IT Innovation | March 1, 2017

Prioritizing Security with Oracle SuperCluster

By: Linda Tsan


We recently hosted an important discussion about enterprise security, Disaster Prevention vs. Disaster Recovery, with Oracle Senior Vice President Jim Gargan and Senior Director of Product Management Michael Palmeter. At a time when a cyber threats are at the top of everyone’s minds these days, it’s surprising to hear that securing the hardware infrastructure layer, as Vice President Karen Sigman noted in her 2016 review post, is often not. 

I asked Hazel Alabado, Principal Product Manager for SuperCluster, to help answer some lingering questions attendees had from the webcast.

Q: What security benefits does the Oracle SuperCluster family offer organizations in highly regulated industries?

A: Industries like healthcare and finance are often plagued with a variety of security standards they must adhere to and be in perpetual compliance with. This often puts security and innovation at odds with each other. With users demanding the agility of cloud solutions, it’s easy to see why some IT organizations have struggled to keep up or, worse yet, begun to placate the masses with risky technologies. The Oracle SuperCluster family is designed to be secure and have out-of-the-box compliance controls with a number of important standards, like the Center for Internet Security (CIS) benchmarks that regulate all internet connected systems, built right in. So if you wanted to implement SuperCluster to handle something sensitive like patient data, we provides you with all the guidelines, documentation, and “cookbooks” to ensure that your system is compliant with HIPPA and any other standards required for your industry. You can also turn on automated auditing that continually verifies that you are up-to-code with all the latest, ever-evolving standards they throw at you.

Q: How can SuperCluster, being just hardware, provide effective security for my organization?

A: As Jim mentions in the first portions of the webcast, building a secure “information fortress” depends on three things: 

  1. Reducing your surface area so there are fewer vulnerable points to secure. With SuperCluster’s massive consolidation ratio (last I checked, our SuperCluster FAQ says up to 500 instances of Oracle Database can be consolidated onto a single unit), you’re able to reduce the amount of physical hardware you need to secure and reduce the licensing costs associated with that. United Energy’s story below is a great example of the extensive benefits of deploying SuperCluster, showcasing how you can both improve your overall infrastructure security while reducing costs.
  2. Universally encrypting the database. This sounds like a no-brainer, but many organizations fail to use encryption methods or apply them haphazardly because users perceive them to be a hassle to implement (especially across large enterprises). They often see data encryption as a performance hit, slowing down their mission-critical workloads. And for the most part it’s true. If you are running Oracle Database and you activate security on a generic platform, you’ll see a performance dip because the amount of work that each processor can do drops. This effectively means you are spending more money per transaction simply because it takes you that much longer to complete it. At scale, that translates to beaucoup bucks. But because SuperCluster is an Oracle engineered system, you can turn on extremely robust security features without affecting the database transactions per minute.
  3. Hardening the entire infrastructure stack. Traditional IT infrastructure security relies on a variety of generic solutions and tools, thrown together at various stages in time, with the hope that they will work when the time comes. Can your users trust you on hope? With SuperCluster, you are truly secure from chip to cloud. Oracle owns the entire stack and has security built in throughout each component. Critical software patches are tested across the entire stack which simplifies and speeds up the entire patching process so there is no impact on your day to day business operations. And in the end, isn’t a system that can prevent system-wide disasters worth its weight in gold?

We understand that hardware is just one piece of the security puzzle, but it’s a big one. SuperCluster can help you confidently secure your infrastructure so you can focus on external factors like training your users to avoid password phishing scams.

Q: My organization is standardized on non-Oracle software. Can I take advantage of the secure stack that Oracle SuperCluster provides?

A: Yes. An important point to remember here is that both SuperCluster and MiniCluster in the Oracle SuperCluster family are optimized for Oracle Database, Middleware, Software, as well as any Java application, any PHP based application, Python, Ruby, Node.js, really all kinds of applications with one caveat--they need to be supported on or certified on Solaris. You can check the full list of business applications that are certified on Solaris here. As long as that is satisfied, all the infrastructure security we went over in both the webcast and in this Q&A is available to your and your organization. 

And with that, I'd like to leave on this note: SuperCluster is part of the Oracle engineered systems family; a complete stack of hardware, middleware, software, and cloud options with integrated security built in every layer. Each iteration has strived to improve performance and reliability of the database and application workloads your business depends on. Most recently, the newly released SuperCluster Virtual Assistant automates many previously error-prone tasks, such as VM deployments, allowing admins and the greater IT organization to focus on innovation versus maintenance. To learn more about SuperCluster, visit our product overview or schedule a one-on-one demo with an expert today.

Linda Tsan is a product marketing manager for Oracle.

This is a syndicated post, view the original post here