Ellison: Encryption is key to data protection

SAN FRANCISCO--Organizations need to look more closely at how they encrypt their databases to protect against security threats, urges Oracle CEO Larry Ellison.

Addressing an audience yesterday at Oracle OpenWorld in San Francisco, Ellison stressed that security risks will continue to increase as more companies put their e-commerce and business applications on the Internet.

Customers will get access to Web-based systems to check if their orders are being processed or have been shipped, he said. "Suppliers can also check their inventory through multiple systems on the Internet," he added. "But as you let your employees access systems from homes and branch offices around world, your security risks are increasing," he added.

To reduce security breaches, businesses should encrypt their databases, he said.

"We encrypt the data in the database as it goes out of the wires, onto the public Internet. We also encrypt data as it comes out of disk drives and goes into the backend," he explained.

Ellison recommended that companies prohibit customers from performing data backups without encryption, "because if an unencrypted (back-up) CD or DVD, is lost, you've lost information."

Emphasizing the importance of encryption, he said that no company would want to face the situation where storage tapes containing unencrypted customer credit card information, are lost. Citigroup, in June this year, admitted losing tapes containing social security numbers and bank transactions data of almost 4 million U.S. customers, according to news reports.

And with the rising popularity of VoIP (voice over Internet Protocol), security will become even more crucial as businesses switch from traditional phone networks to converged voice-data networks, Ellison said. "Malicious people can not only shut down your computer networks, they can also shut down your voice networks," he noted.

During his address, the CEO also boasted about his company's security prowess while taking snipes at Microsoft's security efforts.

"Oracle's first customer was the Central Intelligence Agency, and we've focused on security for more than 25 years," Ellison said.

"I was actually very impressed when (Microsoft's chairman and chief software architect) Bill Gates announced several years ago, that Microsoft would devote the entire month of February to security, (but) it's a short month," he said, drawing laughter from a packed hall.

Ellison said that Oracle has had several industry security certifications from international and U.S. standards bodies since the company's early beginnings. He added that the last time the Oracle database was broken into was more than 15 years ago.

In contrast, "does anyone how long it takes to break into Microsoft's database, that keeps track of your credit card numbers and allows you to shop online--45 minutes," he jested.

ZDNet Asia's Aaron Tan reported from San Francisco, USA.