- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
IDG News Service - An official document containing policies and pledges for customers of Oracle's cloud services reveals that many aspects fall in line with industry standards, while others may prompt cause for worry among customers, according to analysts.
The document was last updated Dec. 1 and is marked "confidential," despite being openly available on Oracle's website. It lays out the rules by which Oracle and its cloud customers must play, apart from any special terms that may exist in individual contract agreements. Oracle launched a wide array of cloud services this year, including its Fusion Applications as well as a PaaS (platform as a service), IaaS (infrastructure as a service) and social network.
Analyst Ray Wang, CEO of Constellation Research, offered a measured perspective after viewing the document this week.
In many respects, Oracle's policies fall in line with principles spelled out in a cloud customer "bill of rights" document Wang recently created, he said.
But customers should be mindful of other policies, such as one that allows Oracle to turn off access to accounts in the event of a dispute or account violation. "Customers may want to get clarity on the type of incidents that would result in a temporary turn-off of service," Wang said. "Unlike on-premises software, this is a potential concern, so the process and triggers should be carefully outlined."
But another analyst took a more critical view of Oracle's cloud policies.
Oracle's pledge of 99.5 percent availability "sounds pretty good, until you understand that it is only measured against planned availability," said analyst Frank Scavo, president of IT consulting firm Strativa. Oracle grants itself a number of exceptions with respect to "unplanned downtime," some of which seem overly generous, Scavo noted.
For example, one gives Oracle an exception in the event of the "unavailability of management, auxiliary or administration services, including administration tools, reporting services, utilities, or other services supporting core transaction processing," Scavo noted. "Inasmuch as the availability of system components are under Oracle's control, why does Oracle grant itself an exception for their unavailability?"
In another instance, Oracle dictates that it is taking responsibility for cloud security, including system hardening, Scavo said. "But it then turns around and grants itself an exception to its service level agreement in the event of 'a hacker or virus attack.'" The vendor is also more than capable of thwarting a denial-of-service attack, and therefore such attacks should not be grounds for Oracle to fall short of its availability promise, Scavo added.
Scavo also took issue with Oracle's apparent reluctance to allow customers to perform independent monitoring of its cloud services. "Exceptions to this are the Oracle Database Cloud Service and Oracle Java Cloud Service or if otherwise expressly permitted in the ordering document," the policy sheet states.
"Oracle's stated reason here is to ensure that any such monitoring tools do not adversely impact the cloud services," he said. "However, it would seem to also preclude a low-impact automated script running in the customer's own data center to merely ping the cloud system, say, once a minute, to ensure that the system is available and to notify the customer if it is down. This [policy] seems to me to go beyond what is necessary." Customers should push for the right to independent monitoring during contract talks, Scavo added.