M7

  • April 3, 2018
  • Ok, this is kind of long. Go get a cup of coffee.

    Amid the anxiety and revelations of the Russia scandal including the Cambridge Analytica story that showed how easy it was to steal 50 million Facebook user profiles, it’s easy to mix up cause and effect. Importantly, Facebook wasn’t hacked or broken into but it was used as it was designed.

    This has led some to question whether Facebook as such can exist at all in our pluralistic society while others believe the problem of surreptitious psychographic profiling will blow over once everyone plays by the same rules. After all, others have argued, other entities do the same thing. They point to Google, Amazon and even the traditional print industry as culprits for gathering personal data for analysis and, it should be said, weaponization.

    Of course, the issue is manipulating and weaponizing the data. If we can’t trust the data, then we are disassembling one of the pillars of democracy, the acceptance of scientific rationalism. Boiled down, it means facts are facts even if you don’t like them.

    If you remember a time before social media when identities were not so readily stolen and you think that reality was good, you might also recoil at the thought that those were the good old days, that things are now permanently different. There is a third option though and there are probably many that seek to balance the benefits of new technology with the protections we’ve grown accustomed to.

    This article can’t be all things to all those people but it attempts to find safe harbor in a storm and therefore makes accommodations. If we can’t live with the compromises, perhaps it can at least point out some of the major obstacles to be over come.

    Business model

    It is an article of faith that Facebook’s business model, as well as those of other social networks and search engines, is selling advertising. But it is my contention that this model has run its course. It was effective when the companies were smaller, when their consumers were more innocent to the ways technology can be used for both good and ill purposes. The advertising model was even necessary in a time when the Internet was new and finding people and things was strange.

    The advertising business model was a default that data aggregators took on the way to phenomenal profits and who could blame them. The tech sector has a habit of minting money and the founders of social media and search engines were merely the latest in a long line of prolific brainiacs who struck gold. It is hard to believe that any human in a similar situation would act much differently.

    The latest dustup that dragged social media into the political spotlight now presents two choices to these businesses. They can hobble their products, which could reduce the amount of data they collect making them less interesting to advertisers, or they can change their business models slightly to prevent unethical use of their networks.

    Disruptive innovation

    Anytime a new technology reaches market, it has the possibility that it will disrupt the existing order of things. Disruptive innovations have coexisted with Capitalism since its origins in the Industrial Revolution. Disruptive innovation means making thread and then cloth with high-speed mechanical means, making a steam engine powerful and small enough to be mobile, or making a computer that could fit on a sliver of silicon about the size of your thumbnail.

    The world changed with each of these disruptive innovations and others, because they immediately made an old order irrelevant and they organized whole economies and even civilizations around new driving forces. The Internet and its children are the latest innovations that have rocked the world. In each, humanity has had to grapple with both the benefits and the deficits of the innovations.

    So far, we’ve benefitted enormously from these innovations but recently we discovered their less sanguine side. If history is a guide then regulation in some form is a likely next step. Some leaders in congress have already broached the idea on several occasions but it’s important to get the idea right before pulling the trigger, which is why we need to discuss business models.

    Regulation?

    Regulation could happen in social media and search but there’s much that the technology companies can do to either avert it or ensure that its mandate is as light and congruent with company interests as possible starting with the prevailing business model.

    Although the advertising business model has served many companies well, they’ve morphed into data companies with big responsibilities for safeguarding the data they collect and that’s not something they’re eager for.

    The big data gathering companies like Facebook, Amazon, and Google and their competitors, have become data companies first and advertising vendors second and if this understanding had been realized sooner, many data breeches would in all likelihood have been thwarted. Rule One of business is never give away your product, it’s what you charge for because it pays the bills. Applying the rule should be as obvious as encrypting user data in this case. Additionally, no expectant user of the data should be able to access it in its unencrypted form without, of course paying, but more importantly presenting valid credentials and stating a beneficial and productive purpose of the use.

    I’ve written before about credentialing and how it’s actually harder to pull permits to remodel your kitchen than it is to advertise any message you want on social media so I won’t perseverate. So let’s turn to encryption.

    Security as a business model

    Social and search’s business model must turn from advertising to data management, curation, and selling access to it and we live at precisely the moment when these activities are possible on a very large level. This includes encryption and the same form of certification that applies to other professionals from doctors to beauticians and plumbers.

