Well, not really. If you read my co-worker Gurmeet's Blog, you’ll see the Exadata SL6 is one incredible machine. However, I want to talk about a very important aspect of the Exadata SL6 that I don’t think is getting enough play: its security features.
We’ve been fighting the security battle for years now and it has become a booming business estimated at $445 billion in 2016. You could even say that hackers are the new mafia. But that’s just the business side of cyberattacks. There’s also state-sponsored cyberattacks. It’s really cyberwarfare and it’s playing out every day around the globe with every credit card transaction, every mobile phone call and every social media interaction. Somewhere, someone is being cyberattacked while you read this. It’s estimated that it costs the healthcare industry $200,000 every minute of every day worldwide.
Now, I’m not trying to be alarmist. But we need to talk about this. For decades, we’ve worked hard to protect our data centers by attempting to keep people out. And that worked for a while.
It’s much like the castles and keeps of the middle ages. Build a big, strong wall and keep the bad guys out. However, much like those castles and keeps, building a strong wall around the data center has failed. The castles had large doors or gates which had their own vulnerabilities. So, they built moats. But even then, there were bridges so that the people could get in and out. For today’s data center, we have layers of firewalls and Web servers. And just like those bridges and gates, today’s Web servers are the gateways to commerce.
Just like the keeps and castles of yesteryear, the strategy of “build a strong wall” has failed. Back then, spies, disguised infiltrators and even “backdoors” did the castles in. Today, we have IoT and laptops and software bugs. You can’t protect the perimeter enough when the very devices your people are using are the infiltration mechanisms.
So, we have to protect the entire data center. There are three areas that need to be addressed or “Pillars of Protection”. These are people, platform and data.
People are the most obvious risk and also might be the hardest to protect against. Overly simple passwords and social engineering attacks, as well as spam, make it all too easy to get access to user accounts. There are mechanisms to protect against this, but I’m going to leave that for another day.
1.) You aren’t patching all your severs. I know this because the vulnerabilities being exploited are more than a year old every single year.
2.) When you do patch it takes more than 3 months to do it. This is what our customers have told us.
3.) Once you’ve patched, you’ve finally closed the door on a vulnerability that has likely been there and exploitable for years. Heartbleed was there for 10 years before it was discovered.
Chasing CVEs and patching them is a no win scenario. We need to think about mitigating whole classes of vulnerabilities so we can stay secure while we fix the root cause of the vulnerability. As it turns out, just 4 types of vulnerabilities make up about 2/3rds of all vulnerabilities. Two of these, Code execution and overflow, can be stopped by what we call Silicon Secured Memory (SSM).
Silicon Secured Memory is a part of the Security in Silicon on the SPARC processor that is built into the Oracle Exadata SL6. SSM colors memory as it is allocated and then verifies that the way the memory is being accessed has the same color as the memory is currently colored. This means that a buffer overread or overwrite attack like Heartbleed can’t happen. Certain types of code execution attacks can also be prevented with SSM as the act of writing to memory without the correct color will not be allowed.
Now, no hardware feature can be of use unless the software running on that system utilizes it. That’s why we’ve built the Oracle Database to take advantage of SSM on the Exadata SL6.
So, Exadata SL6 excels at protecting itself and the software stack from overflow and execution attacks. And it does this with minimal performance overhead.
The third pillar of protection is the data. You have to protect it. It’s what the cybercriminals and state sponsored bad actors are after. However, encrypting data is expensive. It’s expensive in that it consumes a large number of processor cycles to encrypt and decrypt it. This means that you have to choose between performance or security. This has been a long time struggle. You had to decide what data absolutely needed to be encrypted and the impact of that on your business and expenses as the performance penalty meant buy more or bigger systems.
With the Exadata SL6, you no longer have to choose between performance and protection. The SPARC M7 processors in the Exadata SL6 each have 32 decryption engines that can decrypt at the speed of memory. This allows you to simply encrypt all your data, and do it without the performance penalty. Combining the M7 crypto engines with Oracle Database Transparent Data Encryption means that protecting your database and deciding which data in the database to encrypt has never been easier. Just encrypt all of it.
The Exadata SL6 database servers run the Oracle Linux operating system making them simple to deploy in environments that are standardized on Linux.
The Exadata SL6 brings more than just 2x performance at the same price. It brings new security capabilities; securing your data easily.