What is the focus of your Java strategy?

Compliance, Security, Costs

Where is the Focus of Your Java Strategy?

Compliance, Security, Costs: What is the Focus of Your Java Strategy?

In April 2019, the rules for Oracle JDK Licensing were changed to require a commercial subscription in order to deploy security patches and updates for Java (personal usage and development excluded).

More than a year has passed and there are many lessons to be learned by analyzing the different Java strategies and approaches that organizations have put in place. Read on to learn more about the results of strategic conversations, projects and advisories we’ve had with our customers and the perspective we’ve gained by supporting them in defining their Java strategies.

For many organizations, the biggest challenge when it comes to Java has been the lack of visibility and control over thousands of software installations across different versions. Besides the usage of commercial features, Oracle Java could also be deployed for free with security patches available online

What is the focus of your Java strategy?
Customers' challenge with Java, source: SoftwareONE

Oracle Java 8 is the most widely used version but we still see installations of 7, 6 and even Java 5 in some customer environments. The most recent Long Term Support release, Java 11, is also gaining in popularity and usage.

While the latest security patches and updates for Java 8 and 11 are available to download online for free, in most cases their deployments require a subscription.

Although Oracle released several announcements about the planned licensing changes beforehand, we still saw a significant amount of confusion and the need for guidance across our customers. Around 50 percent of the companies that took part in our recent SoftwareONE webinars (in both DACH and North America) said they have not yet taken any actions on their Java strategy, even one year after the licensing changes.

Top Three Scenarios for Your Java Strategy

For those organizations looking to optimize their Java strategy, we have created the following three scenarios to provide guidance for the compliance, financial, and security perspectives.

1. Focus on Compliance

There is a short-term solution to avoid the risk of deploying Java patchsets without owning the required subscriptions - remove those that fall into this category and replace them with older patchsets, as long as the applications support them.

This, however, requires your organization to have an inventory solution in place that can identify all of your Oracle Java installations and highlight where compliance issues might arise. In the picture below all Oracle JDKs previously updated to a patchset requiring a subscription have been moved back to a “compliant” situation.

What is the focus of your Java strategy?
Scenario 1 - Compliance, source: SoftwareONE

This compliance-focused scenario is a reactive approach that many organizations have adopted to limit their financial risks before defining their long-term Java strategies. However, it means neglecting the need to patch Oracle Java as they would with any other software.

Strength of Scenario

Criteria Evaluation
Compliance
Financial
Security

2. Focus on Security

Organizations that identify security as the main priority for their Java strategies might have business applications that are highly dependent on Oracle Java and cannot afford to have them unavailable, even for a few hours. Therefore, they decide to cover their business critical environments with Oracle Java subscriptions and cover both security and compliance while doing so.

In the picture below all Oracle JDKs are being updated to the latest available patchset.

Strength of Scenario

Criteria Evaluation
Compliance
Financial
Security

3. A Hybrid Focus

The strongest scenario is one that is based on compliance, costs and security simultaneously.

By identifying and implementing an OpenJDK distribution as a possible alternative to Oracle JDK, organizations can leverage a community-based distribution to upgrade and patch the software without any additional subscription costs. Alternatively, for organizations that require support, commercial subscriptions are available for OpenJDK as well.

Implementing OpenJDK and setting it as a standard requires testing to understand its compatibility with applications. The good news is that starting with JDK 11, the differences in the binary code between Oracle and OpenJDK have reduced significantly.

In the picture below “uncompliant” Oracle JDKs are being migrated to OpenJDK and upgraded to the latest patchset.

What is the focus of your Java strategy?
Scenario 3 - Hybrid focus, source: SoftwareONE

A hybrid strategy can be pursued by organizations in the middle-long term to generate financial savings, ensure security and reach compliance.

Strength of Scenario

Criteria Evaluation
Compliance
Financial
Security

When determining your long-term Java strategy, you’ll want to focus on the financial, security and compliance aspects. Whatever your Java roadmap is, SoftwareONE - with its 50+ Oracle and Java experts worldwide and its unique technology to recognize applications running on Java - is here to help you define your roadmap and support you along the way.

What is the focus of your Java strategy?
SoftwareONE Java Expertise

Free Whitepaper: SoftwareONE’S Java Advisory

It has been a year since Oracle announced the licensing changes for Java but many organizations have yet to determine a long-term solution. Download our whitepaper to learn more about our three-step approach to help you build your Java roadmap.

Request Your Copy

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Massimo Borrelli

Oracle Subject Lead

EuroCloud Europe, CSAM, ISTQB Certified Tester, ITIL Foundation Certificate

Related Articles

oneclub-partner-program

Microsoft Direct Partners Select ONEClub

Microsoft's announcement to enforce revenue requirements on direct-bill partners has many transitioning to the indirect model through SoftwareONE's ONEClub.

VMware vSphere 7 Innovations and Containers

VMware vSphere 7 Innovations and Containers

vSphere 7 has become the home of containers. This means that containers can now be managed in a similar way to virtual machines by vSphere or vCenter.

cyber-security-awareness-4-building-a-mobile-threat-defense
  • 21 October 2020
  • Bala Sethunathan
  • Managed Security

Protect Enterprise Mobile Devices

Despite their size, mobile devices pose a huge threat to enterprises. Here are a few threats to start protecting against today.