Oracle DBAs: To what do you attribute problems with Oracle security?
a.) poorly designed software
b.) failure to apply patches and maintain software
c.) lack of financial resources
d.) all of the above
This question has recently made a small stir in the blogosphere, and not everyone can agree on an answer.
Bex Huff, in his “technology, lifehacks, and all that good stuff” blog, says: “Unlike James McGovern, I don’t believe security problems are entirely due to bad software or clueless developers… I’d argue most security problems are due to improperly configured and improperly maintained software. However, I also believe that blaming the implementation team is a cop-out. Instead, developers need to realize that security is a process, not a product.”
Huff goes on to highlight what he sees as the critical process of Oracle security: applying patches. He doesn’t seem to understand why fewer than 20% of Oracle customers apply their rolling security patches.
In his blog “Enterprise Architecture: from Incite comes Insight,” James McGovern says he has the answer: Applying patches is costly. And, he says, it’s not all the fault of the user: “Can we acknowledge that the patch existed because the base software wasn’t written with security in mind in the first place?”
In McGovern’s later blog post, “If software vendors really cared about security,” he outlines some questions for enterprise companies to ask vendors before purchasing software. For example: what features does the product have that helps ensure it’s designed securely?
So, yes, the best and most practical answer is probably “d.” But do you see any of these factors as having more of an impact? Do you think either Huff or McGovern has a better understanding of the issue?
Salesforce.com chairman and CEO Marc Benioff spent 13 years at Oracle Corp., before leaving the corporation and founding the CRM powerhouse Salesforce.com in 1999. Since then, Salesforce.com has enjoyed much success, including a reported 85% annualized sales growth over the last five years.
So why would Benioff want to return to the company that helped launch his career?
According to Tom Foremski (the same blogger who started the Salesforce.com acquisition rumor), it makes perfect sense for Benioff to do so, and succeed the “very close to retirement” Oracle CEO Larry Ellison when the time comes.
Foremski says that Salesforce.com could grow faster by acquiring Oracle, and that Benioff has the same hard-hitting attitude as Ellison. And, since Ellison is 63, shouldn’t he announce a successor soon?
But there’s one thing we have to remember — this is Larry Ellison we’re talking about.
Take a look at an August 2006 article from Forbes, “The extraordinary life of Oracle CEO Larry Ellison.” Even Ellison’s top two aides admit they could never succeed him, if anyone will ever succeed him at all. ( Safra Catz says: “I don’t want the job,” ; Charles Phillips says: “Larry will be here forever. We don’t discuss succession. That’s not my job.”).
Board Chairman Jeffrey Henley, whose job it actually is, agrees: “There is no successor to Larry, no heir apparent…We discuss the subject, but there is no perfect plan. Larry still wants total control.”
Continue reading, and you’ll see that one person does have a prediction — Benioff, who might even be hinting that he could one day be in the running for Larry’s unobtainable position.
‘”Larry’s personality mandates that he’s in charge, so he can’t have a successor,” says Benioff, who founded Salesforce.com with a $2 million investment from Ellison that today is a 4% personal stake worth $100 million. “But one day he’ll have a revelation, look outside for talent — and it will likely be a former Oracle executive.”‘
How long can Ellison and his staff actually avoid the subject of succession? It should be interesting to see.
InfoWorld blogger Sean McCown recently had his say in the Oracle vs. Microsoft SQL Server debate — and some Oracle users aren’t too happy about it.
In “The real difference between SQL Server and Oracle,” McCown writes that what most sets Microsoft apart from Oracle is the community that Microsoft has built, and the ease at which the members of this community can get the information they need.
“If you take any 10 DBAs from each side and ask them to look up a solution to a probem on their platform, the SQL guys will find the answer much faster than the Oracle guys will. And that’s just a fact. If you’re looking on specifics on how Oracle works internally, it’s almost impossible to ferret out the info, but with SQL, there are so many open resources it’s just a matter of a few minutes to [find] an answer.”
