Experts Critical of Oracle’s Cloud Rules Revealed by ‘Confidential’ Official Document
Oracle has made it pretty clear by now that it will focus on cloud technology, as it is the future of the IT world.
This statement has been asserted by the fact that most of the products and services that Oracle has come up with have been cloud based. It is about time instructors started conducting full-fledged Oracle training classes that exclusively focused on cloud based technologies. One thing that Oracle is not too clear on is the rules by which the cloud based technology customers have to play.
This aspect has now been cleared up by what is apparently a confidential official document from Oracle that is available for public access on its official website.
Analysts Opinion That Customers Will Not Be Too Happy About Certain Policies
With the news about availability of this document becoming widespread, a number of experts and analysts sought to look into it and gauge the reactions of the customers. While the overall opinion about the policy document was that it was standard protocol, some analysts expressed concerns about a few sections in the policy handout.
They said that customers might want to look at those few sections more carefully and assess its implications. The experts urged the customers to do so before registering for the Oracle cloud service so as to ensure that they don’t face any operational dilemmas.
Policy Book Gives Some Very Generous Exceptions to Oracle
There are certain clauses in the policy and pledge document that generously exempt Oracle in case of some glitches on their part. Frank Scavo, Strativa’s President and also an analyst, said that Oracle has mentioned 99.5% of availability of its services. To a casual observer or to someone who doesn’t read between the lines, this seems an excellent proposition. However, he said that this is a planned move on the part of Oracle to grant itself a very generous exception in terms of downtime. He rounded off by saying that the condition that specifies the downtime can be unplanned will hurt the customer, especially if the downtime coincides with an especially busy business day.
Exception to Services That Are In Control of Oracle
Scavo was critical of another section in the policy book that highlighted the part where services that are in control of Oracle are also exempted. This particular rule states that services like reporting, utility tools, administration tools, auxiliary services, management unavailability, core transaction processing support, etc were all under the exemption clause that was highlighted in the previous paragraph. All these come under the 99.5% availability clause. Scavo questioned the logic behind this clause as he said that all these are services that are controlled by Oracle.
In case of a glitch, Oracle should immediately fix it and ensure that the services are back on as soon as possible.
Security Clause Exception
In the policy document that is available on Oracle’s website, the company claims that it takes full responsibility for cloud security. This also includes system hardening and other associated features. However, the company adds a sub-clause that grants it immunity in case security is breached by a virus or hacker attack.
This is completely ridiculous as the whole purpose of security is to ensure that hacker or virus attacks are prevented. Such attacks should not be considered as reasons by Oracle for denying their service to their customers.
Account Violation or Dispute
There is another clause in the cloud policy document that highlights the role of Oracle in the case of a reported account violation or any other related disputes. This clause states that Oracle retains the right to withhold cloud services in case of any dispute or violation.
But there are no details on what the exact grounds are, on which Oracle retains the right to withhold the services. Disputes and minor violations are common while running a company. Even if small issues come under this ‘withholding of service’ clause, it is a cause for concern among the customers. This topic can make for an interesting.
Maintenance Downtime Twice a Year
There is another clause that states Oracle has full rights to make unspecified changes to the cloud infrastructure that it is providing, twice in a year. In times like these, services can be stopped for up to 24 hours. Downtime of 24 hours can affect businesses with high computing needs, preparing for an event like that is something that you will learn to prepare for your Oracle DBA ceritfication. This is another clause that customers need to be careful about.
All these loopholes suggest that the governing policy for cloud services is not as good as we hoped it would be. The only hope here is that Oracle polishes this policy before making it official.
Please Share This Knowledge With Others!
Wanda says
Thank you for posting this because the company that I work for has been discussing what they should use and they were leaning towards the Cloud, after reading this I will make sure that they read it and have the information on Oracle that is required to make a decision for the best. I appreciate this because I will be the one using it.
Nancy says
So form what I gather here you think that Oracle is better than the Cloud but you really didn’t give any personal reasons as to why. You listed issues that you thought there may be with each but something like this I have come to realize is more a personal preference over anything else. I haven’t used either one yet so I am sure my opinion will be different.
FireStarter says
Hi Nancy,
Actually the point of the article is that Oracle is really moving more and more towards cloud based applications. Oracle is the cloud. What some experts are cautioning is that administrators and those investing in the systems would be wise to check some of the fine print and keep an eye on evolving policies coming from Oracle and their clear strategy of expanding those cloud based systems.
Dana says
It sounds to me like a typical legal document devised with the purpose of exempting themselves from any liability. That is understandable because this is a new direction that Oracle is taking and there are bound to be mistakes made along the way. So they may as well put that in writing so people understand that they would be, in some ways. Operating Oracle cloud services at their own risk.
Patrice says
It seems that Oracle has quite a few bugs to work out before they can proclaim that all or at least most of the security vulnerabilities are resolved / plugged up. This is not uncommon, actually. I have used far less complex content management systems such as Joomla, and that open source system is always releasing security patches almost every other week. It happens.
Robert says
I suppose we should sing the praises of the mighty Oracle (as ancient Greeks once did) for making this white paper available to the public. Not revealing the so called rules would be like going to watch a sporting event involving two teams that do not know the rules. There would be all kinds of chaos. Oh, and publicizing misleading information about down time should be as illegal as manipulating an odometer on a vehicle.
Cory says
Patrice, you are right there are a lot of kinks to work out as far as it goes when you deal with any kind of computer security they are making updates to it everyday because the bad guys hacking your computers are making updates on the hour, I can not tell you how many times we have had to revamp our security because of porn sites changing the way they get in.
John says
The alarming news from this article begs the question: did Oracle purposely release a guarded, stealthy document about security vulnerabilities or was some measure of irony involved when this document, designed to warn others about the dangers resulting from security vulnerabilities, suddenly got leaked from their internal network. The later would actually be pretty funny in an ironic sort of way.
Pete says
The company that I work for wants to start using cloud, after reading this I am not to sure that is a good idea. I am going to send this link to the IT director because that way the negative feed back about it will come from him instead of someone in my position. Thank you for posting this information though we could have made a very big mistake.
Charles says
The Cloud has become a buzz word. Everything seems to be migrating toward cloud servers, and Oracle’s move toward cloud based services officially marks the watershed moment when everything takes that direction. Clearly, Oracle has not mastered cloud server maintenance yet, but that is only a matter of time. Still, having only two periods of downtime annually is pretty good for anyone.
Corey says
I wonder how well known this security white paper document is among the clients / users of Oracle services. I am sure it is known among developer circles, but if those users who pay lots of money for Oracle software or hardware know about this, does it cause a rift in the future of their relationship? Do clients who guard super sensitive information turn to a better, more established / secure solution?
Jennifer says
This is disconcerting because it shows that there exist vulnerabilities in even the most established of data management companies. I hope they get to a point where they resolve these security issues. I am sure once Oracle reaches this plateau, they will not hesitate to alert their major clients and the general public.
Meta says
I understand the kinks that Cory and Patrice are talking about but it doesn’t sound like they are going to be ironing out a lot of kinks all the time it sounds more like they are going to focus on updates etc. twice a year which really isn’t anything at all when you think about it. I do see a problem with the 24 hour window of it being down though.
Phillip says
Perhaps Oracle will benefit from President Barack Obama’s signed executive order requiring federal agencies to share cyberthreat information with private companies and to create a cybersecurity framework focused on reducing risks to companies providing critical infrastructure. The cybersecurity framework would be voluntary for some operators of critical infrastructure, but the order also requires federal agencies overseeing critical infrastructure to identify the operators and industries most at risk.
Lana says
This was a very interesting blog post and you have a lot of information in there that the normal person such as myself would not have been aware of. Thank you for posting this it makes since to me and that takes a lot of work, you have done a great job and I hope that you keep it up. This is the kind of thing that the public needs to be aware of.
Adrian says
It sounds like there are potential problems with the cloud but it also sounds like Oracle has covered their back side with clauses in their document that protects them if something happens. This was very interesting and I am looking forward to the next post that you do. Thank you for taking the time to write this up it was done very well.
Charles says
Is it true that Apple has made it impossible to use anything but Icloud? I was hearing this last weekend and I couldn’t believe that they would do that. But my brother in law tried to explain the best he could and it actually made sense when I thought about it, it would corner the market for their line of computers. Let me know if you would.
Clara says
I understand that Oracle is the Cloud but is it as controlling as the Icloud that Apple has for the MAC system? From what I understand Apple has changed things where you have to have this on your Apple because it is the only system you can back up to. Thank you for posting this I look forward to your next post being just as great.
Larry says
I have heard a lot of contradicting information about this stuff and I am finding it hard to find one blog post that I can believe to be truthful, they are all pushing their product of course and not one is being honest with the issues that may come up. Your post was great just like many others but it just didn’t have the information I was looking for.
Amy says
Thank you for doing this I am looking forward to seeing what you do the next time because this was done very professionally and I actually look forward to seeing what other right about it I was noticing some of them already brought up the Icloud thing so that will be interesting. Keep up the good work you are getting the information out there.
Jerry says
Clara I have heard this same thing but I have yet to verify that to be true. I am hoping that someone will respond to this question to give us the proof we need that it is true before I go out and buy a MAC. I want something that will offer a lot of options not limit me to one and only. Thank you for bringing this up. Keep up the good work.
Thomas says
There seem to be a lot of clauses that you need to look out for when you are talking about Oracle, full rights to make unspecified changes especially to a business that has high computing needs. I am not sure about this and I am thinking that I am going have to research this a little more before I commit to anything like this. Keep the info coming please.
Brandon says
Is it true that Apple has made it impossible to use anything but Icloud?
I was hearing this last weekend and I couldn’t believe that they would do that. But my brother in law tried to explain the best he could and it actually made sense when I thought about it, it would corner the market for their line of computers. Let me know if you would. -B
Tony says
I am glad that you posted this because I have heard by word of mouth about some of this from friends of mine in the IT industry but this clears up any doubts that I had about it in the first place. You have done a great job on this post and I hope that you continue to out doubts to rest by doing this. Great work keep it up people need to know.
Andrea says
One clause after another right? I can’t believe that there was this much hidden stuff in there that no one knew about. Thank you for posting this information I am looking forward to the day when everything comes out into the light and we can choose a service or company honestly and off of their good work.
Joan says
This move to cloud based technology should come as no surprise to anyone as it is the wave of the future. What should be surprising is that it took Oracle so long to make this strategic decision. It’s almost as if Oracle was moving slow, as most large organizations do when changing policies or philosophy. It takes longer for large organizations with all their moving parts to adapt to change.