    Encryption and its reverse take time and require compute and storage resources which have often cut short discussions involving them because of cost considerations. But new, shall we say disruptive, innovations in computer hardware and software are reigniting the discussion.

    In hardware data storage was long accomplished with the hard drives of most computer systems. Data enters and leaves storage on millisecond time scales, which is very fast. However, computer CPUs and memory operate one million times faster at nanosecond speeds. CPU chips spend a lot of time waiting for data to become available even when, as most modern computer systems do, there is memory caching for frequently used data.

    Innovative hardware designs now offer solid-state memory devices that replace disks. This memory operates at nanosecond intervals and eliminates the lag time of older mechanical systems. What should we do with all of this newfound speed? One possibility might be to dedicate a small portion of it to encryption. Typical encryption modes on the market right now could be broken but that would take so many years that the resulting data, when finally available, would be useless and encryption is getting better.

    Encryption would be a good thing but it wouldn’t solve all problems and securing our information infrastructure so that it operates more at utility grade, requires other changes. Bad software, malware, viruses, Trojan Horses, and the like may still get into systems.

    Mark meet Larry

    As luck would have it free markets generate inventions faster than they can be adopted. Often a disruptive innovation exists at the nexus of several disruptions that just need one more critical piece. That’s the case with many of the system level inventions that Oracle has brought to market over the last several years. They’ve pioneered important developments in solid state storage, encryption, chip sets that weed out intrusive malware, and a self-patching autonomous database that just hit the market.

    All of these things turn out to be essential to safeguarding data which will enable the information revolution to continue burrowing its way into our lives and enriching society. They are also the underpinnings of a new business model that turns big data companies into ethical data providers. They might also continue being social media companies but the data tail would now be wagging the dog.

    My two cents

    What do I know? I just read and write a lot. But what I see is an industry about to be regulated and, in my mind, the smart play is for the social media companies to lead the charge to ensure they arrive at something they can live with instead of remaining aloof and having some regulations imposed on them.

    There’s a wild west mentality in Silicon Valley in which what isn’t proscribed is encouraged. But we should keep in mind that the west only remained wild until the pioneers arrived and established towns with roads, schools, and churches. The wild bunch might have disliked the idea of settlement, they might have opposed it, but they were quickly in the minority and civilization won. That’s what’s happening in tech today and we all need to seize the moment.

     

     

     

     

     

     

    Published: 2 weeks ago


    360230-oracle-openworld-2012For once, Oracle OpenWorld went long on substance. That’s hard to do when you have so many products to discuss and Larry Ellison pontificating but Larry was both under control and substantive though he couldn’t resist taking a few shots at competitors. So he announced that his team hardly ever sees SAP and IBM in deals these days and gave due praise to cloud pioneers NetSuite and Salesforce.

    Interestingly, he always mentioned NetSuite, which he owns a considerable share of, before Salesforce, which he invested in back in the day, despite the fact that Salesforce is six times larger than NetSuite by revenues. Both companies are doing just fine thank you veddy much.

    Beyond the product revisions and enhancements I saw two real news items: Oracle is now (at last) a cloud company and the company put an important marker down on improving IT security—first things first.

    Cloud

    Oracle has always been in a different business than the cloud pioneers in that Oracle has a huge customer base (420,000 customers on one sign) to bring along to the promised land compared to the pioneers who more or less invited customers to start over, in many cases, in the cloud.

    That reality permeated the keynotes and discussions led by Ellison, in a Sunday keynote, CEO Mark Hurd, on Monday, Thomas Kurian, President of Product Development, Tuesday, and Ellison in another keynote on Tuesday. Each man offered the view that for the next one to two decades, enterprises would operate in a hybrid—on-premise and cloud model—transition state. Further, each was careful to articulate that Oracle would continue to develop, maintain, and enhance on-premise applications during that time. No hard date for the end of the transition was offered.

    It was a delicate balancing act trying to assure big enterprises considering the cloud because their deployments represent a large mass of computing that won’t easily unravel over night. Still, my thinking is that while there might be traces of on-premise applications 15 years from now, most of the transference will happen quicker for two reasons. First, cloud apps will make their users more competitive and second, security improvements will make cloud increasingly attractive.

