Software patching isn’t something CEOs usually walk around thinking about. Right? In this day and age, not necessarily.
The subject has probably occupied a big chunk of the suddenly retired former Equifax CEO Richard Smith’s brain space in recent weeks. Software patching is top-of-mind for Smith this week too, as congressmen on Capitol Hill chew him out for allowing the credit bureau to expose 145 million Americans’ private information to hackers on his watch – all because a piece of software wasn’t patched quickly enough.
Software patching, and security in general, is what Oracle co-CEO Mark Hurd spent a lot of his OpenWorld keynote talking about.
“We’ve seen things that have not been comfortable at all,” Hurd said from stage at the company's big annual conference in San Francisco Monday morning, referring to the recent large-scale cyberattacks on corporate networks. “I’m telling you, the next event could be bigger than you think. It’s going to come back on CEOs in the end – something as simple as patching.”
Keeping all the software up to date across the patchwork of technologies that makes up today’s corporate IT infrastructure is difficult and complicated, and it’s typical for a patch to be applied many months after being issued, the co-CEO said, sitting (unusually for a tech-conference keynote) in a black leather chair behind a desk, a cup of Starbucks coffee, a pencil holder, and a miniature version of San Francisco’s iconic Sutro Tower (colored Oracle-red) placed strategically on the desktop.
The idea, apparently, was to present him as CEO in his natural habitat speaking to other CEOs (those leading companies that have Oracle technology in their data centers) about the anxiety all the recent security breaches have (or should have) stirred in their minds.
“It’s hard; hard to get these patches done,” Hurd said. Corporate data centers are full of different hardware, different operating systems, different versions of databases, and so on. But, “when you go explain to consumers that patching is hard, therefore you’ve lost this or that, nobody cares. Nobody cares how hard it is. It’s on you as the company. We’re all at risk if we get into these sorts of situations.”
His solution? Cloud.
Unlike Silicon Valley’s traditional approach of producing pieces customers have to put together into systems, a cloud platform is a “scaled, optimized, secured stack of intellectual property.” Oracle cloud is a large system, but it’s a single system with only one configuration: one platform, one version of database, one standard set of features, Hurd said.
By switching from on-premises to cloud, you’re not only moving infrastructure, you’re also shifting risk: from your shoulders to the cloud provider’s. As Hurd put it, you’re transferring the cost of dealing with complexity and mitigating risk from your own to “the industry’s R&D budget.”
“In the end, it is more secure. We fight with very seasoned, mature hackers every single day. We think we’re good at it. We fight hard.”