SoftwareOne case study

Achieving compliance and avoiding financial & security risks shouldn’t be a luxury

Software environment insights help avoid risks and define a new Java strategy

A European luxury brands company with a large number of installed Java programs didn’t realize a 2019 Oracle change to its Java policies impacted both security and license compliance. Consulting with SoftwareOne, the customer understood its potential security and financial risks. SoftwareOne’s Advisory Services for Oracle Java detected over 2,000 installations with high vulnerability and potential compliance risks. This insight enabled the customer to mitigate its risks and provided a solid starting point for determining a new Java strategy.

Client: Luxury goods conglomerate
Industry: Manufacturing
Services: SoftwareOne Java Advisory Services
Country: Switzerland

We used to work with one of the Big Four, and I can tell that SoftwareOne’s Java Services are definitely better than what we were ever provided before.

Head of Technology Governance, Risk & Controls; Luxury Goods Conglomerate

About the client

A European luxury goods holding company bringing together over 20 brands that produce and sell products ranging from jewelry to clothing, leather goods, and accessories.

The challenge

Across its multiple luxury brands, the company has a large number of Java programs installed. However, the customer didn’t realize that the change Oracle made to its Java policies in 2019 impacted both the security of these programs and its license compliance.

The solution

SoftwareOne reviewed the Oracle contracts to determine if the conglomerate had Java licenses or had purchased Oracle product licenses with restricted usage rights for Java. This was followed by analyzing tool output provided by the customer to detect Java installations. Interviews were conducted to ensure a clear view of the installed products’ purpose and to identify all compliance risks.

An in-depth review of the installed version was checked against a known vulnerability database to determine potential security risks. The SoftwareOne team detected a large number of installations at the highest risk level.

All the above was completed within one month and provided the customer with valuable insights. The CIO formed a team to mitigate the existing risks and avoid costly consequences. SoftwareOne’s input also provided the company with the feedback needed for defining a new Java strategy.

The result

SoftwareOne analysis and investigations provided the conglomerate a clear view of its Java products’ status.
SoftwareOne explained all compliance and security risks in a detailed report.
The company is now aware of the risks it is facing and has initiated actions to eliminate or mitigate exposure.
SoftwareOne’s input can support the company in defining a new Java strategy based on factual information.