Good morning and welcome to today’s keynote session entitled “Here. Now. Your Choice.”It is great to be here with you today. My name is <NAME> and I am <TITLE>.Cloud computing is an important trend in the industry today, and Oracle is truly unique in its ability to provide a broad portfolio of cloud computing products and services to meet the different needs of customers.Today, I will explain what cloud computing is, what Oracle sees customers doing in the cloud, and what cloud options there are for our customers.But first...let’s think through some trends in the IT sphere today.
Slide Transition: Innovation will play a central role in driving economic growth in today’s increasingly competitive global marketplace. Research shows that the global economy is defined by “two speeds”: markets with slow GDP growth but high per capita income, and markets with fast GDP growth but low household income. These two different economies need two different strategies. *In the low-growth, mature economies, companies can’t expect market or population growth to drive revenue. Instead, they will need to compete for market share by providing better products and services, and better products and services come from innovation. Notes:*”Rethinking Operations for a Two-Speed World,” Boston Consulting Group
Slide Transition: Innovation is also important in high-growth, emerging markets, which experts predict will generate two-thirds of world economic growth in the next five years. *Innovation helps businesses produce more with less, enabling them to price their products and services competitively in these markets with lower per capita GDP. Innovation also applies to the way businesses use information. Emerging markets mean new consumer segments, with unique preferences that need to be understood. Companies that develop the capacity to capture and analyze consumer data will be able to better meet the needs of diverse marketplaces. Note:* “The Emerging Market Surge,” Economist Intelligence Unit, 2011
...the IT infrastructure can be quite complex for most companies.
Slide Transition: The biggest obstacle to I.T. performance is complexity. Think of it this way: if you bought a car the way a business buys IT…You’d buy the engine, doors, seats, windows, steering wheel and tires all from separate vendors.Then pay a mechanic thousands of shillings, francs, dollars, etc to assemble the car.You’d lose the value the car manufacturer puts into engineered safety systems, integrated control systems. You’d lose years of testing, validating, engineering... innovation.
Slide Transition: Because of complexity in IT infrastructure, organizations depend upon custom assembly.For decades now, companies have been buying various components -- such as servers, storage and all sorts of software -- from different vendors, assembling the pieces into custom systems, and hiring specialized IT staff to maintain them.
Slide Transition: A highly fragmented IT industry has given rise to highly complex, fragmented IT environments that companies must keep running smoothly.A heterogeneous environment like this makes it difficult to automate business processes and share data or computing resources across applications silos. Human intervention often leads to data errors that are propagated throughout the systems.
Slide Transition: And because business processes built across application silos are so fragile, small changes in systems or processes can break everything.That means IT departments must move slowly and carefully through any changes, making it harder and harder to respond to business changes.We see companies spending two years to build these systems—which then need to be retuned or redesigned with every new business requirement.
Slide Transition: Oracle’s strategy has always been to SIMPLIFY I.T. so customers can use technology for business innovation, not just for business as usual. Let’s discuss how we’re doing this.
Slide Transition: First, Oracle is simplifying I.T. by engineering hardware and software to work together, upending the longstanding industry practice of cobbling together different components.
Slide Transition: When we say that Oracle hardware and software is engineered to work together, this refers to our unique ability to offer customers a complete hardware and software stack, from applications through middleware and databases, and all the way down into servers and storage. Each of these layers—and all the products within the layers—have been designed and engineered to work together according to open standards. Oracle tests everything within a stack layer together– for example, between different applications, between different middleware suites, between various database products, and so on. Oracle also tests everything across stack layers, from applications all the way down to the servers and storage. So, applications are tested with middleware, middleware is tested with the database, the database is tested with the hardware … every layer is tested with every other layer.Oracle certifies the complete stack so that customers know which particular versions of software are designed to work together. For example, every major application that Oracle delivers, including Oracle E-Business Suite, PeopleSoft Enterprise, JD Edwards and Siebel CRM is certified with Oracle Fusion Middleware 11g . Database 11g Release 2 has been tested and certified with all of Oracle’s major applications, including Oracle Fusion Applications. Oracle packages our different technologies into standardized solutions, which customers can then deploy together.These complete solutions are designed to be upgraded effectively and efficiently together. And, the entire stack can be managed together, supported together and so on.
