity Centric SOC, looking at how we re-think traditional security monitoring tools by putting Identity at the centre and using Identity to drive security decisions and responses across all platforms, both on-premise and in the cloud. The Identity SOC framework is Oracle’s answer to delivering the next generation of SOCs, addressing the shortfalls of traditional SOCs using the latest technological innovations such as machine learning.

 3.      Cloud Security

Following on from the previous theme of Identity SOC, many customers have solutions in place for monitoring and controlling usage of on-premise applications, however, the same controls don’t exist for cloud-based services. I spend most of my time talking to customers about their cloud strategies. We know most organizations are already on the cloud journey, whether dipping their toe in the water, or already adopting a full cloud-first strategy. However, we also know that security in the cloud is still one of the main concerns of C-level executives. We were talking about our Cloud Access Security Broker, how it can deliver against a new set of cloud security requirements, and how it forms a key part of the previously mentioned Identity SOC framework.

 4.      Oracle Cloud Security

Probably the biggest surprise for many of the visitors to the Oracle stand is that Oracle has a Cloud. Unbeknown to some of the visitors I spoke to, Oracle actually has the most complete cloud on the market, with the broadest range of services covering Data, Software, Platform, and Infrastructure as-a-Service. Just go to to see the breadth of our capabilities. N.B. If you are interested in trying Oracle Cloud, we are currently offering $300 of free credits.

As mentioned previously, security of the cloud is one of the major concerns of C-level executives. This is the same irrespective of which cloud vendor you are using. Therefore, we spent a lot of time at InfoSec talking to visitors about how Oracle has a secure, enterprise cloud, giving them the confidence that, in many cases, the Oracle Cloud is actually more secure than their existing on-premise systems.


So, hopefully, I will have broadened your mind around Oracle’s capabilities. Of course, I haven’t even touched on some of the other security areas which are key for Oracle, such as the security innovations within our latest SPARC processors. That can be for another day.

Yes, Oracle is a database company and proud of it, but we do SO MUCH more.

I wonder what the ‘buzzword’ will be at next years InfoSec?


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.