The threat landscape is changing every moment and cybercrime is perhaps the most deadly weapon today. Every day, every minute there is news trickling in of compromised systems. Experts say that it is only going to get worse. According to estimates, the cost of cybercrime was $600 billion in the past year. The top management of companies is struggling to deal with cyber security challenges. The entire landscape is changing in a way that has never happened before. Muqbil Ahmar (MA), Executive Editor, Grey Head Media spoke to Akshay Aggarwal (AA), Cloud Specialist Director – Manageability & Security, Oracle APAC, on a variety of issues. Here’re the excerpts:
MA: How do you see the changing threat landscape? How can it be managed in a scenario where there is multi-fold increase in cyber-attacks?
AA: The threat landscape has grown by leaps and bounds. Cybercrime is on the rise. The traditional, on-premises based Security Incident and Event Management (SIEM) is no longer effective to protect your enterprise IT assets. We profess a brand new systems approach. Our systems run on the cloud and make use of artificial intelligence (AI) and machine learning (ML) to protect both on-premises and cloud environments. This helps us detect and respond to security threats automatically instead of waiting for people to act upon it. As the threat landscape continues to evolve, the nature of attacks will change so much that one won’t be able to tackle it manually. You will need a cloud-based approach aided by big data engine powered by advanced machine learning in order to stay relevant.
MA: Data is the real asset, whether it resides on-premises or in the cloud. How do you prepare your customers for a credible defence?
AA: We work closely with customers to ensure their data security. In this context the first step is to leverage data protection technologies such as encryption, masking, and redaction. Even then if hackers are able to penetrate the defence and reach the database, the data still remains secure and will be of no use for the hacker. Hence, it’s important to ensure that data must be protected wherever it resides.
The second part is that there are still security systems operating based on the traditional perimeter of a firewall. This needs to change. People are accessing systems via Internet and using all kinds of smart devices. Therefore, the traditional approach of having a firewall isn’t enough. In such a scenario, the identity should be considered as the new perimeter in order to bring accountability into who is doing what, when and where, so that you are able to take actions quickly. With identity being the new perimeter, customers should deploy a strong identity governance system to manage their people and systems who are spread all over the globe. Additionally, regular configuration and compliance management of all systems should be put in place.
MA: Organisations are migrating their workloads from on-premises to a multi-cloud infrastructure in order to have agility and scale. How do they ensure security across all these environments?
AA: True. Enterprises are moving a lot of their systems and applications in to the cloud. This has a big security implication. Most organisations globally use Oracle database to run their systems and applications. Therefore, it’s our responsibility to ensure the security of our customers’ data. We follow a ‘data encryption by default’ approach to ensure that all the layers of security are in place.
Using hybrid environments on cloud makes the issue of security even more complex. Companies had greater control when the IT footprint was limited to on-premises IT assets, but it’s no longer the case now. While the cloud service provider has a set of responsibilities to ensure their cloud assets are secured holistically from core to edge, the enterprise customers carry equal responsibility to ensure their cloud usage is done so in a secured manner. This is called the “shared responsibility model for cloud usage”.
MA: When systems are running on the cloud, we need a very strong and intelligent cyber defence system. How is Oracle dealing with cloud security? What is the concept behind the Trust Fabric?
AA: We have come up with an end-to-end, integrated cyber defence called the Trust Fabric. It helps us capture information from all sources – on-premises infrastructure and the cloud. Trust Fabric is able to embrace all these systems in a manner that you have complete knowledge of where the systems are running, what different activities are taking place in these systems and you are able to utilise some of the latest technologies like AI and ML to your advantage. In today’s digitally connected world we need a cyber-defence system, which can practically elicit information from all the systems and is able to apply ML to your advantage to do correlation and pattern detection and provide an identity-based context to the threats, which are emanating from all over. The system has to be responsive and should be able to take self-remedial actions based on the intelligence it carries to heal itself, what we call as self-healing.
MA: What differentiates Oracle from other security vendors? What’s distinct in your approach towards data security?
AA: Oracle has been managing the bulk of the world’s information, securely for many decades. We develop technology, which can be used by large enterprises, securely, with high performance. Perhaps we’re one of the rare end-to-end, fully integrated cloud players with a full stack approach that includes Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) and Data as a Service (DaaS). We have the highest number of cloud service offerings available and we can leverage all those services to run together so we have better control on all these systems. Other players, with a piecemeal strategy, will find it difficult to ensure integrated security for customers as they might not necessarily be able to control solutions/services of other vendors.
MA: Tell us more about your autonomous play and the security benefits.
AA: Similar to the concept of the autonomous cars, we believe that considerable portions of technology can ultimately run by themselves. The future of successful IT organisation lies in end-to-end automation. So, we are weaving AI capabilities into our entire cloud portfolio.
Oracle’s Autonomous Database is one of the world’s few “self-driving, self-securing and self-repairing” databases. With machine learning, Oracle Autonomous Database redefines data management and takes complexity out of a business critical database to enable unprecedented availability, high performance, and security at a lower cost.
In a nutshell, by leveraging autonomous cloud services, businesses can deliver new capabilities and more business value faster, while strengthening the security apparatus at the same time.
MA: How is Oracle leveraging Artificial Intelligence and Machine Learning to enhance your product portfolio specially in the security domain?
AA: We look at AI holistically. We embed AI across many of our business and technology services. Our data scientists are trying to build models that can solve key business problems and eliminate the need for you to build, train, and fine tune a team to embed AI on your own. Adding machine learning and cognitive interactions to traditional business processes and applications enables greatly improved user experience and productivity.
In addition to Oracle AI Platform Cloud Service, which includes high-performance training and operational infrastructure, Oracle embeds ready-to-use AI and machine learning capabilities across Oracle’s SaaS, PaaS, and IOT services, including cognitive AI, analytics, data services, IT management, and security operations.
For example, there was a customer who got several thousand security alerts and didn’t have the required number of cyber security personnel to sift through those alerts and identify which of those alerts were real. We advised them to move the data into our cloud repository. We got all the records and using machine learning, we were able to narrow down the key alerts (for which immediate action was necessary) to just 300, which were basically business-oriented, actionable items. We ensured that every variant was being recorded and converted. Now the security team of the customer has a better way of handling real-time threats rather than handling millions of alerts. This is one of the best use cases of machine learning, wherein you are able to narrow down the set of actionable items by running advanced analytics algorithms. This is making the data more usable and providing insights to take business actions. Particularly, in the case of security, you have to make sure that your systems are self-sufficient to identify the threats and quickly respond to it without waiting for external intervention.
MA: Finally, you think Indian enterprises are ready to tackle any big security breach or attack?
AA: There is definitely scope for improvement. There’s more to be done on this front. Indian organisations are much more advanced in terms of modern technology deployment than some of their APAC peers. The faster Indian businesses take a holistic, innovative view to security, the better off they’ll be in terms of cyber resilience.