"The current state of the art is not getting it done," he said, pointing to the tens of millions of credit card numbers stolen from retailers, the extensive information contained in the records stolen from the US government's Office of Personnel Management, and notorious malware such as Heartbleed and Venom.
But the Security in Silicon features in Oracle's new SPARC M7 processor mean data can be kept encrypted with practically no performance hit (so there's no good reason for failing to encrypt data), and also prevent applications accessing memory that's not allocated to them.
Heartbleed worked by tricking the system under attack into transmitting the contents of memory following the locations that it was supposed to be sending, which the M7 prevents from happening.
He said companies should ask cloud providers 'Can your engineers have access to all our data? Yes or no?'
"The answer is almost always yes," he said, but "Nobody at Oracle... can read our customers' data I the cloud" - presumably if those customers are using Key Vault.
Other security-related services and features mentioned by Ellison included Database Vault (the separation of technical decisions about the database from issues like access control), Audit Vault (all log entries are stored for the customer to examine), Database Firewall (prevents SQL injection), Data Masking and Subsetting (provides a copy of a database for development and test purposes with selected fields changed to protect security and privacy but in a way that they still meet any validation checks in the program).
Some organisations either are uncomfortable with the idea of shared resources, or there may be a regulatory barrier to their use. For such customers, Ellison announced that Oracle now offers dedicated servers at half the price of AWS shared servers.
The company already offers archive storage at US$0.001/GB/month, which he said was one-tenth of AWS's rate, but a new feature is that it can now be used in conjunction with on-premises systems as part of hierarchical storage management.
And for customers who like the idea of having their on-premises systems as similar as possible to those used in the Oracle Cloud in order to make it as easy as possible to move workloads back and forth, Ellison announced the Oracle Private Cloud Machine for PaaS and IaaS.
Taking responsibility for the name, he joked "we have half the reference manual in the name itself."
This is just the first in a series of Private Cloud Machines, Ellison said: "It's a fundamental part of our strategy."
Disclosure: The writer attended Oracle Open World as a guest of the company