An official document containing policies and pledges for customers of Oracle's cloud services reveals that many aspects fall in line with industry standards, while others may prompt cause for worry among customers, according to analysts.
The document was last updated Dec. 1 and is marked "confidential," despite being openly available on Oracle's website (PDF). It lays out the rules by which Oracle and its cloud customers must play, apart from any special terms that may exist in individual contract agreements. Oracle launched a wide array of cloud services this year, including its Fusion Applications as well as a PaaS (platform as a service), IaaS (infrastructure as a service) and social network.
[ Stay on top of the current state of the cloud with InfoWorld's special report, "Cloud computing in 2012." Download it today! | Also check out our "Private Cloud Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
Analyst Ray Wang, CEO of Constellation Research, offered a measured perspective after viewing the document this week.
In many respects, Oracle's policies fall in line with principles spelled out in a cloud customer "bill of rights" document Wang recently created, he said.
But customers should be mindful of other policies, such as one that allows Oracle to turn off access to accounts in the event of a dispute or account violation. "Customers may want to get clarity on the type of incidents that would result in a temporary turn-off of service," Wang said. "Unlike on-premises software, this is a potential concern, so the process and triggers should be carefully outlined."
But another analyst took a more critical view of Oracle's cloud policies.
Oracle's pledge of 99.5 percent availability "sounds pretty good, until you understand that it is only measured against planned availability," said analyst Frank Scavo, president of IT consulting firm Strativa. Oracle grants itself a number of exceptions with respect to "unplanned downtime," some of which seem overly generous, Scavo noted.
For example, one gives Oracle an exception in the event of the "unavailability of management, auxiliary or administration services, including administration tools, reporting services, utilities, or other services supporting core transaction processing," Scavo noted. "Inasmuch as the availability of system components are under Oracle's control, why does Oracle grant itself an exception for their unavailability?"
In another instance, Oracle dictates that it is taking responsibility for cloud security, including system hardening, Scavo said. "But it then turns around and grants itself an exception to its service level agreement in the event of 'a hacker or virus attack.'" The vendor is also more than capable of thwarting a denial-of-service attack, and therefore such attacks should not be grounds for Oracle to fall short of its availability promise, Scavo added.