Oracle has announced that the Oracle Cloud Infrastructure (OCI) is the company’s latest product to achieve FedRAMP authorised status. It brings the number of Oracle products with FedRAMP authorisation to 35. This makes Oracle one of the top FedRAMP providers but still leaves it a long way behind players such as AWS, Akamai, Microsoft and Qualys.
According to Edward Screven, chief corporate architect, Oracle: “Cyberattacks in both the private and public sector are not only increasing in volume, but in sophistication. Business and government must evolve their approach to security and seize the opportunities presented by second-generation cloud architectures and advances in artificial intelligence.
“Oracle Cloud Infrastructure was engineered to do exactly that, and our FedRAMP authorization brings our best-in-class cloud infrastructure to the service of the government to help improve our nation’s response to cyber threats.”
Oracle stepping up moves to capture more US government business
The US government is stepping up its use of cloud computing. Oracle is determined to win its share of that lucrative business. The recent ransomware attacks against local, state and federal offices have created new opportunities for cloud providers.
In the press release, Oracle states: “These government regions will launch with Oracle services including Compute, Storage (including archive, block, and object storage), Database, FastConnect, Identity and Access Management, Key Management Service, and Exadata Cloud Service.”
What is surprising, however, is that Oracle has only achieved Moderate rather than High impact level. The FedRAMP website defines High Impact as: “High Impact data is usually in Law Enforcement and Emergency Services systems, Financial systems, Health systems, and any other system where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.”
Oracle’s offering includes its Autonomous Database, a product that Oracle CEO Larry Ellison claims is so secure it cannot suffer from a data breach. The company also has HIPAA as well as SOC1 & SOC2 certification. These should have been enough for it to push for High Impact.
The question is who is Oracle aiming for in terms of business? If it is looking to mop up a lot of US state business, moderate should be good enough. The company has certainly won a lot of business in that arena. However, if it wants back in to high profile US DoD contracts post JEDI, then High Impact has to be its target.
Enterprise Times: What does this mean?
Authorisation under FedRAMP is not a guarantee of business. There are a lot of companies who have authorised products but many of these make little to no money each year. For Oracle, however, it will expect OCI to be a big earner as it pushes to make the Oracle Cloud a major competitor to Azure, AWS, Google, IBM and others.
There is another reason that Oracle may look for a re-evaluation of its OCI product. At Oracle OpenWorld 2019, it announced the Oracle Autonomous Cloud. Like its Autonomous Database product, Oracle believes it is the most secure product on the market. As such, winning a coveted High Impact authorisation would help push its claim.
New authorisations can take 6-9 months to be approved. On that basis, we won’t know exactly where Oracle stands until into 2020. Until then, it will be interesting to see just how much cloud business Oracle can win through FedRAMP.