For once, Oracle OpenWorld went long on substance. That’s hard to do when you have so many products to discuss and Larry Ellison pontificating, but he was both under control and substantive — though he couldn’t resist taking a few shots at competitors.
Oracle’s team hardly ever sees SAP and IBM in deals these days, he announced, and he gave due praise to cloud pioneers NetSuite and Salesforce.
Interestingly, Ellison always mentioned NetSuite, which he owns a considerable share of, before Salesforce, which he invested in back in the day, despite the fact that Salesforce is six times larger than NetSuite by revenues. Both companies are doing just fine, thank you veddy much.
Beyond the product revisions and enhancements, I saw two real news items: Oracle is now (at last) a cloud company, and the company put an important marker down on improving IT security — first things first.
In the Cloud
Oracle always has been in a different business than the cloud pioneers in that it has a huge customer base (420,000 customers on one sign) to bring along to the promised land compared to the pioneers that more or less invited customers to start over, in many cases, in the cloud.
That reality permeated the keynotes and discussions led by Ellison in a Sunday keynote; CEO Mark Hurd on Monday; Thomas Kurian, president of product development, on Tuesday; and Ellison in another keynote Tuesday.
Each man offered the view that for the next one to two decades, enterprises would operate in a hybrid — on-premises and cloud model — transition state. Further, Oracle would continue to develop, maintain and enhance on-premises applications during that time, each was careful to articulate. No hard date for the end of the transition was offered.
It was a delicate balancing act trying to assure big enterprises considering the cloud because their deployments represent a large mass of computing that won’t easily unravel overnight.
Still, my thinking is that while there might be traces of on-premises applications 15 years from now, most of the transference will happen quicker for two reasons: First, cloud apps will make their users more competitive, and second, security improvements will make cloud increasingly attractive.
By itself, cloud is just a delivery mechanism, and there’s little about it to recommend it for pure delivery. Layered on top, as most people know, there’s a total-cost-of-ownership advantage to cloud systems.
Even more than this, however, is the reality that when businesses transfer to new platforms, most take the time to reimagine the business and the apps. Consequently, the great cloud migration of the rest of this decade will be a moment when businesses ditch some spreadsheet apps that never worked very well so that they can achieve long-desired end-to-end process support for their businesses.
This migration from transaction systems or systems of record to process-oriented systems is where the real payback for moving to the cloud will be found. It’s also a real source of competitive differentiation for most companies, which will drive rapid adoption, so hang on — it should be an interesting ride.
At the same time, we need to acknowledge that when those businesses start to reimagine their business processes, it will open up many to competitive bidding for those new apps. That’s no surprise and one big reason that Oracle is making a conscious effort to court customers by being with them in their moments of truth as they contemplate their next moves.
That’s smart, in my opinion. Let’s watch how it plays out.
Security: What’s Old Is New
Many people shook their heads when Oracle bought Sun Microsystems because they saw Sun as playing in a space that was rapidly commoditizing. Some thought it as big a folly as Carly Fiorina and HP buying Compaq, but almost instantly Ellison began inventing differentiated hardware that set new standards for in-memory operations that vastly accelerated business processing.
Devices like Exadata, a storage device that leverages flash memory so that storage operations could happen at memory speeds rather than much slower disk speeds, led the parade.
The new security direction of IT based on Oracle products is to encrypt all data, Ellison announced at OpenWorld. He introduced several vaults, such as a password vault that stores unique encryption/de-encryption codes that users could keep on their own machines (hopefully a machine not connected to the Internet) or online in an Oracle cloud.
That was nothing, however. The bigger news was a new M7 CPU chip that offers security at the silicon level. This was instantly controversial in my circle and needs some explaining.
Security in Silicon
Oracle’s approach to security with the M7 chip will be debated hotly — is it just a speed bump for dedicated hackers or is there more promise? I think I am in the latter camp, though there’s a huge caveat.
Oracle/Ellison discusses the security debate this way: Securing IT should happen at the lowest possible level in the stack. Securing applications and data, for instance, should happen at the operating system level, which is also a logical place for hackers to do their worst.
To secure everything, we need to find ways to bring security into silicon — a place where hackers can’t make changes because they can’t alter chips.
The M7 imposes what’s basically a check-in, check-out scheme for memory. It allocates a given amount of memory to tasks, and if some piece of malware tries to occupy the memory space, overflowing the set parameters, the system easily can detect the intrusion and alert operators.
Software bugs might operate the same way, so there might be a few false positives as this paradigm gets going. So what? This is a crude description, and for a more detailed explanation check out Oracle’s video cache from the show to see Ellison explain it all.
As good as this sounds, and also incorporating M7’s very fast decompression algorithms, this security only operates on servers. It does nothing to protect desktops or handhelds.
The advent of the M7 could be an incentive to hackers to turn their attention to smaller machines, which could be infected to do things on behalf of bad guys. If so, M7 technology could be coming to a future PC, laptop or smartphone
On the Other Hand
While OpenWorld was a good show, it could have been better in some details. Some of the discussions of platform and infrastructure could have been helped along by video animation of some arcane points. I found myself watching demos that went on too long only to show a static screen with one thing changing in a window to indicate an infrastructure accomplishment.
Oracle is long overdue for investing in more video for these events, and judging by his comments at one point, I think Ellison took undue and perverse pride in his “graphically challenged” slides, as one tweet put it.
A couple of years ago, Oracle shrewdly ditched the CRM badge and called itself a CX, or customer experience, company, and there were enough CX announcements to make front-office people happy. However, it should be noted that the Oracle CX event will happen in April in Las Vegas, so stay tuned for that. Another post will dive deeper into CX at OpenWorld.
The critique I’d offer on CX is the same I’d give to any CRM vendor today. There’s a big discussion of products, but too often it revolves around point solutions for marketing automation, sales enablement, mobile computing or whatever. This represents a transaction mindset, and the front office needs to move aggressively to full end-to-end process support because that’s an important marker of the cloud.
My impression of all CRM vendors today is that they’re selling to the lowest common denominator — that is, aiming for the user who just wants CRM as a glorified Rolodex. That user represents about half of the market, so the orientation is understandable, but I wonder how it sits with the more advanced users.
At some point, we need to flip a bit and concentrate more on processes that the first half of the market can best use. That’s why I am eager to see what happens in Las Vegas in April and at other CRM vendor events next year.
I’ll Close Now
Oracle has become a real cloud company with offerings at the software, platform and infrastructure levels. It still takes a data center-centric approach to the business, especially when trying to reassure existing customers that there’s time for an orderly migration.
It’s a “new” cloud company in that it has thousands of successful and very reference-able customers and not tens or hundreds of thousands. Nonetheless, it is making strides and forecasts more than a billion dollars of new cloud business in the year ahead.
The company’s ace in the hole as it continues moving to the cloud may be its security-through-silicon approach, which still must be vetted. I might be in the minority about the security announcements, but it strikes me that locking down memory and CPU and encrypting data will enable users to starve any malware that tries to gain a foothold.
Since many cloud and subscription vendors as well as enterprise customers already use Oracle DB and many are buying Exadata devices, we could see a dramatic decline in intrusions and data thefts.
That won’t end the problem; it might simply make the hackers focus more intently on the desktops and smart devices. I don’t think the Internet of Things will take off until security is well in hand, and that will ensure that the security discussion continues.