In an era where technology is ever-present in our daily routine, security and privacy are issues of serious concern. Marcel Rizcallah, Security Domain Leader for EMEA region at Oracle, shared his thoughts on security, privacy and Oracle’s first autonomous database at the 12th Telecom Review Leaders’ Summit, held in his native Lebanon.
A video link of the interview is here.
A transcript of the interview is below:
You’re assisting at the 12th Telecom Review Leaders’ Summit. What do you think of the topics tackled so far, and why did you choose to attend?
I think it’s a very interesting event because it’s focused on the telecom market and 5G. 5G’s going to be amazing, with all the use-cases and new business opportunities it offers. I chose to attend because I’m proud that this is happening in Lebanon. I’m Lebanese, and I wanted to see what ideas, innovations and added value Lebanon could provide. It’s also an opportunity for Lebanon to have more business opportunities and attract talent from outside in telecom and 5G.
Oracle redefined data management with the world’s first autonomous database. How important is this form of database to companies?
This is really, really key from a security perspective because today if we look at security breaches, most of them are coming from the inside. People access the database directly and can see everything. Databases are not patched, and database performance is not good enough, or there’s a lot of access and the database crashes. And the cost of maintaining all that is huge for an organisation. You have to have the right skills, the right people, and they invest all their money in maintaining instead of innovating. Oracle’s Autonomous Database is a great opportunity to lower all that investment and cost for customers. It’s self-secure, it’s self-patching, and it’s self-operating — thereby increasing and optimising performance. It’s going to be a big opportunity for customers to reduce a portion of costs and focus more on innovation and having something running and secure all the time.
Oracle is known for the security it offers its clients. With cyber-threats on the rise, are there any new forms of technology that you’re adopting to improve your services even more?
Absolutely. First, when going into the cloud, the cloud needs to be highly secure. So we have implemented all the classic security measures in the cloud. We have encryption, we have a network firewall, we have identity access management, anti-virus — all that. But there are new threats and challenges in the cloud. The organisation is no longer the perimeter. You don’t go into your office to access the cloud. You use your mobile from wherever in the world you are to access your organisation or company cloud systems. So what you need to secure that is to analyse user behaviour. You need machine learning to understand what the user used to do, and if he’s suddenly doing something different, it might be a bot doing that. We’re investing heavily in machine learning, artificial intelligence, app security, user-behaviour analytics and log analytics to predict and detect breaches before they happen.
According to your Top 10 predictions for 2019, by 2025 all AI and emerging technologies will double business productivity. In your opinion, what are some possible drawbacks of these types of technologies?
First, I would say ‘privacy’. Privacy is going to be very challenging because these technologies learn about user behaviour, and knowing more about user behaviour means knowing more about the user himself. What we need is, at a given time, to forget that behaviour. When the user wants to change his mind-set or his behaviour or wants something else, we need to be able to erase all that.
The second thing is that we need people to be able to operate those kinds of systems. Systems will be more or less automatic: they will trigger alerts automatically, something we’ll learn about a user will highlight risk, but maybe they’re not a real risk. Maybe it’s normal behaviour, and the system will say ‘no, that’s not normal.’ So we need people that can understand that – data scientists who can interact with those intelligent systems and put them on the right track.
Finally, what we still need even if security is being embedded more and more in these systems — which would react intelligently and automatically to breaches — we still need people who can understand and operate those systems. There’s a lack of skills today on the market — security skills, data scientists. We need more people who understand that. Classic security operations will require fewer people to implement or deploy a security patch or configure a firewall, for example. But we need people who can operate a security solution and understand all the intelligence involved.
Read more about Oracle Security from Marcel Rizcallah:
- Can a security product address your organization´s EU GDPR requirements? here
- How to prepare your customers to limit exposure to data breaches? here