Gartner Peer Insights reviews constitute the subjective opinions of individual end-users based on their own experiences and do not represent the views of Gartner or its affiliates.
Why It’s OK to
be a Skeptic
Questions About
Legality
Questions About
Support Quality
Questions About
Updates & Security
Questions About
Oracle Relationship
Next Steps
You Can Take
Oracle is proud of its 40+ years of delivering software support. But that service is not what it was even a decade ago. Longtime Oracle customers have seen Oracle support devolve from what was live, responsive service with Oracle engineers to a reliance on self-guided research on the My Oracle Support (MOS) web portal.
As Oracle charges you more for support every year, they have shifted the heavy lifting of problem resolution to your staff. So in a way, your productivity is already suffering – from poor publisher support. When you do not renew products with Oracle’s support program, you can no longer access MOS for information on those products. This may cause fear of loss for DBAs, analysts, and other users because Oracle has trained them to see MOS as the primary source for assistance.
But what are they really losing? MOS is designed to help self-diagnose and resolve issues, but the automated, one-size-fits-all approach often leads to frustration and extended delays. For example, MOS offers little-to-no assistance for interoperability and custom code issues, and there are often no updates available for older releases. Requesting on-demand assistance from a live engineer is difficult to impossible.
Third-party support improves productivity and the quality of support because it replaces MOS with on-call, personalized, “concierge” service from an assigned team of senior engineers, not an account manager. This team knows you and your technology stack and takes immediate responsibility for researching and resolving an issue or request. When your Oracle users and IT team no longer have to sort through the clutter of MOS, they can stay focused on their daily and strategic priorities.
During onboarding with Spinnaker Support, we further eliminate the need for MOS by:
Oracle’s priority for innovation is very much focused on its new cloud and digital transformation solutions. Thus any upgrade is not an upgrade in the historical sense, is generally not included as part of your annual maintenance and support fees, and will typically involve a complete relicensing and reimplementation event – usually at great expense to you.
Upgrades for perpetual licenses are limited, with often poor value propositions. The Continuous Innovation model only covers a subset of products, offering a slow drip of incremental improvements over a long period of time. Many companies that switch to third-party support have made the conscious decision to remain on their stable version and avoid spending budget and resources on upgrades that would deliver minimal advantage.
It is true that you will lose your access to the publisher’s support site. However, as we mentioned in the previous section, Spinnaker Support provides customers with an archive of the legally entitled Oracle patches and upgrades that were available up to the end date of your publisher support. Going forward, you can retain, access, implement, and use these upgrades as needed.
Spinnaker Support has performed this service for hundreds of customers, using an ISO 9001:2015-certified archiving approach and ISO 27001:2013 processes for data security. Other vendors who have not respected Oracle’s IP and copyrights are legally banned from creating archives for customers.
Additionally, Spinnaker Support offers managed services and project-based consulting. If there’s new functionality you need, our team can help.
Perhaps the most common concern of skeptics is security because Oracle will not provide security patches to customers who cancel support. We are asked whether we have the ability to provide adequate software and application security. Oracle says we cannot because only it can access the source code and find and address existing bugs or vulnerabilities within its own software. While this argument is true concerning the code, it is misleading at best concerning overall protection.
In fact, proper security is multi-layered and complex, and not a reactive, one-size fits all patching model. Spinnaker Support deploys a Seven-Point Security Solution (described below) that allows us to personalize our approach to address each specific issue in its unique environment. Here is why this is better than patching.
First, patches are far from perfect.
Oracle delivers security patches quarterly to address critical vulnerability exposures (CVEs). These Critical Patch Updates (CPUs) have issues themselves: they are reactive, expensive to implement, block only known threats, come well after a vulnerability has been actively exploited or discovered, and may not be successful.
For the twelve months of patches between 2Q19 to 1Q20, 22 of the 67 Database patches (33%) were repeats of previous patches going back to 2016 that did not originally fix the issue. Let’s repeat that: the vulnerabilities were not fixed, so the original Oracle patches needed patches.
Second, patching is not always deployed well.
While it’s best practice to deploy patches in a timely manner, many businesses fall behind or make the decision not to do it. Patching using Oracle’s CVE approach can be costly, involve time consuming testing, and often result in unintended consequences, like issues with customizations.
You should know where your IT and security teams stand on this practice. Have they installed the latest CPUs? We often discover that the users who are most adamant about remaining on Oracle-provided support are not actively applying patches – they simply like the idea that patches are available if needed. This defeats the entire purpose of patching!
That is why full-stack security (Defense in Depth) is more effective.
Vulnerabilities and exposures now come from a variety of external and internal sources, so effective security must address the full technical stack. True security is a process, not a patch.
Spinnaker Support’s global security team adheres to a Seven-Point Security Solution that covers the core security concepts of Discover, Harden, and Protect and comes standard with support at no extra cost. This approach combines timely fixes, configuration changes, or other operational workarounds to remediate any security issues you encounter (we call these “compensating controls”). The security solution can include products for virtual patching, intrusion detection, and prevention services like proactive monitoring.
Does this approach work? When we recently surveyed our customers on this topic, over 98% of respondents indicated that our security and vulnerability protection is at least as good or better than that delivered by the publisher.vi
Important Note: Oracle does not provide patches for versions on its Sustaining Support. Security concerns don’t lessen when Oracle decides to strip you of patches, so moving from Sustaining Support to our third-party support is a clear win for your security efforts.
RESOURCE: Our security page and solution briefs on patching
Not true. Unlike Oracle, third-party vendors provide Global Tax and Regulatory Compliance (GTRC) data tailored to the customer’s specific needs, delivering updates on a regular schedule to be less intrusive and easier to apply. At Spinnaker Support, we include GTRC updates as standard for the products that require them, no matter how old the software release.
Oracle typically supports its Premier and Extended Support customers – but not Sustaining Support – through massive GTRC updates that lack personalization for individual customers. These patches and updates are a one-size-fits-all approach to GTRC that requires additional work on behalf of the customer.
In comparison, Spinnaker Support keeps you compliant by delivering monthly and year-end updates tailored to your unique geographic reach and software environment requirements. Our GTRC team alleviates the challenge of changing tax, legal, and regulatory requirements by continually researching, monitoring, and gathering specific requirements from governing authorities in dozens of countries and all 50 U.S. states. We’ve designed our back-end systems and ISO 9001:2015-certified process to scale as we add new customers and jurisdictions.
You get timely and comprehensive updates, all designed to cover the breadth of tax and regulatory environment compliance issues and keep you compliant while minimizing the impacts of these changes to your systems. As a trusted partner, we work directly with customers to schedule and implement all required changes.
RESOURCE: Spinnaker Support’s GTRC Offering
Gartner Peer Insights reviews constitute the subjective opinions of individual end-users based on their own experiences and do not represent the views of Gartner or its affiliates.
Why It’s OK to
Be a Skeptic
Questions About
Legality
Questions about
Support Quality
Questions about
Updates & Security
Questions about
Oracle Relationship
Next Steps You
Can Take