Tuesday, March 27, 2007

Oracle/SAP lawsuit: view from Rimini Street

Yesterday, I spoke with Seth Ravin, CEO of Rimini Street, about Oracle's civil suit against SAP and its TomorrowNow (TN) unit for theft of intellectual property. Rimini Street, like TN, is a third-party maintenance and support service provider for Oracle's JD Edwards, PeopleSoft, and Siebel products.

Ravin is in a unique position to offer a perspective on Oracle's suit against SAP/TN. Not only does his firm provide nearly identical services as TN but Ravin himself was co-founder of TN's third-party maintenance services for PeopleSoft and JD Edwards. He was also TN's president until retiring to pursue other ventures shortly after SAP acquired TN in 2005.

Some of Ravin's observations match those I've already written in my first post and second post concerning this lawsuit. For example, Ravin emphasized that Oracle's lawsuit is not about TN offering third party support. Nowhere does Oracle object to SAP's offering third-party support for Oracle's products. Larry Ellison in fact has spoken of the third-party support model as "capitalism," and Oracle itself offers support for SAP's products through its partnership with Systime, as I noted previously.

He also observed that Oracle's security on its customer support website, by Oracle's own admission, allows anyone with a user ID to download any and all materials on the site, even those that Oracle is claiming in the lawsuit were outside of a particular customer's license rights. Oracle also does not appear to immediately disable user IDs and access to Oracle's customer portal upon expiration of a customer's support contract. Such poor information security practices and lack of access controls might be a defense for SAP in this lawsuit.

But Ravin also had some new insights into the lawsuit.

A question of intent
First, he believes that it is unlikely that SAP as an organization has any conspiracy to steal Oracle's intellectual property. Stealing Oracle's IP would have no business value to SAP and opening the door to such a lawsuit is certainly not in SAP's best interests. Furthermore, if SAP did want to steal Oracle's trade secrets, it certainly would not be likely do so from their own offices, traceable through IP addresses on its own network. If this were truly a case of corporate espionage, SAP would have done a better job of covering their tracks. I find this to be a convincing argument.

That leaves the most likely explanation -- if there really is an issue -- as that of errors by one or more employees getting confused and mixing up client logins when processing multiple download requests from Oracle's customer portal for new clients. Ravin notes that Oracle customers have the right to download support materials up to the expiration date of their Oracle maintenance agreement. When a customer plans to terminate maintenance, Ravin thinks that TN -- as the customer’s contractor -- likely offers to download all the support material for which they have the rights to. At this point, Ravin believes the TN consultant should write those materials to a CD-ROM or other appropriate storage device and hand them over to a customer.

Picking up on Ravin's theory, I can picture at least two scenarios. First, imagine a TN consultant who has several Oracle customers that have signed up for TN's services and plan to terminate Oracle maintenance agreements. Perhaps the consultant simply forgets to log out with one ID and accidentally uses one client's authorized ID to process another client's authorized download. Perhaps logins get mixed up or are not managed well to ensure that they are never used again after a client's Oracle maintenance contract expires. Since Oracle's site looks the same regardless of the login ID and since Oracle does not seem to immediately turn off access rights after maintenance contracts expire, there is plenty of opportunity for innocent human error.

Or, perhaps the consultant downloads all the material he needs for all his current clients using one login ID and then splits up the material for each customer according to what materials the customer has rights to. From the consultant's perspective, he's just trying to save time logging in and out of Oracle's support site, but from Oracle's perspective, monitoring these activities, it looks suspicious.

Without having seen Oracle’s evidence in this case, there are several scenarios such as those I've outlined above that might explain the situation. There would be no intent on SAP's part, or even the consultant's part, to steal Oracle’s trade secrets, but merely human error in carrying out legitimate activities on behalf of customers.

All about SAP
Ravin points out that while Oracle has every right to protect its intellectual property, if this involved any party other than SAP, Oracle would have followed the traditional process of notifying the party of the inappropriate downloading and seeking to resolve the issue. If the inappropriate activities were then to continue, a cease-and-desist letter might be called for. And certainly, Oracle would have cut off the offending user IDs from further access.

But in this case, it appears that Oracle gave no warnings and took no actions to stop the offending behavior. Rather it quietly monitored the activity for several months, building a case, and then springing a lawsuit. Why? Because creating a "giant media fireball" (Ravin's phrase) works in favor of Oracle's PR campaign against SAP.

Ravin says he would be surprised if any of the Oracle materials went through the "firewall" at SAP and reached SAP's development organization. He expects that a much clearer picture will emerge when this case goes to trial, if it gets that far. In the meantime, Oracle makes SAP look bad and it gets to play the part of the victim.

I asked Ravin how the lawsuit was affecting business at Rimini Street. He was reluctant to paint the lawsuit as good for business, but in fact, he says that sales activities have included a windfall of TN prospects and customers, as Oracle customers looking for third-party support do not want to get in the middle of an Oracle versus SAP battle.

It's going to be interesting to see how this case develops.

Update, 5:00 p.m.: Andrew Nelson, CEO of SAP's TomorrowNow, is quoted in the Wall Street Journal. "We believe we've done absolutely nothing wrong, and we're going to defend our position vigorously," Mr. Nelson said. "We believe our model is an appropriate and legal way to do business."

Related posts
SAP subject to criminal charges?
Oracle sues SAP and its TomorrowNow unit

No comments: