SoftwareOne case study

Achieving compliance and avoiding financial & security risks shouldn’t be a luxury

Software environment insights help avoid risks and define a new Java strategy

A European luxury brands company with a large number of instaled Java programmes didn’t realise a 2019 Oracle change to its Java policies impacted both security and licence compliance. Consulting with SoftwareOne, the customer understood its potential security and financial risks. SoftwareOne’s Advisory Services for Oracle Java detected over 2,000 instalations with high vulnerability and potential compliance risks. This insight enabled the customer to mitigate its risks and provided a solid starting point for determining a new Java strategy.

Client: Luxury goods conglomerate
Industry: Manufacturing
Services: SoftwareOne Java Advisory Services
Country: Switzerland

We used to work with one of the Big Four, and I can tell that SoftwareOne’s Java Services are definitely better than what we were ever provided before.

Head of Technology Governance, Risk & Controls; Luxury Goods Conglomerate

About the client

A European luxury goods holding company bringing together over 20 brands that produce and sell products ranging from jewelry to clothing, leather goods, and accessories.

The challenge

Across its multiple luxury brands, the company has a large number of Java programmes instaled. However, the customer didn’t realise that the change Oracle made to its Java policies in 2019 impacted both the security of these programmes and its licence compliance.

The solution

SoftwareOne reviewed the Oracle contracts to determine if the conglomerate had Java licences or had purchased Oracle product licences with restricted usage rights for Java. This was followed by analysing tool output provided by the customer to detect Java instalations. Interviews were conducted to ensure a clear view of the instaled products’ purpose and to identify all compliance risks.

An in-depth review of the instaled version was checked against a known vulnerability database to determine potential security risks. The SoftwareOne team detected a large number of instalations at the highest risk level.

All the above was completed within one month and provided the customer with valuable insights. The CIO formed a team to mitigate the existing risks and avoid costly consequences. SoftwareOne’s input also provided the company with the feedback needed for defining a new Java strategy.

The result

SoftwareOne analysis and investigations provided the conglomerate a clear view of its Java products’ status.
SoftwareOne explained all compliance and security risks in a detailed report.
The company is now aware of the risks it is facing and has initiated actions to eliminate or mitigate exposure.
SoftwareOne’s input can support the company in defining a new Java strategy based on factual information.