Oracle, on the other hand, is doing business the old way, and “is still living in the old days where everything is a good ole boys club,” he says. This makes it difficult for Oracle users to get sufficient direction and training.
McCowan received mixed feedback, but many Oracle users disagreed with him and defended the Oracle community. Here’s some of McCowan’s response:
“I never said there were NO forums or documentation. I said that it’s really difficult to find anything when you need it…. So the question stands: How does the Oracle community go about advertising its resources?”
From your own experiences, what do you think? How could Oracle make its resources more accessible for its customers? Or, do you think Oracle actually wins out over Microsoft? (In McCown’s words, “you’re just crazy”?)
It’s no secret that Larry Ellison thinks acquisitions are a great way of growing his company. But does this make Oracle any less innovative or authentic?
According to Ellison in this New York Times article last week, many people in Silicon Valley think just that. Ellison hopes Oracle’s series of billion-dollar acquisitions — starting with his $10.3 billion bid for PeopleSoft in 2004 — have begun to change how the industry views consolidations.
“It’s bizarre that there’s a stigma to buying something rather than building it yourself,” he tells the NYT‘s Andrew Ross Sorkin.
Sorkin says that Ellison has not only made “hostile deals” acceptable, but has proven they can work. Ellison agrees: “They are copying us. Others would be foolish not to try.”
If this is true, then Ellison’s latest “copycat” is Microsoft, whose $44.6 billion bid for Yahoo was rejected last month. But what’s surprising, in this case, is that Ellison suggests he’s actually rooting for longtime rival Microsoft. Tech blogger Kara Swisher also questions what’s making Ellison root for his nemesis.
Do you think Oracle’s (or any other company’s) acquisition history downplays its innovation? Would users be better off if Oracle built everything itself? Some of it?
Duncan Jones at Forrester recently published some interesting research on best practices for negotiating with Oracle.
It’s primarily based on the experiences of a group of Forrester clients that have had some success in their negotiations. A key factor, as Jones points out, is that Oracle’s size — and its centralized oversight of even the smallest of concessions — requires that organizations be patient during negotiations.
It also bolsters what I’ve heard around the industry (from SAP in particular, no real shock) that Oracle sales reps are … tough negotiators.
Oracle deployments, be they database, middleware or applications, are a big, costly undertaking and it’s important negotiations are done right. That doesn’t necessarily just mean inexpensively for you — it could mean agreeing on just the right language about support or winning a concession around a specific technology. Consider for example Oracle’s approach to virtualization and VMWare, another hot topic lately that our friends over at SearchServerVirtualization have been all over.
I’m curious (as I’m sure others are) about what kind of experiences the SearchOracle.com community has had with Oracle negotiations. Is the mega vendor’s tough reputation deserved? Did you win some concessions and if so, how? What were you looking for and what was Oracle particularly staunch in defending?
— Barney Beal
The results are in from Evans Data Corp.’s first survey on database user preferences — and Oracle has made a clean sweep.
Oracle (version 10g or later) ranked number one in all 13 categories of the survey, which polled over 1,400 database users in December 2007. According to Evans Data., a market research firm, most of those polled were users of several database systems. They were asked about their satisfaction with the following:
- Security features
- Isolation of transactions
- Durability of transactions
- Quality of data modeling tools
- Support for XML
- Multi platform support
- Quality of management tools included in the database
- Quality of available 3rd party management tools
- Programming language support
The closest Oracle came to any of its competitors (which included My SQL, Microsoft SQL Server, and IBM DB2, among others) was a tie with IBM in one category.
In this InformationWeek article, Evans Data CEO John Andrews is quoted as saying: “The most glaring item that we took away from this research is that in 23 years we’ve never had one vendor come out number one in all categories.”
So, what do you think? Are you running multiple databases and surprised by these results? Which category’s win surprises you the most? Let us know your thoughts.
