Special report Cloud, cloud, cloud, cloud. Oracle – the IT giant once known for its derision of the off-premises tech – spent its four-day annual conference waxing lyrical about how it is now great at the fluffy stuff.
Having been caught on the back foot, and having watched Amazon, Google, and Microsoft zoom past it, Oracle has been forced to muster all its resources just to catch up on the cloud front – and recent financial results demonstrate that there is still some way to go.
And so the database goliath is forced to come out fighting; from one side, CTO and founder Larry Ellison throws shade on competitors at every opportunity, and on the other, co-CEO Mark Hurd issues bullish predictions about cloud services that suit Oracle’s business model.
This year’s OpenWorld was, as usual, a gigantic event that closed down San Francisco’s South of Market Street neighborhood for a week, all while striking workers formed noisy picket lines outside hotels used by Oracle for its event. The rhetoric on stage was equally blockbuster, with security, applications, and machine learning topping the bill alongside the inescapable cloud.
Ahead of the conference, much was made of the surprise departure of Oracle cloud guru Thomas Kurian, and its latest quarter's ho-hum financial performance. These two things did little to allay fears the firm’s decision to blend its cloud sales figures in with on-premises sales numbers was anything other than a move to obscure slow progress.
Although no exec would discuss financial digits directly, Oracle's senior veep for cloud, Steve Daheb, attempted to flesh out Oracle’s previous statements, and his comments gave an idea of how the company is justifying the change. “You’ve got to look at how customers buy,” he told The Register. “They’re buying on-prem license options. Some of those are lifting and shifting, and moving to the cloud. There’s a lot of cloud that’s bridged with on-prem.”
For Oracle, he went on, it is a question of “when does an application start, and a platform service come in? Is analytics an application of a platform?”
He added that sales lines were also blurring, with traditional tech reps who normally sell databases talking to line-of-business users about applications, and that customer conversations aren’t entered into with the attitude of “I’m talking to them about SaaS”.
Daheb also argued that Amazon “doesn’t have that problem – they don’t have an application layer.”
But Amazon also has an indisputably stronger position in the cloud market, and Oracle is desperate to catch up – or drag the competition down to its level (hence all the trash talk).
“The hype and the messaging – attack Amazon, assert leadership – [at OpenWorld] was enormous,” said Gartner’s Merv Adrian of the event. “Oracle are playing catch up in the cloud and the intensity of the attack shows both that they are behind, and that they are taking it seriously.”
Security as a selling point
One of the main lines of attacks on AWS that jeans-toting Ellison launched this year was on security, claiming that Oracle Cloud Infrastructure (OCI) was tackling a vulnerability Amazon does not address. The bottom line here is bare-metal isolation: Oracle is promising full separation of the code it uses to manage the cloud from customers’ code, as well as ring-fencing each customer’s software stack from its neighbors.
Well, it is the Empire of enterprise IT... Oracle's Ellison plans 'Star Wars cyber defense' for his second-generation cloudREAD MORE
This means Oracle can’t see customer data, and that no code provided by a customer can touch the control plane of Oracle’s cloud, so malicious subscribers can’t access or manipulate it.
“Having the provider control data on a separate set of servers with controlled port access means that any malicious attacker (even if they get access to a customer's data) cannot also reach other customers or the provider's control plane,” said Ovum analyst Roy Illsley. “This level of security is precisely what is needed when the cloud begins to be used for more of the mission-critical and core business applications, which Ovum's data indicates will happen in the 2019/20 timeframe.”
This is central to Oracle’s promise of core-to-edge security, which it is using to persuade customers to move to the cloud.
Many users, especially in risk averse sectors like finance or government, have shied away from the cloud because of security concerns – the database titan is trying to hammer home the idea that, with all of its latest bells and whistles, it’s simply more secure to have your data in Oracle’s cloud.
Chief corporate architect Edward Screven likened it to having “a few strong vaults” with good architecture, infrastructure and management control that will be “far, far more secure” than having information spread out across many less secure “bunkers.” His higher-ups are even more bullish, with both Ellison and Hurd describing “impenetrable barriers.”
Moving beyond the cloud infrastructure, Oracle announced various other integrated security features, including pervasive key management service, a web application firewall, distributed-denial-of-service protection and a cloud access security broker.
It also pushed the security benefits of its autonomous database, which was announced at the last OpenWorld, and offers end-to-end automation of provision, scaling, tuning and patching.
The latter point was really hammered home this year, with Ellison continually equating a move to the autonomous database to shifting from “your humans versus their robots” to “our robots versus their robots.” The database giant also went to great lengths to emphasis the increasing number and sophistication of cyber attacks – the premise is that users need all the help they can get.
“Ten years ago, it [security] was viewed as an obstacle to moving to the cloud – you can’t trust stuff up there, and you lose control,” Don Johnson, OCI senior veep, told journalists in a briefing.
“The reality is you’re outclassed and you’re outgunned by many actors, nation state actors… and there are things we can do in the cloud that really are just categorically better by virtue of the fact you have thousands of the best engineers in the world continual on your side building those systems.”
The batch of security announcements and new cloud architecture should help Oracle meet its immediate priority of clinging onto a lot of its customer base, Gartner's Adrian reckoned, and "may get some tyre-kickers from outside.” However, he warned that the firm will need to expand on this soon:
Impenetrable sounds good, but everything gets penetrated. ‘I have more bots than they do’ is cute, but they need to get into the hard work of behavioral analysis of threats after penetration happens and show how remediation can be more fine-grained than ‘we install patches automatically’.