The gist is that encrypting and authenticating main memory still leaves you vulnerable to memory access traffic analysis. This is analogous to the NSA seeing metadata on phone and email traffic.<p>ORAM makes those accesses oblivious to someone sniffing memory traffic. That could be a device installed on cloud service provider hardware, which would be undetectable by end users.