Oracle's Security BlanketOracle's Security Blanket

Oracle may not TOP the list of security vendors, but it's working hard to get there. It won't be easy, considering stiff competition from CA, IBM, Sun, and others.

Oracle's two-pronged strategy, outlined last week by co-president Charles Phillips and other executives, focuses on products for data encryption, access control, and identity management, and on adding built-in security features to its next-generation application suite, Fusion.

Last year, Oracle purchased three companies specializing in security. Its plan for Fusion applications, due starting in 2008, is to provide a single Web interface that gives access to ERP, financial, human resources, and other apps woven together by a service-oriented architecture. Oracle plans to have its security technology working behind the scenes to ensure that users will only have access to data and applications in Fusion that they're authorized to get.

Oracle already offers security software that lets database customers encrypt data, protect it from unauthorized access, and assign appropriate security levels. It also offers identity management capabilities that can be used on non-Oracle systems, including directory services, user authentication, Web services access control, and single sign-on for multiple apps. Auditing and compliance apps also are part of Oracle's security arsenal.

Investors Bank & Trust uses Oracle's e-business apps and database, but IBM's identity management offering. If Oracle can make good on its promise to tie security into applications, "it would save us some integration work," says Charles Dennis, the bank's director of enterprise applications.

Oracle's competitors are wise to the importance of integrated security. IBM recently acquired Internet Security Systems, and EMC plans to acquire RSA Security. Oracle archrival SAP prefers to partner for security capabilities, as it did last month with Breach Security, which makes software for inspecting network traffic protected by Secure Sockets Layer.

Oracle can't afford not to make security part of its future application portfolio. As for standalone products, it's competing in an increasingly noisy market.