Download security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Information privacy law wikipedia , lookup

Computer security wikipedia , lookup

Data remanence wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript
Keynote:
Oracle Infrastructure Strategy, Update and
Roadmap
Secure, Scalable, Reliable Mission Critical Compute
On-premise and Cloud Driven
Michal Vitek
Senior Presales Manager
Oracle Systems
Martien Ouwens
Oracle Enterprise Architect
Oracle Systems
2
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Disclaimer
The information in this document may not be construed or used as legal advice about the
content, interpretation or application of any law, regulation or regulatory guideline.
Customers and prospective customers must seek their own legal counsel to understand
the applicability of any law or regulation on their processing of personal data, including
through the use of any vendor’s products or services.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Transformational Technologies – Where YOU Want Them
On-Premises
Cloud@Customer
Oracle Cloud
Cloud Ready Systems:
Engineered Systems, Servers,
Storage, and more…
Cloud Machines
IaaS, SaaS, PaaS
• Customer Data Center
• Oracle Cloud
• Subscription
• Oracle Managed
• Customer Data Center
• Purchased
• Customer Managed
Engineered Systems
SPARC
• Subscription
• Oracle Managed
x86
Solaris
Linux
Storage
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Archive
Network
Full-Stack Integration Reduces Operations Risk
Unique Full-Stack Security
Unique Full-Stack Reliability
• All layers pre-configured, pre-tuned,
pre-debugged
• All users run identical full stack
• You get:
– DB, OS, drivers, firmware,
network, servers, storage
– Bank tested full-stack HA
– Telco tested full-stack scaling
– Government tested full security
Unique Full-Stack Support
Unique Full-Stack Management
• One support team expert in and
accountable for full stack
• Oracle performs free full-stack
updates and 24/7 monitoring
• Full-stack management tool
• Drill down from DB to
storage and up from
storage to DB
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
5
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
SPARC S7 is 1.6x to 2.1x faster than x86
x86 per core performance is stalled, Intel has run out of steam
2,0x
SPARC M7
Java
OLTP
Mem GB/s
1,8x
Core Performance
vs. x86 E5 v2
SPARC S7
S7
1,6x
SPARC T5
1,4x
1,2x
x86 in dashed lines
1,0x
0,8x
2012
E5
E5 v2
2013
E5 v4
E5 v3
2014
2015
2016
• It’s more important how you use transistors,
than the number transistors you make (Moore’s Law)
"per core = (server performance)/(server core count)"
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
"per core = (server performance)/(server core count)"
7
Solaris Product Direction Aligns to Customers and Industry
Continuous Delivery Model For New Features and Functionality
Solaris
Legacy
Major Releases Slow Adoption
Continuous Delivery Model
Less
Disruptive
Quicker
Simpler
Smaller
High Risk
Complex
Disruptive
More
Frequent
Slow and Expensive Re-Qualifications
Seamless Upgrades Enable Agile Incorporation of New Capabilities with Guaranteed Compatibility for
1,000’s of Oracle, ISV, and Customer Applications
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Current SPARC Transformational Performance and Scale
1.5x Better Per Core Performance Than x86 for Database & Java, 10x Faster Analytics
Software in Silicon Adds
SPARC M7 is the World’s Fastest
Revolutionary HW/SW Co-Engineering
Conventional Microprocessor
for Security and Analytics
#1
#1
SPECjEnterprise2010
SPECfp_rate2006
1-chip
1-chip
25,093.06 EjOPs
832 peak
#1
#1
SPECint_rate2006
SAP-SD
1-chip
2 processor
1,200 peak
And more…
30,800 SAPs
Only 32-Core 4+ GHz Chip - Only Zero Overhead Encryption - Only Built-In Data Analytics Accelerators
(See Disclosure Slide)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
SPARC: Best for Enterprise Computing, Anywhere
2010 – 2015: Laggard to Leader
2016 Onwards: Next Gen of Compute
8x Performance Increase.
