http://www.informationweek.com/news/showArticle.jhtml?articleID=193006361 By Larry Greenemeier InformationWeek Sep 27, 2006 Oracle on Wednesday announced its next steps in its security strategy, disclosing plans to integrate security into its applications line and broaden Secure Enterprise Search. Oracle has spent a lot of money to ensure it's taken seriously as a security vendor, buying up a number of access management, identity management, and other security software makers. At a security strategy briefing Wednesday, Oracle promised to integrate security into the Fusion applications it will make available beginning in 2008. The company also plans to next month broaden its relatively new Secure Enterprise Search capability by allowing the search engine to go beyond Oracle applications and databases to access e-mail and file systems. Oracle's reach when it comes to security is extensive. On the database side, the company offers its Advanced Security Option for data encryption, Database Vault for protecting against insiders seeking to abuse their data access privileges, Label Security for designating data for different levels of security, and Secure Backup for encrypting backup tapes. Oracle also covers a variety of identity management capabilities, including directory services, authentication, Web-services access control, and single sign-on for multiple applications. Oracle counts auditing and compliance applications as part of its security arsenal as well. In fact, compliance has been a big driver of the security business, Thomas Kurian, Oracle's senior VP of server technology said Wednesday. Compliance has helped companies get buy-in to security initiatives more than the simple "fear factor" of not having adequate security, he said. What distinguishes products in the security space now is the ability to automate security processes such as identity management and data protection. "With Fusion, we will integrate all of these capabilities in our enterprise applications out of the box," Kurian added. This doesn't mean, however, that Oracle's stand-alone security applications available today will fade into obscurity. They will still be needed to manage non-Oracle applications, Hasan Rizvi, Oracle's VP of identity management and security, said. Secure Enterprise Search lets employees look for information throughout their companies' databases and applications. "Customers said they want to let their users search like it's Google but without giving them access to information they shouldn't see," Oracle Co-President Charles Phillips said. Secure Enterprise Search, launched in March, is designed to work with enterprise portals built using Oracle Portal, as well as database applications built on the Oracle Database. The company is planning to add adapters to allow the searching of applications including Microsoft Exchange and SharePoint as well as Lotus Notes, and will make more information available about this available during its OpenWorld conference in late October. In focusing on security, Oracle has definitely identified a ripe market opportunity, the same market IBM is pursuing with its recent acquisition of Internet Security Systems and EMC is pursuing in its acquisition of RSA Security, says Jon Oltsik, a senior analyst with Enterprise Strategy Group. But a customer's eagerness to add security to their IT infrastructure isn't going to prevent them from asking tough questions. Although the past isn't always an indicator of the future, IT security pros aren't likely to forget bad experiences they've had during Oracle's quarterly critical patch updates. "Oracle has a reputation of selling snake oil when it comes to security, mostly related to the quality of their products," he adds. For Investors Bank & Trust, a wholly-owned subsidiary of Investors Financial Services Corp. that already makes use of Oracle E-business applications and databases, convenience can't be overlooked in Oracle's appeal as a security provider. The financial services firm has for the past two years been getting its access and identity management technology from IBM. "Will Oracle put something out that might require us to take a second look? For sure, if it would save us some integration work," says Charles Dennis, director of enterprise applications for Investors Bank & Trust. If Oracle is able to build security into their products, as they're promising to do with their Fusion applications, "then their software becomes more compelling." Still, Oracle's Fusion plans are off in the distance. In the meantime, in the identity management space alone, Oracle faces stiff competition from longtime rivals CA, IBM, and Sun Microsystems, to name a few. The question isn't whether Oracle can sell security to its own customer base but rather if it can sell to its competitors' customers. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:44:23 PDT