Oracle's Ellison On AWS, The Fundamental Problem With Cloud Security, And Deploying The ‘Star Wars Cyber Defense’

Alarmist, Provocateur, Or Salesman?

Larry Ellison, Oracle's founder and executive chairman, is a master of sending shockwaves through the tech industry with a few lashes of the tongue.

In his keynote at Oracle OpenWorld on Monday, the celebrated, inimitable, and often-scorned provocateur made the case that the cloud—every cloud—is built with a flawed architecture that's fundamentally insecure.

The only provider Oracle's CTO called out by name—not a surprise to anyone who's heard him speak in the last few years—was Amazon Web Services. (AWS hasn't yet responded to a CRN request for comment. But it's only a matter of time till the public cloud kingpin fires back.)

In contrast, Oracle's Gen2 Cloud, dubbed OCI (Oracle Cloud Infrastructure), implements a bare-metal design architecture that foregoes placing any Oracle code on any physical machine hosting a customer workload. According to Ellison, that approach makes Oracle's infrastructure the industry's most-secure offering.

Here are some of the highlights of Ellison's keynote.

Star Wars Defenses

Oracle's second-generation cloud comes equipped with "Star Wars cyber defenses," Ellison said.

Specifically, that's two sci-fi sounding technologies: impenetrable force fields that surround customer resources, and killer robots that hunt down threats.

The "force fields" are essentially barriers that "surround each individual customer zone in our cloud so threats cannot spread from one customer area to another, so a malicious customer can't move laterally in our cloud."

The robots take advantage of the latest artificial intelligent to search for and destroy malicious software.

"The combination of those protect your data and protect our Gen2 cloud," Ellison said.

Amazon (And All Other Providers) Have Got A Big Problem, Says Ellison

All of Oracle's cloud competitors, including industry leader Amazon Web Services, have "a big problem," Ellison said.

"If you look at the AWS cloud," he told OpenWorld attendees, "the AWS cloud control code is sharing the computer with customer code. That means you better trust your customers. You better trust all your customers."

Because of that standard architecture, malicious customers, according to Ellison, can access all other cloud provider's control systems. And if they know what they're doing, they can hack the code and steal data from other customers.

That's "a fundamental problem with the architecture of the cloud," Ellison said.

Bare-Metal Benefits

The security benefits of OCI derive from the bare-metal architecture of Oracle's second-generation cloud infrastructure.

Oracle's Gen2 cloud hosts its cloud control code on independent, dedicated machines deployed on the perimeter of its network. To do that, the company had to develop new hardware configurations and software.

Bare-metal, however, doesn't necessarily mean single tenant, Ellison said.

Customers of course can opt for dedicated infrastructure if they'd like, or they can still host in multi-tenant environments for greater cost savings.

But Oracle will never put any of its code on a machine touching customer workloads.

"Users can have it all to themselves," Ellison said.

Not Good Enough

When it comes to security, the "current state-of-the-art is just not good enough," Ellison said. "Our smartest technology companies are routinely penetrated."

And "if the smartest among us, most security-conscious among us, have been attacked successfully, this is a big problem."

The attacks are coming more frequently, the attackers are smarter, and data is more vulnerable than ever. And most cloud providers—just about all other than Oracle—still operate infrastructure not purpose-built for the enterprise.

Fundamental Rearchitecting

Oracle has completed a game-changing project of building a new type of cloud capable of defending against the ever-evolving security challenges posed by modern-day hackers.

"It's hard to build secure cloud," Ellison said. "It required fundamental re-architecture. We did that."

While security was the primary concern, customers will be pleased with other benefits resulting from that project.

"When you move to our cloud you save money. When you move to their cloud, you pay more," Ellison said of AWS.


Self-Driving Database

The "most-important component of our Gen2 cloud is our autonomous database," Ellison told OpenWorld attendees.

Oracle is betting big that customers want databases that use machine learning to operate themselves. That self-driving functionality frees administrators from the mundane operational duties that occupy much of their time, reducing labor costs and eliminating human error from the equation.

The autonomous technology builds off the inherent security and automation advantages of Oracle's Gen2 infrastructure, he said.

Since introducing its 18c database at last year's OpenWorld, the database pioneer has made a lot of progress in advancing and bringing to market that self-managing, self-patching, self-healing technology, Ellison said.

Early versions of autonomous databases ran on shared Exadata machines. But for the most security-conscious customers, Ellison announced the new option to provision dedicated Exadata machines running entirely isolated in its public cloud.

Everything Is Going That Way

Oracle's Gen2 cloud infrastructure plays into a larger strategy that incorporates the entire stack.

The provider has now migrated its Fusion and NetSuite Software-as-a-Service applications to OCI infrastructure, extending the security benefits of its bare-metal cloud to the application layer, Ellison said.

"Everything's going in that direction," he said. "All of our SaaS applications, all of our customers."

Gen2 is "the only thing we are selling," Ellison said. "We are dedicated to this new, secure cloud."

OCI On Premises

Oracle is aggressively building data centers across the world. That footprint expansion can also extend into the customer's data center.

"We're willing to build our Gen2 cloud on your data center floor, just for you, no caveats," Ellison said.

OCI, when deployed through Cloud@Customer, an on-premises cloud offering, is "identical to what we have in our data centers."

That means the same barriers protecting against intrusions for its "most-security-conscious customers."

By the summer, customers running databases on first-generation Oracle infrastructure as part of Cloud@Customer will be able to upgrade to autonomous services with the push of a button, Ellison said.

Later in 2019, that will apply to the broader infrastructure offering, delivering Gen2 capabilities behind the customer's firewall.