Oracle Israel head: Storing data outside Israel is dangerous

Eran Feigenbaum  credit: PR
Eran Feigenbaum credit: PR

After Oracle's loss to Amazon and Google in the Israeli government's Nimbus cloud computing tender, Eran Feigenbaum  fires back.

"Larry Ellison doesn’t like to lose, and when one of the biggest billionaires in the world doesn’t like to lose - that’s dangerous," says Oracle Israel country leader Eran Feigenbaum about the $250 billion market-cap technology giant’s founder, who still serves as chairman and vice president of technology. Feigenbaum refers to Ellison's motivation to bring Oracle into the cloud infrastructure space in 2016, after it was already dominated by Amazon and Microsoft. But Feigenbaum’s statement about Ellison’s aversion to losing can also be understood in another context that is at the center of our interview.

Last April, the Accountant General of the Ministry of Finance announced that Amazon AWS and Google Cloud had won the Nimbus government cloud tender. Both companies were selected to provide cloud infrastructure to government ministries, the IDF and local authorities for the next seven years, with the possibility of further extensions for up to 23 years.

Oracle and Microsoft were left out, disqualified in the first phase of the tender, their price bids not even reviewed. Ironically, Oracle will be the first of the international giants to open a server farm in Israel this year, but it lost out to Google and Amazon, whose server farms are at earlier stages of construction. Perhaps because of this, Oracle is not willing to accept the loss easily; the company filed a petition last month in the Jerusalem District Court against the Government Procurement Administration and against the tender winners.

Oracle has hinted there were serious deficiencies in the Nimbus tender, but has refrained from detailing its full claims, which will be heard behind closed doors at the request of the state. "The lawyers have explained to me what I can and can’t say," Feigenbaum says. Even without listing all the claims, Feigenbaum has a lot to say about the tender, its wording and the results. And if you ask him, the appeal and Oracle’s battle are not at all a matter of money, believe it or not.

"Even if they don’t pick us, they’ve got to fix Nimbus"

"Financially, Israel and Nimbus are insignificant to Oracle, which is a company that turns over billions, with 140,000 employees. But as far as we are concerned, on an emotional level, what’s being done with Nimbus is a terrible mistake for the citizens of Israel and the Israeli government. As someone who has returned to live in Israel, and whose personal information will be stored in the cloud, I’m uncomfortable with some of the Nimbus decisions," says Feigenbaum.

It's hard to believe that money isn’t the issue.

"You can look at Oracle's published figures. Estimate how much Nimbus is worth and check that against Oracle's last quarter - it isn’t even 1% of revenue. Even if they don’t pick us, they’ve got to at least fix Nimbus. I care less about who wins, but they’ve got to do the right thing for Israel. "

Feigenbaum was born in Israel but in his youth moved with his family to the U.S. He began his career in cybersecurity at PwC in the 1990s, when he conducted threat and vulnerability studies for financial institutions and media organizations. After serving as Chief Information Security Officer (CISO) at PwC, he went to Google, where he served as that company’s Director of Security and founded Google's Cloud security group.

After a decade at Google, Feigenbaum went on to become CISO at Jet.com, an online commerce start-up that was acquired in 2016 by Walmart for a whopping $3.3 billion. Following the exit, Feigenbaum thought he would retire, or at least take a long break from work, until he received an offer from Oracle to be Chief Security Officer for Oracle Cloud, a position he held until recently becoming head of Oracle Israel.

Opinion: Oracle Cloud isn’t encrypted enough for the IDF

Oracle's disqualification from the tender followed, among other things, an opinion formulated by Brigadier General Ziv Avtalion, head of the Digital Transformation Administration in the IDF C4I and Cyber Defense Directorate. In his opinion, Oracle Cloud is not secure and encrypted enough to meet the army's needs.

"That's just nonsense," Feigenbaum responds. "Our cloud is used by eight of the 10 largest federal agencies in the US, all branches of the US military, the CIA, and 38 US states. Precisely because we entered the market late, we could look at all the security risks and design our cloud accordingly, unlike others who designed their cloud fifteen years ago in accordance with the risks at that time. We created infrastructure partitions that don’t exist anywhere else, with no Oracle software running on the client’s cloud server, which is something the others don’t have. So, when I hear complaints about security, I think, ‘There’s someone who either didn’t understand or didn’t want to understand.'"