    Competitive angle

    By itself, cloud is just a delivery mechanism and there’s little about it to recommend it for pure delivery. But layered on top, as most people know, there’s a total cost of ownership advantage to cloud systems. Even more than this, however, is the reality that when businesses transfer to new platforms, most take the time to reimagine the business and the apps. Consequently, the great cloud migration of the rest of this decade will be a moment when businesses ditch some spreadsheet apps that never worked very well so that they can achieve long desired end-to-end process support for their businesses. This migration from transaction systems or systems of record to process oriented systems is where the real payback for moving to the cloud will be found. It is also a real source of competitive differentiation for most companies, which will drive rapid adoption so hang on, it should be an interesting ride.

    At the same time, we need to acknowledge that when those businesses start to reimagine their business processes, it will open up many to competitive bidding for those new apps. That’s no surprise and one big reason that Oracle is making a conscious effort to court customers by being with them in their moments of truth as they contemplate their next moves. In my opinion that’s smart, let’s watch how it plays out.

    Security—What’s old is new

    Many people shook their heads when Oracle bought Sun Microsystems because they saw Sun as playing in a space that was rapidly commoditizing. Some thought it as big a folly as Carly and HP buying Compaq but almost instantly Ellison began inventing differentiated hardware that set new standards for in-memory operations that vastly accelerated business processing. Devices like Xadata, a storage device that leverages flash memory so that storage operations could happen at memory speeds rather than much slower disk speeds led the parade.

    At OpenWorld, Ellison announced that the new security direction of IT based on Oracle products is to encrypt all data. He introduced several vaults, like a password vault that stores unique encryption/de-encryption codes that users could keep on their own machines (hopefully a machine not connected to the Internet) or on-line in an Oracle cloud. But that was nothing, the bigger news was a new M7 CPU chip that offers security at the silicon level. This was instantly controversial in my circle and needs some explaining.

    Security in silicon

    Oracle’s approach to security with the M7 chip will be hotly debated with some people thinking it’s just a speed bump for dedicated hackers while others might see more promise. I think I am in the latter camp though there’s a huge caveat.

    Oracle/Ellison discusses the security debate this way. Securing IT should happen at the lowest possible level in the stack, so for instance securing applications and data should happen at the operating system level which is also a logical place for hackers to do their worst. So to secure everything we need to find ways to bring security into silicon a place where hackers can’t make changes because hackers can’t alter chips. The M7 imposes what’s basically a check-in, check-out scheme for memory. It allocates a given amount of memory to tasks and if some piece of malware tries to occupy the memory space, overflowing the set parameters, the system can easily detect the intrusion and alert operators. Software bugs might operate the same way so there might be a few false positives as this paradigm gets going. So what? This is a crude description and for a more detailed explanation check out Oracle’s video cache from the show to see Larry explain it all.

    As good as this sounds, and also incorporating M7’s very fast decompression algorithms, this security only operates on servers, it does nothing to protect desktops or handhelds. The advent of the M7 could be an incentive to hackers to turn their attention to smaller machines, which could be infected to do things on behalf of bad guys. If so, M7 technology could be coming to a future PC, laptop or smartphone

    On the other hand

    While OpenWorld was a good show, it could have been better in some details. Some of the discussions of platform and infrastructure could have been helped along by video animation of some arcane points. I found myself watching demos that went on too long only to show a static screen with one thing changing in a window to indicate an infrastructure accomplishment. Oracle is long overdue for investing in more video for these events and judging by his comments at one point, I think Ellison took undue and perverse pride in his “graphically challenged” slides as one Tweet put it.

    Customer experience

    A couple of years ago, Oracle shrewdly ditched the CRM badge and called itself a CX or customer experience company and there were enough CX announcements to make front office people happy. However, it should be noted that the Oracle CX event will happen in April in Las Vegas so stay tuned for that. Another post will dive deeper into CX at OpenWorld.

    The critique I’d offer on CX is the same I’d give to any CRM vendor today. There’s a big discussion of products but too often it revolves around point solutions for marketing automation, sales enablement, mobile computing or whatever. This represents a transaction mindset and the front office needs to move aggressively to full end-to-end process support because that’s an important marker of the cloud.

