By Larry Greenemeier
Sep 27, 2006
Oracle on Wednesday announced its next steps in its security strategy,
disclosing plans to integrate security into its applications line and
broaden Secure Enterprise Search.
Oracle has spent a lot of money to ensure it's taken seriously as a
security vendor, buying up a number of access management, identity
management, and other security software makers.
At a security strategy briefing Wednesday, Oracle promised to integrate
security into the Fusion applications it will make available beginning
in 2008. The company also plans to next month broaden its relatively new
Secure Enterprise Search capability by allowing the search engine to go
beyond Oracle applications and databases to access e-mail and file
Oracle's reach when it comes to security is extensive. On the database
side, the company offers its Advanced Security Option for data
encryption, Database Vault for protecting against insiders seeking to
abuse their data access privileges, Label Security for designating data
for different levels of security, and Secure Backup for encrypting
backup tapes. Oracle also covers a variety of identity management
capabilities, including directory services, authentication, Web-services
access control, and single sign-on for multiple applications. Oracle
counts auditing and compliance applications as part of its security
arsenal as well.
In fact, compliance has been a big driver of the security business,
Thomas Kurian, Oracle's senior VP of server technology said Wednesday.
Compliance has helped companies get buy-in to security initiatives more
than the simple "fear factor" of not having adequate security, he said.
What distinguishes products in the security space now is the ability to
automate security processes such as identity management and data
protection. "With Fusion, we will integrate all of these capabilities in
our enterprise applications out of the box," Kurian added.
This doesn't mean, however, that Oracle's stand-alone security
applications available today will fade into obscurity. They will still
be needed to manage non-Oracle applications, Hasan Rizvi, Oracle's VP of
identity management and security, said.
Secure Enterprise Search lets employees look for information throughout
their companies' databases and applications. "Customers said they want
to let their users search like it's Google but without giving them
access to information they shouldn't see," Oracle Co-President Charles
Phillips said. Secure Enterprise Search, launched in March, is designed
to work with enterprise portals built using Oracle Portal, as well as
database applications built on the Oracle Database. The company is
planning to add adapters to allow the searching of applications
including Microsoft Exchange and SharePoint as well as Lotus Notes, and
will make more information available about this available during its
OpenWorld conference in late October.
In focusing on security, Oracle has definitely identified a ripe market
opportunity, the same market IBM is pursuing with its recent acquisition
of Internet Security Systems and EMC is pursuing in its acquisition of
RSA Security, says Jon Oltsik, a senior analyst with Enterprise Strategy
Group. But a customer's eagerness to add security to their IT
infrastructure isn't going to prevent them from asking tough questions.
Although the past isn't always an indicator of the future, IT security
pros aren't likely to forget bad experiences they've had during Oracle's
quarterly critical patch updates. "Oracle has a reputation of selling
snake oil when it comes to security, mostly related to the quality of
their products," he adds.
For Investors Bank & Trust, a wholly-owned subsidiary of Investors
Financial Services Corp. that already makes use of Oracle E-business
applications and databases, convenience can't be overlooked in Oracle's
appeal as a security provider. The financial services firm has for the
past two years been getting its access and identity management
technology from IBM. "Will Oracle put something out that might require
us to take a second look? For sure, if it would save us some integration
work," says Charles Dennis, director of enterprise applications for
Investors Bank & Trust. If Oracle is able to build security into their
products, as they're promising to do with their Fusion applications,
"then their software becomes more compelling."
Still, Oracle's Fusion plans are off in the distance. In the meantime,
in the identity management space alone, Oracle faces stiff competition
from longtime rivals CA, IBM, and Sun Microsystems, to name a few. The
question isn't whether Oracle can sell security to its own customer base
but rather if it can sell to its competitors' customers.
Visit the InfoSec News store!