Slide Transition: Because we’re able to design our technology specifically for the stack and to fine tune the entire stack, we’re able to optimize performance overall and at every layer.This complete approach also allows us to design much greater reliability and security into the stack than the customer could achieve if they had to build it themselves.And because we have management tools that run through every layer, it’s also much easier to manage the stack and upgrade it over time. The net result for our customers is a dramatically lower cost of ownership.
Slide Transition: The third way Oracle simplifies I.T. is by engineering solutions that empower people to drive innovation and change.Then What?
Cloud is one way of getting simplicity in IT for an Innovative edge in business.
So what are customers actually doing?Oracle works hard to understand customers and what they need. I wanted to share with you what we see our customers doing.
Slide Transition: In big data and analytics, and in all the areas I’ve covered here, we believe we’re focused on your priorities.In a recent survey, we asked Oracle customers what new investments they plan to make in the next 12 months, and the results match the priorities we’ve been hearing from you. 59% of Oracle customers are actively evaluating solutions to improve the customer experience;
52% in solutions to leverage the cloud;
And 44% in solutions to harness big data/analytics.
Among our customers, private cloud adoption is increasing significantly. No surprise.In a survey we ran in August 2011, we found that 37% of customers already have a private cloud. One year prior in August 2010, 29% said they had a private cloud. This is a 28% increase in just one year.OPTIONAL:This is based a survey of approximately 300 customers conducted by the IOUG, the Independent Oracle Users’ Group. Because these are IOUG members, they are primarily Oracle customers. There is a large percentage of large companies (approximately 1/3 are from organizations larger than 10,000 people, while 17% are from organization less than 100 people). The majority of respondents are from IT, with a small number of business folks. The level of the respondent varies from IT admin to CIO/CTO.
Public cloud adoption is also increasing significantly among our customers.In the same survey, we also asked how many use public clouds. In August 2011, 21% said yes, compared to only 14% a year ago. This is a 50% increase in a year.It’s clear that both private and public cloud adoption are increasing rapidly. Private cloud adoption is significantly higher than public cloud adoption, but the rate of increase is higher for public clouds. Our survey results are consistent with findings from various analyst firms.OPTIONAL:This rapid adoption of private and public clouds is broad based across organizations of different sizes, industries and regions of the world.And the types of cloud adoption are also quite varied. Both private and public. At the Software-as-a-Service application level, at the Platform-as-a-Service level, and at the hardware Infrastructure as a Service level.
We see many cloud use cases, some of which match intuition, and some of which are a bit surprising.For example, we see that clouds are most often adopted for new applications, rather than extensions to existing.<CLICK> We see that customers are using clouds for both software Dev/Test as well as production workloads. Organizations that do a lot of their own Dev/Test are getting a lot of value from clouds, which improve utilization and efficiency of hardware, and also accelerate cycle time, but it is important to see that organizations are also using clouds for production.<CLICK> The next one may be a bit of a surprise: enterprise-class applications more often than departmental. So it’s not the case that rogue departments are using public clouds to bypass IT.<CLICK> Next, we found that cloud applications are most often used by employees, rather than external users like customers, suppliers or partners.<CLICK> Clouds are being used for both dynamic, fluctuating workloads as well as stable workloads. So it would seem that “elastic scalability” or “elastic capacity” is not always needed. We also see that “cloudbursting” (the notion of using public cloud capacity for peaks and returning the computing capacity to the pool when the peak is over) is rare, only about 5% of respondents.<CLICK> Finally, the survey said that clouds are being used more for long-lived apps (more than 1 year life expectancy), compared to temporary apps (less than a year).So we see many different use cases for cloud.
What choices do you have?