    My impression of all CRM vendors today is that they’re selling to the lowest common denominator, i.e. aiming for the user that just wants to use CRM as a glorified rolodex. That user represents about half of the market so the orientation is understandable but I wonder how it sits with the more advanced users.

    At some point we need to flip a bit and concentrate more on processes that the first half of the market can best use. That’s why I am eager to see what happens in Las Vegas in April and at other CRM vendor events next year.

    I’ll close now

    Oracle has become a real cloud company with offerings at the software, platform, and infrastructure levels. But it still takes a data center-centric approach to the business especially when trying to reassure existing customers that there’s time for an orderly migration. It is a “new” cloud company in that it has thousands of successful and very reference-able customers and not tens or hundreds of thousands. Nonetheless, it is making strides and forecasts more than a billion dollars of new cloud business in the year ahead.

    The company’s ace in the hole as it continues moving to the cloud may be its security through silicon approach, which must still be vetted. I might be in the minority about the security announcements but it strikes me that locking down memory and CPU and encrypting data will enable users to starve any malware that tries to gain a foothold.

    Since many cloud and subscription vendors as well as enterprise customers already use Oracle DB and many are buying Xadata devices, we could see a dramatic decline in intrusions and data thefts. But that won’t end the problem; it might simply make the hackers focus more intently on the desktops and smart devices. I don’t think the IoT will take off until security is well in hand and that will ensure the security discussion continues.

    Published: 2 years ago


    360230-oracle-openworld-2012It was appropriate that Oracle put a stake in the ground over security at last week’s OpenWorld conference in San Francisco. As the database of choice for more than 420,000 customers, the effort to find ways to better protect their data is one of the clearest signs of customer-centricity the company could have picked.

    Fortunately or unfortunately, as you choose to look at it, their logic is that to provide data security you need to move down the stack all the way to hardware. This sounds eminently reasonable to me though I think I can see a wrinkle. First the good news, like Woody Allen once said, “to a knife fight, always bring a gun,” and that neatly summarizes the Oracle plan. The company has decided to make data security and especially encryption a non-negotiable thing.

    Currently some oracle database customers have the security option turned off which won’t help anybody so now the default will be always on. But encryption and de-encryption take CPU cycles which cash-strapped IT groups would rather see applied to “real” work. So the new regime will ding some IT budgets if they have to buy more compute power, but what’s the alternative? There’s not much you can do if security is an issue and it is. Oracle’s Xadata, device which moves database operations into flash memory can provide greater performance and therefore make everything better. But the last time I looked, those devices had a million dollar price tag. Perhaps this will be another decision point that drives companies to the cloud.

    At the same time, the company is introducing the M7 CPU chip, which has embedded software instructions that allocate memory to legitimate processes. Any process that tries to use more memory because there’s a virus trying to freeload will cause an alarm of sorts and that will signal IT that it is potentially under attack. Since software bugs might also trigger the alarm there will be some false positives to deal with but a false positive is better than a real one.

    These two innovations will help to lock down the data center but I wonder if they’ll just push the security problem out to the periphery, to desktops and devices that don’t have M7 technology. Ten thousand devices each asking for 100 customer names will pose a different but related security problem that might be harder to control so it looks to me like M7 technology will need to become a part of all devices for this scheme to be maximally protective.

    Given all this, Oracle’s security innovations might not be perfect but I disagree with those who scoff at them. These approaches will definitely strangle malware where it is found though the Internet won’t be completely safe unless the security is ubiquitous. This reminds me of the way that antibiotics work, which include attacking and puncturing the cell wall, disrupting protein synthesis, and disabling DNA transcription and replication. While it’s true that some microbes have become resistant, especially to cell wall agents (i.e. the penicillin strategy), other approaches seem to be holding up. Interestingly, when you make protein or transcribe DNA you’re dealing with de-encrypting information, so I am very interested in seeing where this all goes

    Right now, security might be the most important obstacle to greater expansion of the Internet of Things and to utility computing in general. The last things we need are cars and drones that can be hacked so these first attempts are indeed a welcome sign. No matter, this is an arms race and there will likely be setbacks but at least we are engaged.

     

    Published: 2 years ago