Montclair State University’s recent lawsuit against Oracle highlights one of the major fears for potential Oracle cloud computing users -- that of data security and liability.
Montclair State is suing Oracle for mismanagement of a failed multimillion-dollar PeopleSoft ERP implementation. One of the New Jersey college’s claims is that Oracle hedged on providing a hosted data center environment in which Montclair could convert its financial data to ready it for PeopleSoft applications. According to Montclair, Oracle wanted the university to sign an amendment that would excuse Oracle from legal liability if Oracle wasn’t able to keep Montclair’s financial data confidential.
“Oracle’s proposed amendment was inconsistent with Oracle’s obligation to maintain the University’s data confidential under the terms of the parties’ existing agreement …” the lawsuit reads. As a result, the university bought more server hardware to do the data conversion in-house, a measure that cost it time and money.
Montclair’s claims and concerns are common. Among Oracle users, cloud computing has not yet taken a strong foothold. According to a SearchOracle.com survey last year of almost 450 Oracle professionals, two-thirds said they weren’t using the cloud and had no plans to deploy there. A separate survey by hosting provider Savvis last year found that 52% of respondents who didn’t use the cloud cited data security as the main reason.
A customer wanting its cloud computing vendor to provide security is also not unusual. According to the same Savvis survey, 73% wanted cloud providers to fully manage data security while also allowing configuration change requests from the client.
Frank Ridder, a research vice president at Gartner, said that data losses and liabilities are always discussed in an outsourcing relationship. Though Ridder did not want to speak specifically about the Oracle cloud computing issue in the lawsuit, he did say that if the vendor causes the data loss, it is usually liable. Sometimes liability is capped. But Oracle is not unusual in trying to absolve itself of blame for data loss.
“Cloud contracts are usually not mature, and vendors try to exclude any liability due to data loss,” he said. “Sometimes they even recommend the user of the cloud service do their own additional backup.”
Jay Heiser, another research vice president at Gartner, said many potential customers have cloud computing concerns because vendor agreements are not yet transparent enough to be properly evaluated. Combine that with questionable data security, and many customers are still hesitant to jump into cloud computing.
That could be changing. According to a report in October from Forrester principal analyst Jonathan Penn, in the next five years cloud security will “shift from being an inhibitor to an enabler of cloud services adoption.” Why? Simply because cloud computing vendors realize that security is a big hurdle to adoption right now. Penn pointed to the Cloud Security Alliance, a group that includes cloud vendors and customers, which is working to develop cloud security standards that all cloud vendors could adopt.
“As cloud providers continue to build security into their platforms, organizations adopting cloud will gravitate toward them for solutions,” Penn wrote.