Collaborate ’08 is fast approaching, and Oracle Enterprise Content Management (ECM) users can look forward to several ECM sessions, including Collaborate’s ‘Conference Within a Conference’ that will focus specifically on Oracle’s content management past, present and future.
All and all, there will be over 30 sessions on a variety of ECM topics, including: “Exciting New Features of Universal Content Management,” “50 Ways to Integrate with Universal Content Management,” and “Oracle Content Management Roadmap.”
This announcement also comes as Oracle’s Universal Content Management system was given the 2008 Technology of the Year Award by Infoworld. It looks like Oracle’s ECM acquisitions — such as Stellent and last month’s announced acquisition of Captovation — are proving to be very worthwhile.
There’s always room for improvement, though, especially if you ask SAP, which has been circulating a new press release saying that SAP is taking Hyperion ECM customers away from Oracle. It even names some of those customers. Longtime industry analyst and blogger Josh Greenbaum had some very interesting things to say about SAP’s claims, by the way.
What features would you like to see added (or dropped) in Oracle’s content management products? And if you had to choose between Oracle and SAP ECM, who would you pick and why? Let us know.
After nearly eight trips around the Sun, covering just about every technological topic from ABAP to zSeries, it’s my last week at TechTarget and SearchOracle.com. And as my time here comes to an end, I find myself thinking of the tremendous amount of help that IT professionals like you have given me over the years.
I started at TechTarget during the height of the dot com bubble — a time when a rash of ill-conceived and ultimately doomed Internet companies let stock options fly like wedding rice while encouraging employees to wear roller skates to work. Back then, I didn’t even really know what an operating system was, and I thought the Love Bug worm was something you cured with penicillin.
Then the bubble burst and, at first, I feared my newfound career in technology journalism would meet an untimely end. But TechTarget survived the fallout and actually continued to grow at a rapid pace. It soon became clear that my new career would continue — if I could manage to learn more about the world of IT. And that’s where you came in.
From the Oracle DBAs in the trenches who taught me the meaning of ‘SQL Query,’ to the CIOs in the corner offices who schooled me on the necessity of ROI, you were always there, always patient and always willing to help, even if it meant answering embarrassingly basic questions like: Could you explain that to me again like I’m a three-year-old?
For all your help, I just wanted to say thanks. I leave this job knowing that the Oracle user community and larger IT marketplace is filled with unbelievably intelligent people — people who taught me a great deal.
Remember, SearchOracle.com will remain the number one stop on the Internet for Oracle professionals long after I’m gone. For now, however, please send those Oracle-related tips, comments, story ideas and feedback to news director Barney Beal.
As for me, I’ll be trading in my pen for a meat slicer and an apron. Hopefully my new customers will be as supportive as you’ve been. But somehow I doubt that’s possible.
Take care of yourselves.
Oracle just announced that its Database Vault product is now certified to work with Oracle E-Business Suite applications, including Oracle Human Capital Management, Oracle Financial Management, Oracle Supply Chain Management and Oracle Customer Relationship Management.
E-Business Suite users can now count on Database Vault to help them better address security and regulatory challenges, according to Oracle.
Unveiled in 2006, Database Vault defends against unauthorized access to application data and harmful database changes by any users, including those with permission to access the data. According to Oracle, it can be used to enforce separation of duties within the database and to consolidate application databases.
I’d be interested to hear from Database Vault users out there. How do you like this product? What, if anything, would you change about it? Also, Database Vault is often marketed in conjunction with Oracle Secure Backup, so what do you think about that product?
U.S. district court judge Martin J. Jenkins has ordered that Oracle’s lawsuit against SAP and its TomorrowNow arm be sent to mediation, according to a court document posted on http://www.tnlawsuit.com/.
Oracle filed suit against SAP-TomorrowNow last year, alleging that TomorrowNow workers unlawfully downloaded data from one of Oracle’s support Web sites. Oracle’s original complaint alleged “corporate theft on a grand scale.”
Judge Jenkins ordered the case sent to mediation following a case management conference on Tuesday, according to reports.