Clouds are provided at different levels: IaaS – computing servers, storage, networking and the associated virtualization and OS PaaS – application development and deployment environment SaaS – end-user applications<CLICK>The more the cloud service provides, the less the consumer must provide. For IaaS, the consumer needs to provide the application platform, the application and any customizations. For PaaS, the consumer can take advantage of the platform, and provide only the application and customizations. For SaaS, the consumer can simply customize the application that the cloud is providing. IaaS is the most flexible because users can put almost any software onto it (as long as it’s compatible with the underlying hardware), but it also requires the most work, since the user has to provide all the software and manage and maintain it. The cloud provider manages only the hardware and data center. PaaS is less flexible than IaaS, because the platform software is fixed, so things like programming language are platform-specific, but PaaS are generally designed to be flexible enough to support many different application types. Application developers benefit from having the platform services, such as database services or Java appserver services) available to them, so they need not re-invent those wheels. The service provider is managing those platform services, doing things like data backup, software patching and updating, etc., so the user does not have to. SaaS is the least flexible because it is a ready-to-run application requiring only customer-specific customizations to use. The cloud service provider is managing the entire app.<CLICK>Note that in each of these cases, the primary target user is different. Typically “IT Professionals” including operations folks and developers use IaaS. “Developers” use PaaS. “Business end users” use SaaS. In all these cases, the service provider (whether it’s internal IT department or an external service provider) takes care of managing the cloud, and the users do not need to worry about all the details of all the cloud’s components, how they are integrated, configured and managed. However, I will point out that the service provider needs to worry about these things. Today’s Oracle event will address topics of interest to BOTH service providers and consumers of different types.
There are different ways to consume software and technology with cloud computing. At one end, the customer can “do it all” – they can own, host and manage their own private cloud. At the other end, a service provider “does it all”, and the customer subscribes to the service. In the middle, there are a range of options, including cases where the customer owns the software, and the service provider provides “managed cloud services” which may include software management and administration. Either the customer or the service provider, or a 3rd party partner can do the hosting.
Today, customers have a choice of cloud models. They can choose among private clouds, public clouds and hybrid clouds.A private cloud is for the exclusive use of a single organization and is typically controlled and managed by in-house ITA public cloud is shared by multiple tenants on a shared basis, and it hosted and managed by someone else (a service provider). It’s a form of outsourcing.There are some basic trade-offs when deciding between private and public clouds.Public clouds are purchased out of operating expense, avoiding capital expenditures. Public clouds are faster and cheaper to get started, providing a “low barrier to entry.” However, private clouds can offer lower costs over the long term. For IT projects, the breakeven period tends to range from 2 to 4 years, averaging about 3. This is the similar to the decision some people make between owning vs. renting.Another trade-off is between public cloud outsourcing everything to a service provider, which is great if you don’t have the datacenter, hardware or the right skillsets, versus how in a private cloud, you are able to maintain control and visibility over customizations,security, regulatory compliance and quality of service.Both public and private clouds involved sharing or pooled resources, but in a private cloud, the sharing is different apps using shared platform or infrastructure all within a single organization. In a public cloud, the sharing may be the same or different apps among different tenants.<CLICK>Hybrid cloud is a fuzzy term with different meanings:Cloudbursting – steady state in private cloud, but when a spike or peak happens, use a public cloud, then return capacity to the pool when it’s no longer neededHybrid across app lifecycle – dev/test in one cloud, production in anotherHybrid can also mean different functions are performed in different clouds, such as for a business process that spans clouds, requiring B2B integration between them
So given these observations of what our customers are doing, what is Oracle’s cloud strategy to address these needs?
Because we see customers adopting cloud in so many different ways, our goal is to offer customers CHOICE and a broad set of products and services.Our strategy is:First, to provide products to help customers build, deploy and manage private clouds, as well as different options for public cloud services.Second, to deliver a wide range of offerings spanning SaaS applications, PaaS including middleware and database, and IaaS including servers, storage, networking and associated OS and virtualization software.Third, to enable solutions that enable customers to adopt cloud at a pace that fits their business. We find that customers vary a lot in terms of how rapidly they wish to move to clouds and to what extent they wish to move to clouds. We enable customers to evolve and transform to cloud at whatever pace makes sense for their business.So what exactly are Oracle’s offerings for cloud computing?....