Another objection that contributed to Oracle’s disqualification was that its cloud uses an external product to provide virtual desktop infrastructure capabilities for remote work. "First of all, this solution was a very small part of the Nimbus tender," Feigenbaum responds. "Beyond that, when you do online research, you find that Google also uses a third-party solution. They also don't have their own product as far as I know, unless it's something they don't advertise."

Are you actually claiming that the people who conducted the tender were unprofessional, or acted out of extraneous considerations?

"The truth is, I don't know what was going on in their minds or how they came to the decision. The whole Nimbus tender was done on paper, they didn’t check anything. They didn’t check security, they didn’t check features. I don’t know what my competitors said, but I’m originally a technician, I’ve used other clouds, and I worked at Google for 10 years. I know ours is the most secure cloud."

"I've never heard of that in my entire career in security"

If anything, Feigenbaum accuses the Accountant General at the Ministry of Finance of failing to take security considerations into account in the Nimbus tender. As Amazon and Google have not yet completed the construction of their server farms in Israel, (Amazon has announced that completion will be in the first half of 2023, while Google has not specified a date), in the first phase, government ministries will make use of cloud services from the companies' servers in Europe, as is already done today.

"I've never heard of anything like that in my entire career in security, where a country allows its data to reside in another country," Feigenbaum says. "Suppose we put Israel's data in Germany; it’s now subject to German law. You can see for yourself how many times Google gave information to the German government. [According to Google's transparency report, in the first half of 2020 the company received about 13,000 requests from the German government for personal information, and provided information for 75% of those requests - O.D.] Now imagine that an organization like the International Criminal Court wants information on IDF soldiers. It doesn’t have to ask Israel for anything. All it has to do is get an order in the country where the data are stored. It's not Google or Amazon's fault, it's just the way the world works. Running any cloud outside of Israel, storing Israeli data outside Israel, is dangerous. Even if you were using Oracle, if it were outside Israel, I wouldn’t rest easy."

Basically, all data transferred beyond Israel’s borders must be approved by an information security committee, but the latest State Comptroller report revealed that in at least ten cases ministries did not contact the committee as required before uploading data to a non-domestic cloud. "It’s just not realistic to expect a central committee to review everything that goes to the cloud," says Feigenbaum. "Will every developer in Petah Tikva, or any other city for that matter, have to submit every cloud-based project they do to the central committee? That will either be a very busy committee or a very slow process."

"Ours is the fastest growing cloud"

Another requirement that Oracle claims was missing in the tender is that the server farms should be built in an underground structure. Oracle's server farm, constructed by Bynet Communications on Har Hotzvim in Jerusalem, is nine floors underground. "If you’re building a data center in the Netherlands, you build it on pillars because that country suffers from floods. Similarly, when you build a data center in Israel, you want it to be underground. Every place has risks to consider when building a data center and in Israel, unfortunately, the risk is missiles. What happens if a missile falls on a data center and suddenly there’s no access to the medical records for a child who needs to go to a hospital?"

The winning vendors will set up three separate server farms to take care of continuous operations. Why isn’t that enough?

"When each site is vulnerable on its own, what's the benefit of having three? You can also have six server farms, but as long as they can be easily destroyed we’ve accomplished nothing. It just gives our enemies more targets and gives us more things to protect. It would have been much better to have two server farms underground than six above-ground."

Looking at your tiny market share in the global cloud market, just 2%, you can understand why they didn’t pick Oracle.

"It depends on how you view the market. You could say we're kind of a niche player. We haven't built a cloud for small companies. It’s a cloud for major corporations and governments. We’re not looking to sell our cloud to someone with three users, we work with the CIA, the FBI, the US military. Besides, if you look at current reports, you'll see we're the fastest growing cloud in terms of market share and features."

Oracle appealing to political lobbies

In any case, Oracle is not content to fight on the legal plane alone. As part of its battle, Oracle Global CEO Safra Catz came to Israel last month and held a press conference that dealt, of course, with the Nimbus tender. At the same time, Ezra Cohen-Watnick, Vice President of Corporate Strategy at Oracle and former Under Secretary of Defense for Intelligence in the Trump administration, recently landed in Israel and met with Knesset members regarding the tender.

Feigenbaum sees no problem in this kind of political advocacy. "Ezra Cohen was in the Trump administration but is no longer there. He came to Israel to explain the mistake that’s happening here. A mistake was made and it’s our responsibility to shout it out to anyone who wants to listen."