Dramatic Investment in Performance,
Security, Availability
Cloud, Software in Silicon
Continued Industry Leadership
T5
M7
T3
T4
M5
SPARC next
SPARC next+
Significantly Increased
Throughput & Thread Strength
2x Security and Analytics
Increased Cache
Increased Bandwidth
Software in Silicon V3
S7
M6
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Systems Engineering Focus on the Future
Security
Reliability
Efficiency
CLOUD
Performance
Scalability
Your Datacenter
… for Enterprise and Enterprise Cloud
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Oracle Systems Engineering Focus on the Future
Security
Reliability
Efficiency
CLOUD
Performance
Scalability
Your Datacenter
… for Enterprise and Cloud
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Your Systems Will Be Attacked
Secure your enterprise and your career
HACKING
MALWARE
20X
INCREASE
2005
2007
2009
2011
SOCIAL
2013
2015
ERROR
MISUSE
PHYSICAL
ENVIRONMENTAL
Source: Verizon 2016 Data Breach Investigations Report
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1
Major Sectors Getting Hacked Everyday
191M
US Voter
Database
2%
Professional
Services
Dec ‘15
55M
23%
Healthcare
275,000
Syrian
Government
Philippines
Voters Data
Mar ‘16
Mar ‘16
18%
6%
Insurance
Financial Services
6%
16%
Government
Education
9%
12%
Hospitality
Retail
25M
100,000
US Office of
Personnel
Management
IRS – US
Tax Services
Mar ‘16
50M
Dec ‘15
Turkish
Citizenship
April ‘16
Percentage of Incidents by Industry in 2016
Mega Breaches in Government Sector
Source: BakerHostetler Data Security Incident Response Report, 2016
Copyright © 2017,
Oracle ©
and/or
affiliates.
All its
rights
reserved.
|
Copyright
2016,itsOracle
and/or
affiliates.
All rights
reserved. |
14
Looking Into the Future
More Users
More Devices
More Data
More Traffic
Attack
Surfaces
Attack
Vectors
Warehouse of
Stolen Data
Below-the-OS
Attacks
Detection
Evasion
Social
Engineering
Cloud
Jail-breaking
Privacy
Challenges
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
15
Why Security is a key for your Enterprise
Improve customer experience
Build/enable customers trust
Limit damage to the reputation
of the (Cloud) service provider
Comply with internal audit
reviews and data protection laws
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Introducing The General Data Protection Regulation (GDPR)
• The General Data Protection Regulation (“GDPR”)
replaces the over fifteen year old existing EU Data
Protection Directive.
• New statutory requirements for both controllers and
processors.
• The requirements include a new liability and
sanction regime.
• Key Dates
– Published: May 4, 2016
– Enforceable law on May 25, 20181
1http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1
Some Key Aspects of the Regulation
Harmonization of privacy laws
Current patchwork of 28 laws become one (with some exceptions)
Global applicability
Organizations established in the EU as well as organizations outside the EU offering
goods and services to EU-based individuals
Stronger rights for individuals
Right to removal/erasure/corrected/to be forgotten - user can request this any time
Mandatory breach notification
Within 72 hours to regulators, “Without delay” to users
Joint controllers/joint liability
Between Data Controllers and Processors
Opt-in consent
Clear to user, no opt-out, use data only as agreed with user (owner)
Data transfers
Privacy rights attach and follow data as it moves globally
Collective redress
Opens up possibility for class action law suits from individuals
Common enforcement
Data Protection authorities will enforce in consultation with each other
Increased fines
Up to 4% of global turnover or €20,000,000, whichever is higher
Need for data protection
