Ellison: Encryption is key to data protection

SAN FRANCISCO--Organizations need to look more closely at how they encrypt their databases to protect against security threats, Oracle CEO Larry Ellison said Thursday.

Addressing an audience at Oracle OpenWorld here, Ellison stressed that security risks will continue to increase as more companies put business applications on the Internet.

Customers will get access to Web-based systems to check whether their orders are being processed or have been shipped, he said.

"Suppliers can also check their inventory through multiple systems on the Internet," he added. "But as you let your employees access systems from homes and branch offices around world, your security risks are increasing."

To reduce security breaches, businesses should encrypt their databases, he said.

"We encrypt the data in the database as it goes out of the wires, onto the public Internet. We also encrypt data as it comes out of disk drives and goes into the back end," he said.

Ellison recommended that companies prohibit customers from performing data backups without encryption, "because if an unencrypted (backup) CD or DVD, is lost, you've lost information."

Emphasizing the importance of encryption, he said that no company would want to face the situation where storage tapes containing unencrypted customer credit card information are lost.

And as VoIP (voice over Internet Protocol) grows in popularity, and businesses switch from traditional phone networks to converged voice-data networks, security will become even more crucial, Ellison said. "Malicious people can not only shut down your computer networks, they can also shut down your voice networks," he noted.

The CEO also boasted about his company's security prowess while taking shots at Microsoft's efforts.

"Oracle's first customer was the Central Intelligence Agency, and we've focused on security for more than 25 years," Ellison said.

Special coverage
Oracle OpenWorld

Customers gather in San Francisco to learn the software maker's plans for products picked up during a year of acquisitions.

"I was actually very impressed when (Microsoft Chairman) Bill Gates announced several years ago that Microsoft would devote the entire month of February to security, (but) it's a short month," he said, drawing laughter from a packed hall.

Ellison said that Oracle has had several industry security certifications from international and U.S. standards bodies since the company's early beginnings. He added that the last time the Oracle database was broken into was more than 15 years ago.

Singapore-based Aaron Tan reports for ZDNet Asia.

[lanthony5]

FINALLY !!

Finally a rational voice ! None of this Microsoft
B.S., nor the toady bleating of Symantec, nor
CheckPoint, MasterCard, and bank and bank and bank
ad nauseam flagrantly incompetent excuses...
Ellison has said it ! Where are all the software
"great brains" ?? At least the much maligned Oracle
has ONE !

[207796398873175208235380528963]

Encryption and Human Factor are equally important for data security

Encryption is very powerful tool, but it should be combined with strong business discipline and personnel supervising.

Also, it would be a good idea to keep sensitive information at home; in case any sensitive data crosses the border of the US via any type of electronic transmission, then it must be encrypted and the recipient party must have proper clearance and certification.