Oracle wants to bring blockchain to the masses through a crypto-secure data offering
Could Oracle’s crypto-secure data offering be the new way enterprises leverage blockchain moving forward?
While blockchain is known for bringing trust and transparency to multi-party workflows, it can also ensure the immutability of business-critical data. Realizing this potential, technology giant Oracle has announced a crypto-secure data management offering that will be provided as a free feature for Oracle converged database users.
Juan Loaiza, executive vice president, Mission-Critical Database Technologies at Oracle, told Cointelegraph that it’s become apparent that customers deploying blockchain solutions often do not require the full capabilities of these implementations. Loaiza also pointed out that the complexity of introducing a completely new technology stack into an IT environment can be burdensome.
Blockchain is useful for protecting data
As such, Oracle has created a crypto-secure data management offering that leverages “blockchain tables” within the Oracle database. This feature is different from Oracle’s blockchain platform, which is built on Hyperledger Fabric and is often used for supply chain management. Rather, Oracle’s blockchain tables are immutable tables specifically meant to protect enterprise data from illicit changes.
As noted in Oracle’s recent blog post, this is made possible through a series of cryptographic hashes. Immutable tables organize rows of data into several chains. Each row — except the first row in the chain — is chained to the previous row, much like that of a cryptocurrency blockchain network. The hash is then automatically calculated on the insert based on that row’s data and the hash value of the previous row in the chain. Timestamps are also recorded for each row upon data insertion.
According to Loaiza, blockchain tables enable customers to use the Oracle database when they require highly tamper-resistant data management but do not wish to distribute a ledger across multiple organizations. In addition, blockchain tables do not rely on a decentralized trust model. Loaiza said:
“We are not trying to solve a decentralized multi-party problem, but rather, we are releasing a new technology that integrates the idea of blockchain into an Oracle database. This ensures that mainstream enterprise applications only require minimal changes. We are trying to combine blockchain with all of the functionalities Oracle offers today to bring blockchain to the masses.”
Specifically speaking, Loaiza explained that the purpose of Oracle’s blockchain tables is to protect business-critical data from being modified or deleted. “This feature protects against those who may gain access to the database legitimately (corrupt insiders, criminals using stolen credentials) or illegitimately (hackers),” said Loaiza. He further commented that this offering serves as an additional layer of protection on top of conventional data security features provided through the Oracle database.
A solution such as this can be especially useful considering the fact that database security breaches are an ongoing problem. According to a 2020 report from the data company Risk Based Security, around 36 billion database records were compromised between January and September 2020.
Concerns to be considered
Loaiza noted that Oracle blockchain tables are currently being utilized by customers leveraging the “Oracle Database 19c,” which is the version most commonly used today. He explained that customers are using the blockchain tables to protect contact information, property titles, payments, transfers, ledgers and account statements.
“These tables allow customers to leverage the tamper-resistance and non-repudiation properties of blockchain in use cases that do not involve multiple organizations or the necessity to deploy a decentralized trust model,” he remarked.
While this may be, there are some downsides to consider when using a blockchain to store business-critical data. Lior Lamesh, CEO and co-founder of GK8 — a blockchain security company — told Cointelegraph that organizations storing sensitive data on a blockchain must be aware of the vulnerability of the endpoints, adding:
“Once you own an organization’s private key, all of its blockchain-based assets are in your hands. So, migrating a corporation’s internal database to the blockchain has its benefits — as long as its endpoints are protected with the highest cybersecurity standards.”
To Lamesh’s point, Loaiza remarked that this risk is evident when migrating from a database to a distributed ledger or a decentralized trust model. However, he clarified that Oracle isn’t recommending customers do this when leveraging blockchain tables. “We are providing the tamper-resistance and non-repudiation properties of blockchain inside the Oracle database,” he said.
Loaiza added that Oracle’s security capabilities include transparent data encryption, a database firewall, database vault, label security and data redaction. “You can think of it as an extra layer of security within the Oracle database, not a mechanism to replace the database,” said Loaiza.
However, enterprise customers may still be curious about how to delete data once it gets inserted into the blockchain tables. According to Loaiza, organizations can set a time limit for how long data needs to remain immutable. “By default, it’s forever, but there are business cases where after three months or a year, it’s okay to delete data, as it’s no longer valid or necessary. Users can’t delete the data in a blockchain table until the time limit expires,” he remarked.
Is this how enterprise blockchain will look?
While Oracle’s blockchain tables demonstrate a clever way to leverage the benefits of blockchain within a secure database, the offering is much different from typical enterprise solutions that focus on decentralization across multiple entities.
This could very well be a good thing, though, as some enterprise blockchain offerings have failed recently. If Oracle’s new solution proves to be effective, enterprises may start leveraging blockchain more as a middleware rather than as an entire implementation.