Oracle collaborates with Applied Invention and other industry leaders to create an open standard for network and data security across on-premises and distributed cloud environmentsOracle CloudWorld, Las Vegas—September 19, 2023
Oracle today announced it is participating in an industry-wide initiative to design a new open standard for network and data security that will help organizations better protect their data in distributed IT environments. Under this new initiative, Oracle will collaborate with Applied Invention, other major technology providers, and other leading organizations from across industries, including Nomura Research Institute, Ltd. (NRI), a leading global provider of consulting services and system solutions. This new standard will enable networks to collectively enforce shared security policies, enhancing the security architecture organizations already use without changing existing applications and networks. To support this new initiative, Oracle plans to release the Oracle Zero-Trust Packet Routing Platform based on the new standard that will help organizations prevent unauthorized access or use of their data without adding extra hurdles for legitimate activities.
“Over the last 20 years, the cybersecurity industry has produced many incremental changes, but we need a fundamentally new approach to protect our data in the increasingly complex cloud era. Organizations need a way to describe their data security policies in one place where they be can easily understood and audited, and they need a way to ensure those policies are enforced across their entire computing infrastructure, including their clouds,” said Mahesh Thiagarajan, executive vice president, Security and Developer Platforms, Oracle Cloud Infrastructure. “To meet this need, Oracle is working with Applied Invention and other technology leaders to launch an effort to create an open, Zero-Trust Packet Routing (ZPR) standard. This will be developed and governed by an industry consortium with Oracle’s participation. We invite collaboration from across the entire technology industry, because broad adoption and interoperability will create a stronger and more consistent data protection for everyone.”
As cloud uptake increases and IT environments become more complex with distributed cloud deployments, it is increasingly difficult for organizations to protect their data using existing practices and tools. For example, most current systems require security teams to coordinate siloed solutions across database, network, application, and identity security, adding even more complexity when extrapolated across a number of different environments. It can be difficult to make sure those solutions are working together as the applications, environments, and users are constantly and independently changing. Today’s security systems also require extensive configuration to differentiate types of individuals such as full-time employees and contractors, in a way that is not overly permissive or constraining.
Oracle and Applied Invention are helping create and promote a new network and data-centric security standard that will address these challenges. It will enable organizations to protect their data throughout its entire lifecycle without changing the underlying architecture that includes their distributed cloud environments. To achieve this, the standard will use an intent-based security policy that humans can read, audit, and understand. This intent will be enforced at the network layer, with all traffic containing authenticated attributes about the sender, receiver, and type of data in motion. The network uses these attributes to constrain where that data can move. Technology providers and users that implement or interoperate with the standard will be able to use the devices of their network to help track and block threats to their data wherever it is stored, creating a unified layer of security. As a result, it will be more difficult to exploit many common security vulnerabilities created by coordinating and configuring large numbers of devices and security mechanisms. For example, if an authorized user of an application attempts to export data to another environment where it is at risk for misuse, the policy could detect the violation of security intent, block data movement, and create an alert on the incident.
This new standard is built on technology created by Danny Hillis and the team at Applied Invention. “ZPR is how the Internet would have been designed from the start if modern security technologies had been available. I believe it is going to make everyone’s data more secure,” said Danny Hillis, co-founder, Applied Invention. “This initiative is an opportunity to make a generational improvement in cybersecurity for the entire world. We are looking forward to collaborating with Oracle and other industry leaders to realize its potential.”
“When designing a secure cybersecurity system, the more checkpoints and restrictions the organization puts in place, the safer the data stored in that system will be. The tradeoff is that those restrictions can cause major inefficiencies as they often create time-consuming obstacles for users with a legitimate need to access and manipulate data,” said Dave McCarthy, research vice president, cloud and edge infrastructure services, IDC. “The new standard Oracle is helping develop has the potential to change all of that by adding a unified layer of security on top of existing solutions. Building data protection policies into the network itself will help users get the access they need while ensuring the data remains secure behind the scenes.”
Oracle offers integrated suites of applications plus secure, autonomous infrastructure in the Oracle Cloud. For more information about Oracle (NYSE: ORCL), please visit us at www.oracle.com.
Oracle CloudWorld is Oracle’s largest global celebration of customers and partners. Join us to discover the insights you need to tackle your biggest business challenges, build your skills, knowledge, and connections, and learn more about our cloud infrastructure, database, applications and developer technologies including Java from the people that build and use them. For registration, live keynotes, session details, news and more visit oracle.com/cloudworld or oracle.com/news.
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation.
Statements in this article relating to Oracle’s future plans, expectations, beliefs, and intentions are “forward-looking statements” and are subject to material risks and uncertainties. Many factors could affect Oracle’s current expectations and actual results, and could cause actual results to differ materially. A discussion of such factors and other risks that affect Oracle’s business is contained in Oracle’s Securities and Exchange Commission (SEC) filings, including Oracle’s most recent reports on Form 10-K and Form 10-Q under the heading “Risk Factors.” These filings are available on the SEC’s website or on Oracle’s website at http://www.oracle.com/cz/investor. All information in this article is current as of September 19, 2023 and Oracle undertakes no duty to update any statement in light of new information or future events.
Oracle, Java, MySQL and NetSuite are registered trademarks of Oracle Corporation. NetSuite was the first cloud company—ushering in the new era of cloud computing.