Oracle’s cloud offerings are the most complete in the industry, offering customers the choice of whatever they need in cloud computing. Our offerings are much more comprehensive than any other vendor.We offer solutions for Private and Public clouds, and for managing, securing and integrating across Hybrid clouds.For organizations building private clouds, we offer:Applications that run on a standards-based, shared and elastically scalable platformPrivate PaaS including database-as-a-service and middleware-as-a-service offeringsPrivate IaaS including compute servers, storage, networking hardware, virtualization and OS softwareEverything on the left of this diagram is a product offering from Oracle to help companies build private clouds.What about organizations preferring the use of public cloud services? We offer:SaaS application servicesPlatform servicesThese are available as subscription-based as well as managed cloud services. (more on this later)Integration across clouds is critically important as well, and there we offer comprehensive solutions for management, security and integration across public and private clouds
Slide Transition: Until now, you’ve had to rely on first generation technologies to keep up with user demands.For example, if you’re running a first generation cloud, you know they have hidden costs. 40% of organizations say integrating cloud silos is a challenge. Because most first generation clouds are limited in scope -- usually confined to discrete business processes – they end up in silos, disconnected from enterprise processes and data. (Source: Information Week report “Return of the Silos”)In a recent OAUG user group survey, 62% of organizations reported concern over losing visibility and control over their data and overall cloud strategy due to proprietary technologies. (Source: OAUG user group’s “2012 Cloud at the Crossroads”). Finally, 82% of organizations say security and data privacy concerns are one of the main reasons they are phasing out, or have decided to not use, public cloud. (“Private Cloud Vision vs. Reality”, InformationWeek Report, 2012)NOTE: Please allow time for animations to build.
Slide Transition: Only Oracle offers a complete suite of integrated services that include applications as a service, platform as a service, and infrastructure as a service – eliminating the data and business process fragmentation that come with cloud silos.Oracle Cloud Application Services include enterprise resource planning (ERP) services, human capital management (HCM) services, talent management services, sales and marketing services, customer experience services, planning and budgeting services, and financial reporting services. In addition, the application services are now integrated with Oracle Cloud Social Services, allowing organizations to transform their corporate business processes and systems using social capabilities.Oracle Cloud Social Services portfolio includes Oracle Social Marketing Services, Oracle Social Engagement and Monitoring Services, Oracle Social Network, Oracle Social Sites, and Oracle Data & Insight Services.Oracle Cloud Platform Services portfolio includes Database Service, Java Service, and Developer Server and will include Mobile Services, Collaboration Services, Analytics Services and Application Store. Oracle Cloud Infrastructure Services portfolio includes Oracle Storage Service and Oracle Messaging Service.
Slide Transition: Oracle Cloud also offers a better approach to data privacy. Unlike first generation clouds that co-mingle your data with other data in the same database, Oracle ensures data privacy through complete data isolation. We do this with dedicated virtual machines at the infrastructure layer, and now with Oracle Database 12c, we can do this with virtual private databases for cloud applications.
One of the key barriers to adopting cloud is Security concerns, so let us look at this a bit more…
Security risk is a strategic concern for business leaders… the impact of regulatory compliance and the cost of breaches is too large to ignore. We can’t simply purchase an insurance policy against it. The stakes are too high. The criminals are after customer data At Linked in hackers stole over 6 million user accounts and passwords. This is not an isolated case. Hackers attacking corporations are not only going after their intellectual property, they are also going after their customer data. In the case of linkedin the biggest exposure is to Linkein’s online users. Because users often use the same passwords in multiple places they are now vulnerable. (http://www.nytimes.com/2012/06/11/technology/linkedin-breach-exposes-light-security-even-at-data-companies.html?pagewanted=allITS EMBARRASING IT DAMAGES THE BRAND The scale of the threat is massiveThe Sony breach highlights the volume of the threat. Instead of small breaches our breaches are no larger. The intruders are now bolder. At Sony taking 12M credit cards. These crimes cascade into more crime as fradulent charges will be made against these credit cards costing the banking industry billions to resolve.The Costs are going up Bottom line it costs a lot and the average cost is going up.. The problem is we can’t just insure against the risk anymore the stakes are too high The estimate is that cybercrime costs about 1 Trillion globally The average breach costs 7.2 Million ITS NOT A MATTER OF IF IT’S A MATTER OF WHEN