Explicit need data protection by design and default, security of processing and
ensured timely recovery through continuous validation
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1
Oracle Promotes Strong Security Principles
Least Privilege
Defence-in-Depth
For all your sensitive data including Intellectual Property, Business Information or Personal Information
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
19
Oracle System and Storage Controls which can help
People Security
Immutable VM’s
Authentication
Separation of Duties
Identity Governance
Hierarchical Check summing
Continuous Data Validation
Retention Policy
Self-Service
SnapShots, CoW
Replication
Auditing
Remote Auditing
Secure by Default
Key Management 3
CVE Aware packaging
Security Compliance Framework
Authorisation
Data Security
Least Privilege
Cryptographic Framework
Administrative Controls
End to end Audit trails
Cryptographic Framework
Detective Controls
Oracle customers have been using these controls to help them for a number of years
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
20
Oracle Systems and Storage Products
Applicable for Protecting Personal Information (or any other company sensitive information)
Systems and OS upgrade
Existing Systems, OS upgrade
OS Should be upgraded to latest release
to increase security (secure by default,
minimum impact on data)
OS Should be regularly updated and
audited using the Security Compliance
Framework
Should leverage the Cryptographic and
Security Compliance Frameworks
Leverage Roles and Rights through the
fine-grained least privileged RBAC
access control
Auditing on by default
Data Security
 Should have their data store(s), including
databases, set up securely with
appropriate systems, data, network and
database/application security tools
 Should leverage Silicon Secured Memory
technology and Cryptographic cores
People Security
 Leverage a unified approach to identity
and access management by integrating
system’s components as well as its
deployed services with an organization’s
existing identity and access management
architecture
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
21
Oracle Systems and Storage Products and Capabilities Summary
Systems: SPARC and Solaris
Storage
• SPARC
• Data protection
– Encryption, Check summing, Replication, Snapshot, RAID,
Backup
– Software in Silicon
• Silicon Secured Memory
• Encryption
• Data availability
– RAID, COW, snapshot, Cloning, Replication
• Solaris
• Data recoverability
– Controlled least privilege system access
– RBAC fine grained access control, Multifactor authentication
– Protection implemented by design
• secure by default, package minimization
• Immutable zones / VMs
– Ensured recovery through continuous validation, Replication,
RAID, Restore
• Implementing protection by design
• Minimizing personal data retention time
– Security Compliance Framework
– Cryptographic Framework
– Auditing and remote auditing
– Data protection, integrity protection, availability and
recoverability
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
22
Oracle Security Inside and Out
Layers of the Stack
SPARC/Solaris
Governance Risk & Compliance
Access & Certification Review, Anomaly Detection,
User Provisioning, Entitlements Management
Mobile Security, Privileged Users
Directory Services, Identity Governance
Entitlements Management, Access Management
Encryption, Masking, Redaction, Key Management
Privileged User Control, Big Data Security, Secure Config
Application + User Sandboxing, Hardening and Defense
Anti-malware system, Data + Network Protection
Multi-Node Compliance, Secured App Lifecycle
Multi-factor Authentication, Remote Auditing
Secure Live Migration
Immutable Zones
Independent Control Plane
Cryptographic Acceleration
Silicon Secured Memory
