If you don’t think cybersecurity is a selling point these days, you’re probably not doing as well as you could be–no matter what it is you do in digital. Larry Ellison is dialed into this new home truth, and may well be poised to overtake Amazon because of it.
The America’s Cup champion and founder of database giant Oracle, is chasing Jeff Bezos at the moment, but he could very well supplant Amazon as the preeminent cloud services provider. The linchpin to Oracle’s new cloud strategy: Cybersecurity.
Oracle is pointing machine learning security techniques to a deeper digital space where security vulnerabilities often lurk–the database layer of company networks. This is just part of Oracle’s new family of cloud services; but it may be the most important piece.
It remains to be seen how successful Oracle will be in its attempt to transform itself into a cloud services provider. No matter how it plays out, the Ellison vs Bezos Battle Royale will be fascinating to watch. It could accelerate the pace of cloud services adoption, and more crucially, it could drive security deeper into the fabric of next-generation business networks.
Cloud sticking point
It should be no surprise that Ellison fixed his sights on the cloud market. Research firm IDC says worldwide spending on public cloud services and infrastructure is on track to reach $277 billion in 2021, up from $160 billion in 2018. Companies are nimbly innovating as they increasingly tap Amazon Web Services, Microsoft Azure and Google Cloud for cloud data storage, and also to develop and run mission-critical software.
The biggest sticking point is security. Under the “shared responsibility” security model proffered by the Big Three, the complex burden for securing business networks that use cloud services resides with customers for the most part. Meanwhile, this model is rife with fresh attack vectors, and hackers have only just begun to take advantage of them. The hack of Uber which compromised the sensitive data of 50 million customers and drivers, and the attack on Tesla’s servers by cryptominers are two prime examples of how easy it is to infiltrate companies through their cloud services layer.
Microsoft, Amazon and Google don’t dispute this. Each has taken steps to weave more security into the cloud services they’re selling. But there’s plenty of room to do more, which is where Ellison sees his opportunity. Oracle is now seeking to deliver next-generation cloud services built around autonomous databases leveraging machine learning in a big way.
Machine learning game-changer
Oracle is betting the security component of its new cloud services offerings will be a game changer. According to Ellison, Oracle’s cloud services, driven by machine learning, will be self-monitoring, self-aware, and capable of doing repetitive tasks at a pace that would require an army of security analysts to do manually.
Machine learning refers to a process where computers are given access to mountains of data, along with a set of analysis criteria (created by an actual human being). The computers run calculations, at an extremely quick pace called machine scale, and deliver more accurate results the deeper they get into the dataset. Amazon has intensively used machine learning to determine the best product recommendations for its customers, and Google, Facebook and Microsoft use it to deliver both better search results and news feeds–in addition to their mission-critical deliverable: serving hyper-targeted advertising.
In the last few years, cybersecurity vendors have also begun integrating machine learning into their detection and protection systems, which makes perfect sense. The typical corporate network is a source of large, ever growing datasets, continually generated by disparate systems that now often include a cloud component. Hidden in this tumult of network logs are the behavior profiles of threat actors who actively steal and disrupt–or work towards being in a position to do so.
Ellison contends we’re losing the cyberwar because criminals are using automated attacks, while those responsible for defending networks rely primarily on human analysts tasked with sifting through mountains of traffic logs with the most rudimentary digital tools. That’s overstating it, somewhat, but not by much. He claims Oracle’s new cloud offerings will shift daily combat to machines vs. machines, and thus significantly level the playing field.
Oracle is setting out to do this by directing ML security techniques at the database layer. Oracle has long been the premier supplier of database management systems to large enterprises, so this is very much in its wheelhouse. It now wants to deploy ML to continually analyze each and every instance of any human, or machine, accessing a database.
These database activity observations can be cross referenced against readings from legacy security systems already in place, such as firewalls and intrusion detection systems–and even against employee usage patterns of popular cloud-based work tools, like Office 365 and Box. If something looks amiss–for instance, if a user begins to access and route data in an unusual way–a range of automated actions gets triggered that is designed to limit damage, without disrupting workflows.
As always, the devil is in the details, and Oracle will have to demonstrate that its approach can materially improve security without hindering productivity. It will be fascinating to see if Oracle can realize Larry Ellison’s goal to overtake Amazon in cloud services – while using database-level, automated security as a key selling point.
Regardless, this is a fresh path to security-by-design as a mainstream concept. Our reliance on digital systems is only going to increase. To bring cloud computing and the Internet of Things into full fruition demands a cybersecurity sea change–matching fire power with fire power against the bad guys–something along the lines Ellison proposes, and the sooner the better.