The reactive approach has failed – we have spent a huge sum of money and we don’t feel safer. [First Build]This compares 2007 IT security spend to 2010 – we have practically doubled our spending. Yet the attacks keep increasing and criminals are stealing more of our data. Most of what we have purchased has been focused on protecting the perimeter and away from the applications and data. They have been focused on reacting… [Second Build ]But when you look at where the risks are … 94% of the breaches are against server in your datacenter… not lost laptops or hacked cellphones. 66% of your sensitive data is actually in the database96% of the breaches ,where the company was subject to PCI DSS , were not compliant Privileged accounts – root and service accounts – were being abused in 5% of the cases… simple mistakes like no resetting root passwords32% of hacking involved lost or stolen credentials – criminals can buy these on the black market Yet a large fraction are due to patching errors or not applying patches and misconfigurationWE ARE NOT SAYING TO IGNORE PERIMITER SECURITY BUT RATHER SHFIT SOME ATTENTION BACK TO THE STRATEGIC ASSETS.Even if you could find a way to secure the perimeter and all those end-points, it would be expensive to do it. And costs would keep rising as you add more devices and more applications. Security already accounts for 14% of annual IT budgets (Forrester)The real risks are against the apps and data. The risks are against the core systems. While the number of external attacks are rising, the systems most vulnerable are the applications, the data and the infrastructure. Attacks like simple SQL injection to retrieve data from databases or extracting data sent in clear text across corporate networks. IDC, "Effective Data Leak Prevention Programs: Start by Protecting Data at the Source — Your Databases", August 2011 http://www.oracle.com/us/products/database/039434.pdf. The fact that that data is doubling every two years is from Gartner.
When We examine some of our biggest cases we find the causes are inside When we examine Linkedin they found that the passwords for users was only lightly encrypted When we examine SocieteGenerale it was not a hacker but a trusted employee with excessive access … it was literally an inside Job.At Sony …the customer credit card data was not even encrypted… the hackers didn’t have to try very hard it was just lying around.At RSA – the attack was a phishing attack enabled by an un suspecting end user… while the breach was happening at RSA they could see it happen they did not have the forensics and internal controls in place to stop it.THESE THREATS ALL STARTED OUTSIDE BUT EXPLOITED INTERNAL RISKS
So Oracle’s approach is to start inside… and Engineer for security at every layer of the stackWhile we can’t control how many hackers try to attack our business we can control the configuration of our system internally and the security of our infrastructure from the applications to storage. First – we think about security inside each layer At the apps level this means access to data and business transactions – proactively looking for fraudAt the middleware level it means integrating identity and access management horizontally across all components in middleware At the VM level we incorporate security into Java so that in in memory databases and apps can be built on a foundation of security At the OS layer it means VM isolation directly on Solaris and Trusted extensions for Solaris – trusted by the us military At the Infrastructure later it means security without performance overhead so we include hardware acceleration for encryption At the file system encryption on disk and ZFSAnd in the ILM process we include symmetric encryption across multiple ILM tiers. Second we secure between each later – because data flows up and down the stack… access control and data security is pervasive We provide monitoring and patch management with Oracle Enterprise manager that allows the entire stack to be monitored patched for total controls. Hardware and software optimized together.Third we secure between systems The way data is passed to other systems portals etc. So that data is portable for example data masking that allows data to leave the data center masking private data and preserving relational integrity In collaboration with Federated authentication and adaptive access to detect fraud and prevent intrusion With SOA security at the middleware level to stop payloads from being breachedAt the portal laver with document level security that addresses compliance and data privacy rules
Slide Transition: Oracle provides multiple layers of security to ensure that only authorized users have appropriate access to your systems.Security at the application layer includes comprehensive compliance management and centralized policy administration to support multiple compliance requirements. Middleware security provides role-based access controls and identity management, including rights management and identity governance. At the database layer, data is secured while in motion via SSL 256 bit encryption, and at rest using Oracle’s Transparent Data Encryption. You can transparently encrypt all application data or specific sensitive columns, such as credit cards, social security numbers, or personally identifiable information (PII), without making any changes to existing applications. Data Vault prevents privileged users from accessing application data. Other security measures include tracking configuration and information changes and auditing all database activity.Finally, security at the infrastructure layer includes hardware level encryption in order to protect data at rest from unauthorized disclosure, alteration and deletion – without impacting performance. Tamper resistant key storage protects cryptographic keys from theft. This is undoubtedly the most secure software and hardware stack available on the market from a single vendor today. Lastly we provide services to deploy and manage the stack securely.Infrastructre Security Tusted OS ExtensionsVirtualization SecurityCryptographic Acceleration Key Storage Built-InSecure StorageIdentity Management Privilege Account ManagementUser and Role ManagementEntitlements Management Risk-Based Access Control Directory ServicesRisk & compliance Auditing &AttestationSegregation of DutiesProcess ControlsTransaction ControlsDatabase Security Encryption and MaskingPrivileged User ControlsDatabase Firewall
So given these observations of what our customers are doing, what is Oracle’s cloud strategy to address these needs?