Verified Boot
Disk Encryption,
Secured Backup,
Enterprise Key Management
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
SECURITY
SECURITY
SECURITY
SECURITY
SECURITY
SECURITY
SECURITY
23
Recapping Public Facts for Reference
Secure and Long-Term Investment for You
5-Year Public Roadmap to 2021
Solaris Premier Support to 2031
Oracle SPARC/Solaris Platform
Roadmap (Jan 2017)
Oracle Lifetime Support Policy:
Oracle and Sun System Software
(Dec 2016 - See page 34)
http://www.oracle.com/us/products/serve
rs-storage/servers/sparc/oraclesparc/sparc-roadmap-slide-2076743.pdf
http://www.oracle.com/us/support/library/lif
etime-support-hardware-301321.pdf
Solaris Continuous Delivery Model
Solaris Binary/Source Guarantee to 2021
Oracle Solaris Moving to a
Continuous Delivery Model
blog entry (Jan 2017)
Oracle Solaris Guarantee
Program (Jan 2017)
http://www.oracle.com/us/products/serversstorage/solaris/solaris-guarantee-program1426902.pdf
https://blogs.oracle.com/solaris/entry/o
racle_solaris_moving_to_a
Keep Visiting Oracle.com/Systems for Everything Systems, All the Time
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Required Benchmark Disclosure Statement
•Additional Info: http://blogs.oracle.com/bestperf
•Copyright 2017, Oracle &/or its affiliates. All rights reserved. Oracle & Java are registered trademarks of Oracle &/or its affiliates.Other names may be trademarks of their respective owners
•SPEC and the benchmark name SPECjEnterprise are registered trademarks of the Standard Performance Evaluation Corporation. Results from www.spec.org as of 6/29/2016. SPARC S7-2, 14,400.78
SPECjEnterprise2010 EjOPS (unsecure); SPARC S7-2, 14,121.47 SPECjEnterprise2010 EjOPS (secure); Oracle Server X6-2, 27,509.59 SPECjEnterprise2010 EjOPS (unsecure); IBM Power S824, 22,543.34
SPECjEnterprise2010 EjOPS (unsecure); IBM x3650 M5, 19,282.14 SPECjEnterprise2010 EjOPS (unsecure).
•SPEC and the benchmark name SPECjbb are registered trademarks of Standard Performance Evaluation Corporation (SPEC). Results from http://www.spec.org as of 6/29/2016. SPARC S7-2 (16-core)
65,790 SPECjbb2015-MultiJVM max-jOPS, 35,812 SPECjbb2015-MultiJVM critical-jOPS; IBM Power S812LC (10-core) 44,883 SPECjbb2015-MultiJVM max-jOPS, 13,032 SPECjbb2015-MultiJVM criticaljOPS; SPARC T7-1 (32-core) 120,603 SPECjbb2015-MultiJVM max-jOPS, 60,280 SPECjbb2015-MultiJVM critical-jOPS; Huawei RH2288H v3 (44-core) 121,381 SPECjbb2015-MultiJVM max-jOPS, 38,595
SPECjbb2015-MultiJVM critical-jOPSHP ProLiant DL360 Gen9 (44-core) 120,674 SPECjbb2015-MultiJVM max-jOPS, 29,013 SPECjbb2015-MultiJVM critical-jOPS; HP ProLiant DL360 Gen9 (44-core) 105,690
SPECjbb2015-MultiJVM max-jOPS, 52,952 SPECjbb2015-MultiJVM critical-jOPS;; Cisco UCS C220 M4 (44-core) 94,667 SPECjbb2015-MultiJVM max-jOPS, 71,951 SPECjbb2015-MultiJVM critical-jOPS;
Huawei RH2288H V3(36-core) 98,673 SPECjbb2015-MultiJVM max-jOPS, 28,824 SPECjbb2015-MultiJVM critical-jOPs; Lenovo x240 M5 (36-core) 80,889 SPECjbb2015-MultiJVM max-jOPS,43,654
SPECjbb2015-MultiJVM critical-jOPS; SPARC T5-2 (32-core) 80,889 SPECjbb2015-MultiJVM max-jOPS, 37,422 SPECjbb2015-MultiJVM critical-jOPS; SPARC S7-2 (16-core) 66,612 SPECjbb2015-Distributed
max-jOPS, 36,922 SPECjbb2015-Distributed critical-jOPS; HP ProLiant DL360 Gen9 (44-core) 120,674 SPECjbb2015-Distributed max-jOPS, 39,615 SPECjbb2015-Distributed critical-jOPS; HP ProLiant DL360
Gen9 (44-core) 106,337 SPECjbb2015-Distributed max-jOPS, 55,858 SPECjbb2015-Distributed critical-jOPS; HP ProLiant DL580 Gen9 (96-core) 219,406 SPECjbb2015-Distributed max-jOPS, 72,271
SPECjbb2015-Distributed critical-jOPS; Lenovo Flex System x3850 X6 (96-core) 194,068 SPECjbb2015-Distributed max-jOPS, 132,111 SPECjbb2015-Distributed critical-jOPS.
