Oracle to Offer RBI-compliant Security Solution

by Sonal Desai    Jul 14, 2009

To enable banks to conform to the numerous security-related compliances mandated by the Reserve Bank of India, database major Oracle is introducing a new banking solution in the next two to three weeks.

The yet-to-be-named solution has security features such as authentication adapters (which work on security and are plug and play); auditing, access control, PKI and encryption, real-time operation issues, among others.

Vipin Samar, vice president-database security), and V. G. Sundar Ram, vice president-technology sales consulting, in an exclusive interaction with CXOtoday said that Oracle studied the RBI guidelines and embedded the above-mentioned features on some of its products. The new solution will capture a lot of Oracle s DB Vault and Oracle Audit Vault capabilities.

"We leveraged resources from acquired or partially-acquired companies and certified applications, policies based on our best practices, said Samar. We have already started speaking with the banks, and a lot of those have shown interest in our solution," said Ram.

Oracle, said Samar, has a declarative approach toward security. "There are no performance bottlenecks. We do it in a declarative way through GUIs. We provide a unified model. Even in environments where consolidation is taking place, where there are multiple applications on the box, there is a need to draw boundaries, there is a need to compartmentalize certain applications and also manage configuration."

The vendor will organise roadshows to promote the solution. Banks will be charged on the number of users, servers or applications, said Ram.

In fact, this is not the first time that Oracle has ventured into the security segment. It already has tieups with RSA, Arcsight, and not so long ago partnered with CSC to offer integrated multi-channel software via the Internet, at call centers and through branch channels. It also introduced Reveleus solution for enterprise risk management.

Given its large deployment size in BFSI vertical, Oracle has been building products around its proprietary reference model to offer increased centralization of process and better control. Oracle Flexicube enterprise collateral and limits management product was introduced last year and with more RAC deployments happening in banks such as HDFC, ICICI, etc. It has been pushing virtual private database (VFD) security framework. This is to enable banks and other institutions nullify insider threats (including super user threats). The vendor has been releasing access manager solutions and recently OPSS (Oracle platforms security services) for DB and fusion middleware. 

"Oracle believes with more outsourcing happening from this sector, application/middleware level security product (vault) is better positioned to address identity/work flow management. In the evolution of market, control of security layer can either move down into the appliance layer or into the DB layer. What Oracle is trying to do is value-merge security into the DB layer itself. This strategy may work well in verticals where a player’s value control is high," said T. R. Madan Mohan, managing partner, Browne and Mohan.

All the same, pure play players would continue to position their solution layers (with more intelligence) over the DB layer and continue to seek license fee from users. This is a constant battle in IT markets.

According to Mohan, the impact on competition can be twofold. Oracle would consolidate its positioning more vigorously against other DB and middleware vendors. Secondly, competition with security vendors, very limited to the vertical and would also be restricted to those accounts where Oracle would see an opportunity for fusion play in future.