We provide products to help customers build, deploy and manage private clouds, as well as different options for public and hybrid clouds.Second, we deliver a wide range of cloud offerings spanning SaaS applications, PaaS including middleware and database, and IaaS hardware and associated software.Third, we enable customers to adopt cloud at a pace that fits their business. We find that customers vary a lot in terms of what use cases they have for cloud, how rapidly they wish to move to clouds and to what extent they wish to advanced cloud concepts like self-service and hybrid clouds. We enable customers to evolve and transform to cloud at whatever pace makes sense for their business.
To assist customers in their transformation and journey to cloud computing, Oracle Consulting provides a number of strategic advisory service, process and change management, and technology implementation services.Oracle Consulting can help you plan your path to cloud.----To take you to Cloud we believe you are going to move through 5 key phases: You are going to start with a architecture and roadmap for the deployment of whatever services/solutions you require. This roadmap will take you on a journey through the Standardization, Consolidation, Automation and Optimization of your IT environment. This approach, the Consulting Cloud Services Framework, is applicable to the deployment of the entire Oracle software and hardware portfolio.Our five fundamental phases or pillars, which you see here: Roadmap, Standardise, Consolidate, Automate, Optimise are very well recognised terminologies on the market. I am sure you have come across a number of projects for customers who are wanting to consolidate their data centre or automate, or optimise their IT environment, standardise their fragmented or heterogeneous systems environment, and trying to build a roadmap for the journey. What is key here is the entry point may be different for each customer, so this is certainly not from left to right in every case. In many cases, customers start by automating and optimising, and then want to standardise and consolidate.The more standard route may be to standardise and consolidate first before seeking optimisation and automation, but in any case because there are multiple entry points, because it’s an iterative process, because it’s multi-dimensional process it’s important that we help at some stage when we are having a discussion with our customers on cloud that we position this in the context of a roadmap. We can start working with you tomorrow on any of the phases!1) StandardiseIdentify all the current implementations of that solution and then Architect a single solution based on a single version of the product(s)Then upgrade all current implementations to the common version.Then next step is consolidation, but may need to repeat the standardise step for other solutions/platforms/technologies2) Consolidate – Analyse and review all instances running on the same platform version – plan and then carry out the migrationThis may benefit from Migration planning services and deployment of integration products – GoldenGate, ETL tools etc.This step can include deployment and migration to Exalogic and Exadata or the use of OVM and associated services3) AutomateHaving consolidated the application instances we then move to implementing deployment automation that enables the flexibility that cloud computing offersIdentify the deployable units and meta-data, develop the required scripts, and then implement the supporting provisioning tools and workflowThis automation naturally leads to a need for monitoring/metering and opportunities for further optimisationThis phase can include the development of custom automated deployments for OVM images and MW platforms, and perhaps the use of SOA and BPM tooling for workflow 4) OptimizeDeploy tools and dashboards and present usage, Capture the metrics and relate to usage, Adapt pricing to demand and evolve new business modelsThis phase may include the deployment of CRM and billing apps to manage charging for usage
Oracle offers complete choiceFor Private Clouds:Start with consolidationAt IaaS layer without standardizationAt PaaS layer with standardizationEngineered Systems are an ideal foundation for consolidation and cloudExtend to private cloudUse EM12c to add self-service, auto-scaling and metering/chargebackUse public cloud where appropriateOracle Managed Cloud ServicesOracle Public Cloud
Well, head in the sand is an option, but not a very effective business strategy
OF WORLD GROWTH
WILL COME FROM
use IT to empower
their people to drive
innovation and change
However, 70-90% of
companies do not use
IT to its potential
71% of companies
say that innovation
is the #1 factor in