Investing heavily in cloud security to make it autonomous: Oracle India's Aggarwal

Oracle Corp has been investing billions of dollars and forming strategic partnerships with cybersecurity companies in order to offer security services and solutions under its autonomous cloud services, a senior company executive said.

“We are building a lot of integrated products and solutions by forming intelligence-sharing partnerships globally in order to make the cloud offering self-repairing,” said Akshay Aggarwal, director, solution specialist, Oracle India. He added that many enterprises have started switching to cloud after seeing benefits such as cost effectiveness, agility and lesser time to market.

Aggarwal said companies need a different kind of security compared to old-age security information and event management systems, especially in a hybrid cloud environment. “You need a heterogeneous system that can take care of on-premise and cloud security at the same time. It will not only prevent a data hack but also scout for threats," he said.

Oracle, Aggarwal said, has a cyber defence system running on the cloud that not only encrypts data but also uses threat intelligence gathered from its partners to stop any attack to the cloud. "The intel comes from our partners and our huge install base of customers. The cloud security is monitored via Oracle’s Identity-based Security Operations Center (SOC), which can ingest data logs from all kinds of services be it storage or computation," he said.

The SOC framework provides comprehensive monitoring, threat detection, analytics and remediation tools across hybrid environments that include on-premises and cloud resources, he said. The security cloud services are designed to unify threat, user, and operational data from multiple sources, he added.

This means that instead of a company’s chief information officer or chief technology officer getting thousands of action items on his dashboard, the artificial intelligence and machine learning in the service only provides the significant action intelligence that needs human intervention. For example, if the cloud security service identifies a breach through a system, it will immediately cut it off the network and alert the IT administrator.

Aggarwal also said the SOC can be programmed with custom rules for different use cases that the enterprise feels necessary.

Besides, Oracle has identified that a lot of operational processes go hand in hand with security and hence has come up with a Trust Fabric solution that can be used to reduce time taken to respond to security threats. 

"The Trust Fabric model includes cloud infrastructure security and monitoring elements as well as identity and access management for customers. With Trust Fabric there is additional visibility into how an identity is being used, and activities can be monitored to help identify anomalous behaviors," he added.

This means that the cloud service can identify a behavioural anomaly in a network by a customer's user or employee and shut the person out before informing the IT administrator.

The senior executive also pointed out that most companies were in a hybrid environment with most of their workloads still on-premises and 30% on cloud.

For such companies who are hesitant to shift their workloads, Aggarwal said Oracle has designed a solution called Cloud at Customer that offers customers all the benefits of a public cloud environment, but behind their firewall (inside their own data centre) to ensure regulatory compliance. Several customers in regulated industries are benefiting from this offering, he added.