Questions about Access to MOS, Experts, and Features

Oracle is proud of its 40+ years of delivering software support. But that service is not what it was even a decade ago. Longtime Oracle customers have seen Oracle support devolve from what was live, responsive service with Oracle engineers to a reliance on self-guided research on the My Oracle Support (MOS) web portal.

As Oracle charges you more for support every year, they have shifted the heavy lifting of problem resolution to your staff. So in a way, your productivity is already suffering – from poor publisher support. When you do not renew products with Oracle’s support program, you can no longer access MOS for information on those products. This may cause fear of loss for DBAs, analysts, and other users because Oracle has trained them to see MOS as the primary source for assistance.

But what are they really losing? MOS is designed to help self-diagnose and resolve issues, but the automated, one-size-fits-all approach often leads to frustration and extended delays. For example, MOS offers little-to-no assistance for interoperability and custom code issues, and there are often no updates available for older releases. Requesting on-demand assistance from a live engineer is difficult to impossible.

Third-party support improves productivity and the quality of support because it replaces MOS with on-call, personalized, “concierge” service from an assigned team of senior engineers, not an account manager. This team knows you and your technology stack and takes immediate responsibility for researching and resolving an issue or request. When your Oracle users and IT team no longer have to sort through the clutter of MOS, they can stay focused on their daily and strategic priorities.

During onboarding with Spinnaker Support, we further eliminate the need for MOS by:

1. Performing a detailed knowledge transfer. We review your unique application environment, technology stack, ticket history, geographic footprint, IT staff capabilities, and more. Spinnaker Support uses this information to assign you a team of engineers who understand your particular needs and can provide the fastest possible response. 
2. Building you an accessible archive. Our team downloads a searchable archive of files and information that you are legally entitled to from MOS to your network. See the next section for additional detail.

Perhaps the most common concern of skeptics is security because Oracle will not provide security patches to customers who cancel support. We are asked whether we have the ability to provide adequate software and application security. Oracle says we cannot because only it can access the source code and find and address existing bugs or vulnerabilities within its own software. While this argument is true concerning the code, it is misleading at best concerning overall protection.

In fact, proper security is multi-layered and complex, and not a reactive, one-size fits all patching model. Spinnaker Support deploys a Seven-Point Security Solution (described below) that allows us to personalize our approach to address each specific issue in its unique environment. Here is why this is better than patching.

First, patches are far from perfect.

Oracle delivers security patches quarterly to address critical vulnerability exposures (CVEs). These Critical Patch Updates (CPUs) have issues themselves: they are reactive, expensive to implement, block only known threats, come well after a vulnerability has been actively exploited or discovered, and may not be successful. 

For the twelve months of patches between 2Q19 to 1Q20, 22 of the 67 Database patches (33%) were repeats of previous patches going back to 2016 that did not originally fix the issue. Let’s repeat that: the vulnerabilities were not fixed, so the original Oracle patches needed patches.

Second, patching is not always deployed well.

While it’s best practice to deploy patches in a timely manner, many businesses fall behind or make the decision not to do it. Patching using Oracle’s CVE approach can be costly, involve time consuming testing, and often result in unintended consequences, like issues with customizations. 

You should know where your IT and security teams stand on this practice. Have they installed the latest CPUs? We often discover that the users who are most adamant about remaining on Oracle-provided support are not actively applying patches – they simply like the idea that patches are available if needed. This defeats the entire purpose of patching!

That is why full-stack security (Defense in Depth) is more effective.

Vulnerabilities and exposures now come from a variety of external and internal sources, so effective security must address the full technical stack. True security is a process, not a patch.

Spinnaker Support’s global security team adheres to a Seven-Point Security Solution that covers the core security concepts of Discover, Harden, and Protect and comes standard with support at no extra cost. This approach combines timely fixes, configuration changes, or other operational workarounds to remediate any security issues you encounter (we call these “compensating controls”). The security solution can include products for virtual patching, intrusion detection, and prevention services like proactive monitoring. 

Does this approach work? When we recently surveyed our customers on this topic, over 98% of respondents indicated that our security and vulnerability protection is at least as good or better than that delivered by the publisher.^vi 

Important Note: Oracle does not provide patches for versions on its Sustaining Support. Security concerns don’t lessen when Oracle decides to strip you of patches, so moving from Sustaining Support to our third-party support is a clear win for your security efforts.

Not true. Unlike Oracle, third-party vendors provide Global Tax and Regulatory Compliance (GTRC) data tailored to the customer’s specific needs, delivering updates on a regular schedule to be less intrusive and easier to apply. At Spinnaker Support, we include GTRC updates as standard for the products that require them, no matter how old the software release.

Oracle typically supports its Premier and Extended Support customers – but not Sustaining Support – through massive GTRC updates that lack personalization for individual customers. These patches and updates are a one-size-fits-all approach to GTRC that requires additional work on behalf of the customer.

In comparison, Spinnaker Support keeps you compliant by delivering monthly and year-end updates tailored to your unique geographic reach and software environment requirements. Our GTRC team alleviates the challenge of changing tax, legal, and regulatory requirements by continually researching, monitoring, and gathering specific requirements from governing authorities in dozens of countries and all 50 U.S. states. We’ve designed our back-end systems and ISO 9001:2015-certified process to scale as we add new customers and jurisdictions.

You get timely and comprehensive updates, all designed to cover the breadth of tax and regulatory environment compliance issues and keep you compliant while minimizing the impacts of these changes to your systems. As a trusted partner, we work directly with customers to schedule and implement all required changes.