Larry Ellison, Oracle’s executive chairman and CTO, was on his game at Oracle OpenWorld in San Francisco last week, delivering two keynote addresses on urgent business-technology priorities and mixing it up with customers at the event’s Leaders Circle forum.
Ellison, as always, didn’t pull his punches, commenting on (among many other topics) the flimsy state of corporate information security practices, the inferior performance of competing cloud offerings, the robust pipeline of software engineering talent, and why a prominent rival is envious of Oracle’s flagship product. Here’s a snapshot of his comments.
Take Human Error, Inertia Out Of Security
Why is it that the worst data thefts have occurred after a software patch was available to prevent the system vulnerability that the hackers ultimately exploited? It’s often because the target organization never applied the patch, usually because applying it would have required the organization to take its systems down, Ellison said during his opening keynote address.
It’s one of the proof cases for the value of Oracle’s next-generation database management system, the fully automated Oracle Database 18c, which Ellison unveiled and described in detail. The “self-driving” Oracle Database 18c will automatically and continuously patch, tune, back up, and upgrade itself without human intervention, all while the system is running, he said.
“No one likes to bring their system down,” Ellison said, noting that the recent Equifax breach, which exposed (at last count) about 143 million Americans’ personal information, appeared to be largely the result of human error—a failure to patch the open source Apache Struts software in its computer systems. “It’s called scheduled downtime. So you either have to proactively schedule emergency downtime or wait for the next scheduled downtime, and then apply the patch if the human beings think it’s important enough.”
He continued: “Anyway, it’s a human process. It relies on scheduling database downtime, lack of availability of the system. There are a lot of approvals up and down the chain that have to occur. That doesn’t work. Doesn’t work. Didn’t work at Equifax. Didn’t work at the Office of Personnel Management.” (The federal agency fell victim to a major data breach in 2015.)
In demonstrating the price-performance advantages of Oracle Database 18c, Ellison walked Oracle OpenWorld attendees through six real-world workloads, comparing Oracle’s autonomous database in the Oracle cloud to the Oracle database in the Amazon Web Services cloud and AWS’s own Redshift database in the AWS cloud.
“We’ve been working on this for a very, very long time,” Ellison said of the company’s new autonomous database. “And now we’ve reached the point where the system is totally automated, and you get to take advantage of all of this and get incredibly high degrees of availability and performance. But the shock is, you have to be willing to pay much less.”
Ellison continued: “AWS is, you hire a lot of people to install the system and provision the system, and you have to tune the database, unload, and reload the database. [And it] requires a lot of expertise and a lot of administration, is very expensive in terms of labor, is subject to human error, and [you get] a very big bill from Amazon compared to a much smaller bill from Oracle.”
Another Tool in Security Operations
Complementing Oracle’s autonomous, self-patching database system is the industry’s first cloud-native, integrated security and systems management suite—Oracle’s Identity Security Operations Center portfolio of services coupled with Oracle Management Cloud.
Like Oracle Database 18c, these integrated cloud services, which Ellison introduced during his second keynote at Oracle OpenWorld, rely on machine learning. In this case, the machine learning algorithms identify anomalous patterns in reams of data pulled together from a variety of enterprise databases, servers, and applications. This application of machine learning is designed to help companies forecast, quickly detect, and ward off security attacks as well as system performance issues.
“The real problem is loss of information,” Ellison said. “If your system is down and you can’t sell tickets or sell flashlights or whatever you’re doing on your online system, that’s not good—you’d like the system to be available all the time. But you don’t get called in front of Congress for that. If you lose data, that’s a big problem. And that’s fundamentally what…our system is designed to protect against.”
Competing security systems “take all the different log data and use it in such a way that it’s left in separate silos,” Ellison said. “ …They just help you analyze the log. They don’t fix anything.”
Do Companies Take Security Threats Seriously Enough?
Unfortunately, only the people whose jobs focus on security tend to take security very seriously, Ellison said during his second keynote.
The people with other data center jobs—network engineers, system and storage admins, application managers, and other technical people—often see security as a distraction from getting their day jobs done. “Sometimes, when there’s a security audit, they say, ‘Well, no, no, no, no. You’re just slowing me down. I can’t do all this stuff,’” Ellison said.
He offered a real-world example—his experience with a large company that was acquiring a cloud-based HR system. Ellison recalled saying to the company’s CIO: “I don’t want to sell you anything. I’m just telling you, before you acquire what you’re planning on acquiring, you should look at all the security vulnerabilities in the system you’re looking at.” The CIO’s response, according to Ellison? “Well, the HR team is making that decision. They like this system. We don’t think it’s any worse than what we already have.”
And this was a company in an industry ostensibly very much attuned to matters of security.
Ellison drew a contrast with the aviation industry, where safety has always been a very big deal. “We just don’t tolerate airplane crashes,” he said. “We really don’t. And there are very few airplane crashes. …Ford said quality is Job 1. In aviation, safety is Job 1. Security in our data centers? I don’t know, what is it—Job 10? It’s really not prioritized. And I think we have to rethink that.”
Cracks in the Engineering Pipeline?
At Leaders Circle, an event for CXOs, an audience member asked Ellison for his view on the depth of the software engineering pipeline. “I think there’s more talent now than there’s ever been,” he responded. “And the talent is obviously all over the world. We have more engineers on the planet Earth than ever before.”
One point of concern, however, is the fact that China is producing engineers far faster than the US or any other country. “But they’re good at some stuff and we’re good at other stuff,” Ellison said. For instance, he said, China is adept at engineering automated factories, while US companies (and their Indian partners) are very good at engineering certain kinds of software. “We still have the best engineering schools in the world, and people from all over the world save money to send their kids to our schools,” Ellison noted.
He added: “We’d love it if the United States had an immigration policy that was more friendly to people with specific skills like engineering and mathematics and science. If you just got your PhD at Stanford University, I think they should staple a green card to your diploma.”
Database Remains King
Another audience member, acknowledging that Oracle has become a cloud-centric company, asked the chairman and CTO what kind of company he thinks Oracle will be in 10 years. Ellison’s answer: a database company.
It’s not that the Oracle cofounder is looking in the rearview mirror to the company’s beginnings 40 years ago. Instead, Ellison was emphasizing just how important the database remains, and will remain, in this era we call the Information Age.
To make his point, Ellison noted that he sees eye to eye on this matter with a prominent adversary: Microsoft CEO Satya Nadella. When asked by Bloomberg recently which technology he wishes Microsoft had developed first, Nadella pointed to the relational database, a product Oracle developed and was first to commercialize in 1979.
“Why did he say Oracle? Well, he’s a pretty smart guy—even smarter than I thought,” Ellison cracked. “It’s called the Information Age. It’s not called the Web Search Age. It’s not called the Social Media Age. It’s called the Information Age. And we manage most of the world’s high-value information.
“And that’s a pretty good place to be,” he said, regardless of whether that technology runs on a computer in a customer’s data center or in an Oracle data center.
Rob Preston is editorial director in Oracle’s Content Central organization.
Safe Harbor Disclaimer: The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remain at the sole discretion of Oracle.
Statements in this article relating to Oracle’s future plans, expectations, beliefs, and intentions are “forward-looking statements” and are subject to material risks and uncertainties. Such statements are based on Oracle’s current expectations and assumptions, some of which are beyond Oracle’s control. All information in this article is current as of October 6, 2017, and Oracle undertakes no duty to update any statement in light of new information or future events.