[ISN] Oracle Promises Security In Fusion But Customers Will Have To Wait

From: InfoSec News (alerts@private)
Date: Thu Sep 28 2006 - 00:29:16 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=193006361

By Larry Greenemeier
InformationWeek
Sep 27, 2006

Oracle on Wednesday announced its next steps in its security strategy, 
disclosing plans to integrate security into its applications line and 
broaden Secure Enterprise Search.

Oracle has spent a lot of money to ensure it's taken seriously as a 
security vendor, buying up a number of access management, identity 
management, and other security software makers.

At a security strategy briefing Wednesday, Oracle promised to integrate 
security into the Fusion applications it will make available beginning 
in 2008. The company also plans to next month broaden its relatively new 
Secure Enterprise Search capability by allowing the search engine to go 
beyond Oracle applications and databases to access e-mail and file 
systems.

Oracle's reach when it comes to security is extensive. On the database 
side, the company offers its Advanced Security Option for data 
encryption, Database Vault for protecting against insiders seeking to 
abuse their data access privileges, Label Security for designating data 
for different levels of security, and Secure Backup for encrypting 
backup tapes. Oracle also covers a variety of identity management 
capabilities, including directory services, authentication, Web-services 
access control, and single sign-on for multiple applications. Oracle 
counts auditing and compliance applications as part of its security 
arsenal as well.

In fact, compliance has been a big driver of the security business, 
Thomas Kurian, Oracle's senior VP of server technology said Wednesday. 
Compliance has helped companies get buy-in to security initiatives more 
than the simple "fear factor" of not having adequate security, he said. 
What distinguishes products in the security space now is the ability to 
automate security processes such as identity management and data 
protection. "With Fusion, we will integrate all of these capabilities in 
our enterprise applications out of the box," Kurian added.

This doesn't mean, however, that Oracle's stand-alone security 
applications available today will fade into obscurity. They will still 
be needed to manage non-Oracle applications, Hasan Rizvi, Oracle's VP of 
identity management and security, said.

Secure Enterprise Search lets employees look for information throughout 
their companies' databases and applications. "Customers said they want 
to let their users search like it's Google but without giving them 
access to information they shouldn't see," Oracle Co-President Charles 
Phillips said. Secure Enterprise Search, launched in March, is designed 
to work with enterprise portals built using Oracle Portal, as well as 
database applications built on the Oracle Database. The company is 
planning to add adapters to allow the searching of applications 
including Microsoft Exchange and SharePoint as well as Lotus Notes, and 
will make more information available about this available during its 
OpenWorld conference in late October.

In focusing on security, Oracle has definitely identified a ripe market 
opportunity, the same market IBM is pursuing with its recent acquisition 
of Internet Security Systems and EMC is pursuing in its acquisition of 
RSA Security, says Jon Oltsik, a senior analyst with Enterprise Strategy 
Group. But a customer's eagerness to add security to their IT 
infrastructure isn't going to prevent them from asking tough questions. 
Although the past isn't always an indicator of the future, IT security 
pros aren't likely to forget bad experiences they've had during Oracle's 
quarterly critical patch updates. "Oracle has a reputation of selling 
snake oil when it comes to security, mostly related to the quality of 
their products," he adds.

For Investors Bank & Trust, a wholly-owned subsidiary of Investors 
Financial Services Corp. that already makes use of Oracle E-business 
applications and databases, convenience can't be overlooked in Oracle's 
appeal as a security provider. The financial services firm has for the 
past two years been getting its access and identity management 
technology from IBM. "Will Oracle put something out that might require 
us to take a second look? For sure, if it would save us some integration 
work," says Charles Dennis, director of enterprise applications for 
Investors Bank & Trust. If Oracle is able to build security into their 
products, as they're promising to do with their Fusion applications, 
"then their software becomes more compelling."

Still, Oracle's Fusion plans are off in the distance. In the meantime, 
in the identity management space alone, Oracle faces stiff competition 
from longtime rivals CA, IBM, and Sun Microsystems, to name a few. The 
question isn't whether Oracle can sell security to its own customer base 
but rather if it can sell to its competitors' customers.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:44:23 PDT