News Stay informed about the latest enterprise technology news and product updates.

Oracle's call-to-arms against SAP carries warning for CIOs

The escalation in the battle between Oracle and SAP has implications for your company, too.

It's gonna get ugly.

It might beg the question of why they didn't put tighter controls on who does what.
Erik Phelps
attorneyMichael Best & Friedrich LLP
Oracle Corp. has publicly called out German rival SAP AG as a thief. In a lawsuit filed in U.S. Federal District Court in the Northern District of California March 22 and posted on its company Web site in English and German, Oracle accuses SAP and its TomorrowNow Inc. subsidiary of engaging in "systematic, illegal access" to Oracle's computerized customer support systems. The suit claims SAP used the passwords of former or soon-to-be former Oracle customers to download information outside the purview of what the customer had licensed.

Oracle's no-holds-barred legal action against SAP may turn out to be a case "about corporate theft on a grand scale," as the lawsuit states. The claims are very serious, said attorney Erik Phelps. The breadth and depth of Oracle's complaint indicates the seriousness with which it views the matter. SAP has vowed to "aggressively defend itself against the claims made by Oracle in the lawsuit," and it will be interesting to see its response, added Phelps, who is not affiliated with the case.

But for CIOs, the 43-page complaint by the leading developer of database and applications software against the largest German software company should read more like a cautionary tale, said Phelps, who specializes in technology issues at Michael Best & Friedrich LLP in Madison, Wis.

TomorrowNow, acquired by SAP in January 2005, provides third-party support for PeopleSoft Inc., J.D. Edwards & Co. and Siebel Systems Inc., all of which are owned by Oracle. For companies that are phasing out one system for another rival system, the message in the Oracle suit is "use care," Phelps said.

Gartner advisory on Oracle-SAP suit

For TomorrowNow customers, Gartner recommends the following:

• Review contracts with Oracle and TomorrowNow for conflicts regarding third-party support.

• Monitor the lawsuit's progress. A ruling in Oracle's favor could prohibit third-party use of its products when providing support on a client's behalf.

• Ask TomorrowNow for written confirmation that it has not used your company logon IDs to download software or support material that your company is not licensed to use.

Oracle customers and customers of other software application products who are using or considering using alternatives to vendor support should:

• Review application maintenance contracts to confirm third parties are allowed to act on your behalf in accessing intellectual property of the independent software vendor.

• If you plan to let your application maintenance agreement with the vendor lapse, review contract terms to verify what rights you have to the software source code and any limitations on third-party services.

• If a third-party provider is already in place, monitor usage of the customer service accounts for compliance with contract terms to ensure your employees are accessing only those files, patches and other intellectual property that you are entitled to and that were obtained prior to canceling your application vendor's maintenance agreement.

"Be mindful of how you are going about transitioning from one provider to a competitor, know what your obligations are with the technical materials of the company you're leaving and the one you're going to, because those are almost always governed by nondisclosure restrictions, things that you're not supposed to be sharing with third parties," Phelps said.

He points to paragraph six of the Oracle complaint, which alleges a user on an SAP TomorrowNow computer signed in as Oracle customer Honeywell International Inc. The lawsuit states the user signed in "to access Oracle's support system and copy literally thousands of Oracle's Software and Support Materials in virtually every product library in every line of business. This copying went well beyond the products that Honeywell had licensed and to which it had authorized access."

If the Honeywell user ID and password was the one alleged to have done all these things, Honeywell probably has an obligation to keep that from others and "could have been a collateral damage party in this lawsuit," Phelps said.

"Now, there are a lot of good reasons I am sure why Oracle didn't sue Honeywell," Phelps said. A large software vendor might have fewer reservations about suing a company it had no business reason to continue to make happy, he said.

Stamford, Conn.-based research firm Gartner Inc. sounds a similar note of caution in its report on the lawsuit, issued March 26. Gene Phifer, lead author on the report, notes that hundreds of third-party support companies exist worldwide to serve as proxies for the license owner.

He said it is "still to be determined" whether TomorrowNow acted on its customers' behalf and whether the customers' support agreements allowed TomorrowNow to act on their behalf. And while this approach to technical support "will not likely change as a result of Oracle's suit against SAP," Phifer said, "enterprises must take care to protect themselves contractually from potential misdeeds of the third-party support provider."

When contacted, SAP spokesman Steve Bauer said in an email: "SAP wants to make it clear to our customers, prospects, investors, employees and partners that SAP will aggressively defend against the claims made by Oracle in the lawsuit. SAP will remain focused on delivering products and services -- including those from TomorrowNow -- that ensure success for our customers."

Bauer added that TomorrowNow "has no direct interactions with Oracle on behalf of its clients," and that SAP "is confident in the integrity of TomorrowNow's business model and its ability to provide differentiated services to its customers."

More on Oracle and SAP
Oracle sues SAP for 'stealing software' 

Company ditches J.D. Edwards in-house support for SAP-TomorrowNow 

Oracle Fusion Update Center 
Phelps, a former computer programmer, wondered how the passwords of expired users or soon-to-be former users could be used to download tens of thousands of documents to which they weren't supposed to have access.

"If Oracle didn't want those particular customers to have access to the entire library, it makes you wonder why they were granting them access to the underlying material," Phelps said. "It might beg the question of why they didn't put tighter controls on who does what, if it is that critical, and I suspect that is part of what we might hear coming back in the response from SAP."

Let us know what you think about the story; email: Linda Tucci, Senior News Writer

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.