•SPEC and the benchmark name SPECjEnterprise are registered trademarks of the Standard Performance Evaluation Corporation. Results from www.spec.org as of 10/25/2015. SPARC T7-1, 25,818.85
SPECjEnterprise2010 EjOPS (unsecure); SPARC T7-1, 25,093.06 SPECjEnterprise2010 EjOPS (secure); Oracle Server X5-2, 21,504.30 SPECjEnterprise2010 EjOPS (unsecure); IBM Power S824, 22,543.34
SPECjEnterprise2010 EjOPS (unsecure); IBM x3650 M5, 19,282.14 SPECjEnterprise2010 EjOPS (unsecure).
•SPEC and the benchmark names SPECfp and SPECint are registered trademarks of the Standard Performance Evaluation Corporation. Results as of October 25, 2015 from www.spec.org and this report. 1
chip resultsSPARC T7-1: 1200 SPECint_rate2006, 1120 SPECint_rate_base2006, 832 SPECfp_rate2006, 801 SPECfp_rate_base2006; SPARC T5-1B: 489 SPECint_rate2006, 440 SPECint_rate_base2006, 369
SPECfp_rate2006, 350 SPECfp_rate_base2006; Fujitsu SPARC M10-4S: 546 SPECint_rate2006, 479 SPECint_rate_base2006, 462 SPECfp_rate2006, 418 SPECfp_rate_base2006. IBM Power 710 Express:
289 SPECint_rate2006, 255 SPECint_rate_base2006, 248 SPECfp_rate2006, 229 SPECfp_rate_base2006; Fujitsu CELSIUS C740: 715 SPECint_rate2006, 693 SPECint_rate_base2006; NEC
Express5800/R120f-1M: 474 SPECfp_rate2006, 460 SPECfp_rate_base2006.
•Two-tier SAP Sales and Distribution (SD) standard application benchmarks, SAP Enhancement Package 5 for SAP ERP 6.0 as of 5/16/16:SPARC M7-8, 8 processors / 256 cores / 2048 threads,SPARC M7,
4.133 GHz, 130000 SD Users, 713480 SAPS, Solaris 11, Oracle 12cSAP, Certification Number: 2016020, SPARC T7-2 (2 processors, 64 cores, 512 threads) 30,800 SAP SD users, 2 x 4.13 GHz SPARC M7, 1
TB memory, Oracle Database 12c, Oracle Solaris 11, Cert# 2015050. HPE Integrity Superdome X (16 processors, 288 cores, 576 threads) 100,000 SAP SD users, 16 x 2.5 GHz Intel Xeon Processor E7-8890
v3 4096 GB memory, SQL Server 2014, Windows Server 2012 R2 Datacenter Edition, Cert# 2016002 . IBM Power System S824 (4 processors, 24 cores, 192 threads) 21,212 SAP SD users, 4 x 3.52 GHz
POWER8, 512 GB memory, DB2 10.5, AIX 7, Cert#201401. Dell PowerEdge R730 (2 processors, 36 cores, 72 threads) 16,500 SAP SD users, 2 x 2.3 GHz Intel Xeon Processor E5-2699 v3 256 GB memory,
SAP ASE 16, RHEL 7, Cert#2014033. HP ProLiant DL380 Gen9 (2 processors, 36 cores, 72 threads) 16,101 SAP SD users, 2 x 2.3 GHz Intel Xeon Processor E5-2699 v3 256 GB memory, SAP ASE 16, RHEL
6.5, Cert#2014032. SAP, R/3, reg TM of SAP AG in Germany and other countries. More info www.sap.com/benchmark
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |