Oracle's Hurd Says Directors Will Soon Be Auditing IT Security
Oracle President Mark Hurd was in New York yesterday for the Oracle Chief Security Officer Summit, an all-day conference for Oracle customers and prospects. He said in a short speech that he thinks corporate boards are going to start taking responsibility for IT security as part of their routine corporate governance duties.
“There is talk of making risk management a staple of every board… Board members do not like this. IT security is not an event. It is an ongoing risk. And that is one reason that people don’t like dealing with the subject,” he said. All it will take is a “significant attack” on a large company and the pressure will grow for boards to step up, he added.
And it’s only a matter of time before that attack comes. “The problem is a lot of factors are working against you. The number of bad guys is increasing. The sophistication of the bad guys is increasing,” he said. So is the complexity of the IT environments the bad guys want to attack.
Add to that, companies have to innovate to move their business forward, and that breeds more vulnerability. In his own experience, he said, “I’d look at study after study and find out that the bad guys were coming at us through the very engines of innovation that we were trying to create. I’d talk to people about stirring up social networking environments, and the first thing I’d get is someone saying, ‘You know what’s going to happen? Bad guys are going to show up.’ All I wanted to do was reach out to customers.”
Asked later during a Q&A session if there was anything that surprised him about his first six months at Oracle, following his departure from Hewlett-Packard, he said “not much,” but then elaborated:
“I think that to be very blunt, the best thing about it is that I knew the tech portfolio was fantastic coming in. It’s turned out to be just as good or better. The one thing that I think was a surprise is that there are so many customers that don’t know the breadth of our portfolio. We’ve got to do more work to communicate the breadth of what we’ve got….Then there’s little things, like people don’t know how much we spend on R&D. Things like that. I came in with high expectations and I haven’t been disappointed.”
For the record, Oracle spent a little less than $3.3 billion on R&D in its 2010 fiscal year, which amounted to about 12 percent of sales. Now you know.