Oracle bets on self-driving software to keep systems safe
‘If the database sees a different pattern of activity … it will take itself down’
In recent years, the word autonomous has most commonly referred to self-driving cars. Now, database software leader Oracle is plotting a road map that will see it all but own the word in a different context: self-driving operating systems and databases.
At the company’s annual Oracle Open World conference in San Francisco this week, “autonomous” dominated a string of unveilings of products and services. For SA, the big news is that the country will be included in the global roll-out of new data centres over the next 12 months.
However, local customers will have pricked up their ears at the mere mention of selfdriving software. For them, the biggest cost in enterprise information technology systems is in human resources: the price of hiring enough people with the right qualifications and abilities to keep the lights on and the bad guys out. In particular, says Oracle, keeping systems patched and secure is one of the biggest ongoing challenges faced by IT today.
Its response, two years ago, was to launch the autonomous database. It was described as a cloud-based system that uses machine learning to eliminate human labour associated with database tuning, security, backups, updates and other routine management tasks traditionally performed by database administrators.
This week, it announced the first autonomous operating system, Oracle Autonomous Linux. It “eliminates complexity and human error to deliver unprecedented cost savings [and] security”. Significantly, it includes automated patching and upgrades while the system is running, eliminating unnecessary downtime.
It is clear that when too much reliance is placed on humans to defend against hackers, companies become highly vulnerable to attacks like the one that recently put Johannesburg’s City Power out of business for a few days. In the US, a 2017 data breach at credit bureau Equifax exposed the financial details of 147-million people. The company has still not recovered from the reputational damage.
The breach could have been prevented with autonomous technology, says Richard Smith, Oracle senior vice-president for the UK, Europe, Middle East and Africa. “It’s a classic example, where 99% of servers were patched, but one had not been, so a bad actor was able to go in and spend months scraping data. By definition, that cannot happen in an autonomous database,” he says.
“If the database sees a different pattern of activity, if it doesn’t know about it, it will take itself down, look at a list of known patches and, if it is a known bug, will patch itself and take itself back up again. If it doesn’t know what the pattern is, it will call for an element of human intervention.
“As many as 85% of breaches are caused by known bugs, for which patches are available. In any given week, a large organisation has something like 20,000 security-based alerts that warrant attention. No amount of human labour could decide which ones to investigate. Autonomous software does it automatically.”
As the breaches have shown, the need for such capabilities is no longer only an IT issue, but goes to the heart of business continuity.