It was reported that you hired Zvika Naveh and Yaakov Perry’s business intelligence company CGI Group to gather information about the tender.

"We’ve already commented on this and said we do not know this firm."

For Oracle, the current goal is not necessarily to disqualify Google and Amazon, but to somehow to persuade the country to allow more cloud providers, like them, to sell services to the government as well. " Nimbus doesn’t guarantee you any amount of money from the government, so logically it would have been possible to set a minimum criterion and let any company that meets it sell to the state. Every government ministry and office has different needs, so why push only two or even three suppliers? Let them choose between all of them, like they did in Switzerland, Britain, and France. Think of where we were 23 years ago, when there was no Zoom, not even the iPhone - who knows what technology or market leaders will be by then. So why lock in something like that?" says Feigenbaum.

Do you believe it will be possible to change the decision in the Nimbus tender?

"I don’t know, I very much hope so. I want to keep an open mind, to believe that our claims will get to reasonable people who will listen. Let them understand what errors were made in Nimbus and what the dangers are. I hope a judge sees this."

Google and Amazon did not respond to a request for comment.

The Ministry of Finance stated: "This is a flagship project led by the Department of the Accountant General, carried out in accordance with the most stringent standards. The tender team, which includes professionals from all relevant government ministries, examined the various bids in depth, including the Oracle bid. The team selected the winning companies out of a desire to provide the highest quality of service for the good of the citizens of the State of Israel. However, since the announcement of the winners of the tender, we have unfortunately witnessed misleading statements published in the media in the commercial interests of various business entities, in an attempt to disparage the professional and in-depth work of government and security professionals, which was done over a long period of time.

"For example, contrary to what has been said, any information transferred to servers abroad will be carefully examined by the competent authorities, including the security authorities. In addition, the tender organizers allowed the government maximum operational flexibility so that at the end of the first engagement period it would be possible to add additional suppliers. We emphasize that as part of the tender, significant discounts were received from the world's leading cloud providers. We hope that all the parties who participated in the tender will accept the decision of the Accountant General's Division so that the Nimbus project will proceed in a fair, orderly manner, for the benefit of the citizens of the State of Israel. "

Israel’s largest computer tender to date

The Nimbus project is considered the largest computer tender to date in Israel. Its goal is to migrate government ministries, the IDF and local authorities from their on-premises computer infrastructure to the cloud as part of a so-called "digital transformation" process. The tender got underway in January 2020 after the state came to the conclusion that setting up a dedicated government cloud was too expensive an option compared with relying on external cloud services providers.

As part of the tender, the two winning suppliers are required to set up cloud data centers in Israel at an estimated initial cost of about NIS 4 billion, so that the data will be stored within Israel's borders. In addition, according to the Ministry of Finance, about 3,000 workers are expected to be permanently employed as part of service provision. Accountant General Yali Rothenberg hinted that the price for the provision of services received from Amazon and Google was less than 80% of globally published prices. However, the state never opened the bids from Oracle, IBM and Microsoft in the tender, so it is not clear whether they offered lower prices.

The Nimbus tender does not define Amazon and Google’s expected revenue on providing services to the state, but estimates suggest that most of the state's NIS 500 million annual computing budget will go to the cloud. Amazon won the majority of the tender and is expected to receive 70% of government activity versus 30% for Google.

Eran Feigenbaum Personal:

  • 47 years old, single.
  • Born in Israel and moved to the US after his father got a job at NASA.
  • Holds a degree in Electrical and Computer Engineering from Pepperdine University and a Masters in Business Administration from the University of California, Irvine.

Professional:

  • Oracle Israel country leader
  • Previously, Chief Security Officer, Oracle Cloud for three years.
  • Was Chief Information Security Officer (CISO) at PwC and at Jet.com (a startup sold to Walmart).
  • Served as Director of Security at Google Enterprise and founder of Google's Cloud security group.

One more thing:

  • Feigenbaum is a professional mentalist. Under the stage name "Eran Raven" he has even appeared as a contestant on NBC talent show "Phenomenon!", where one of the judges was Uri Geller.

Published by Globes, Israel business news - en.globes.co.il - on August 23, 2021

© Copyright of Globes Publisher Itonut (1983) Ltd. 2021

Eran Feigenbaum  credit: PR
Eran Feigenbaum credit: PR
Twitter Facebook Linkedin RSS Newsletters גלובס Israel Business Conference 2018