“When two elephants fight, it is the grass that gets trampled.” African proverb
Hewlett-Packard Co. and Oracle Corp.’s decision to settle the lawsuit over Oracle’s hiring of Mark Hurd as co-President after weeks of public wrangling is welcome news to everyone but the corporate attorneys.
But don’t expect the two vendors to just pick up and resume their former close partnership. It got very ugly, very fast. And the reverberations from Hurd’s hiring to HP’s recent appointment of Leo Apotheker, as the new CEO effective November 1, will be felt for a long time. HP’s decision to hire the German-born Apotheker, who is also the former CEO of SAP, is to put it politely a big “take that, Oracle!” Forget the surface smiles, behind the scenes Oracle and HP have their ears pinned back, teeth bared and swords sharpened as they gird for battle.
This was not the typical cross-competitive carping that vendors routinely spew to denigrate their rivals’ products and strategies. The issues between HP and Oracle are very personal and very deep. The verbal volleys Oracle CEO Larry Ellison lobbed at HP in recent weeks exposed the changing nature of this decades old alliance. It is morphing from a close, mutually beneficial collaboration to a head-on collision in several key product areas. Ellison’s words did more than just wound HP: they also opened up deep fissures in the relationship which are as big as the San Andreas Fault.
The HP/Oracle relationship will survive for the sake of their common customers but will likely never be the same.
The industry-at-large will probably never learn the “real” reason(s) the HP board of directors peremptorily ousted Mark Hurd as CEO. What is clear is that Oracle CEO Larry Ellison was motivated by more than just concern for his friend when he publicly castigated HP for the firing and extolling the business acumen of his tennis buddy. You just knew Ellison was going to give Hurd a prominent position at Oracle. And he did: co-President. In a regulatory filing earlier this week, to end the lawsuit, HP disclosed that Hurd will give back 325 thousands shares of restricted stock shares valued at $13.6 million that Hurd received as part of his severance package. Hurd gets to keep the over $12 million in cash he received. In exchange, Hurd will not disclose any of HP’s trade secrets.
This last stipulation is very sticky. Defining what constitutes intellectual property (IP) is just as tricky as defining obscenity. In over 30 years, the Federal Communications Commission (FCC) has been unable to achieve consensus on what constitutes obscenity.
How exactly will HP monitor Hurd to prevent him from telling Oracle what he knows about HP’s general tactics, strategy and relationships with customers, partners, competitors and general product directions and acting on them by counter-marketing and ? It’s not like they can put ankle monitor around his brain. Short of bugging Hurd’s communications, HP can never have 100 percent surety that some of their secrets are no longer secret. Hurd will use his knowledge of HP’s workings and wield it like a weapon – on Oracle’s behalf.
Any way you look at it losing Hurd to Oracle is a big blow to HP even if they did fire him for undisclosed inappropriate behavior.
Larry Ellison is many things. But of all the many adjectives, epithets and sobriquets that have been used to describe him and invectives that have been hurled at him, stupid is not one of them. Mr. Ellison has a plan. It most assuredly involves the aggrandizement of Oracle at the expense of competitors as his firm increasingly finds itself in head-to-head competition with HP. Why else, would he effectively trash the decades long, mutually beneficial and collaborative partnership between his firm and HP and then deliver the coup de grace by hiring Hurd?
The HP Board of Directors, while more reserved and civil than the outspoken and openly bellicose Ellison, is just as committed to the ongoing fight for high tech supremacy. Outwardly HP will maintain its dignified and understated mien but behind the closed (and hopefully not bugged) doors of its boardroom, the HP “suits” are plotting each move and counter-move with great deliberation. Their decision to file suit against Hurd scant hours after Oracle announced his appointment as co-President of the database market leader, shows that they’re shedding the velvet gloves in favor of the iron fist.

Regardless of the settlement, the underlying reasons that HP said it filed suit against Hurd for taking the Oracle co-Presidency: “…In his new position, Hurd will be in a situation in which he cannot perform his duties without necessarily using and disclosing HP’s trade secrets,” still exist.

Hurd and Oracle are highly unlikely to steal any of HP’s IP with respect to specific products and engineering. But there’s a lot of gray area surrounding IP and what types of knowledge are already in the public domain. You’d better believe that both HP and Oracle have set up war rooms in their respective boardrooms.
Make no mistake; there will be casualties of war.
And to quote the African proverb, the blades of grass in this fight are the respective customers, third party suppliers as well as the sales and distribution channels that support the enormous HP and Oracle ecosystems.
According to International Data Group (IDC) statistics, HP is the world’s largest technology company by revenue, and the top PC and server vendor and Oracle is the world’s third-largest software company.
HP and Oracle by the Numbers
On paper HP and Oracle appear evenly matched. The notable exception is in revenues, even after a five year multi-billion buying spree, Oracle sales still trail significantly behind HP.

From Collaborative to Competitive
Until recently the two firms did not compete head-on. Though HP and Oracle’s management and styles were/ worlds apart, their partnership thrived despite such differences.
Oracle is defined by the brash Ellison, while HP executives take a low-key and platform agnostic approach to most high tech competitors excepting IBM. For years Oracle and HP were bound by their mutual rivalry albeit in different product arenas – Oracle competed fiercely with IBM’s DB2 database while HP and IBM competed in just about everything else including, PC and server hardware, as well as the lucrative services market.
After decades of publicly hurling invectives at one another, Oracle and IBM in the last several days have done an about-face and are now engaged in an almost embarrassing display of public affection. This love fest would truly be gag-worthy if not for the realization that Big Blue and Oracle don’t hate each other any less; at this point in time they just loathe HP more. It’s truly a case of: “the enemy of my enemy is my friend.”
IBM chief executive Sam Palmisano decided to seize the opportunity to blast HP, publicly castigating them in a September 15 Wall Street Journal interview. Palmisano gave a detailed litany of HP’s faux pas. They included mishandling Hurd’s ouster by giving him a $40 million+ severance package which he said was “not a good use of shareholder money”; allowing Hurd to slash HP’s research and development budget to $2.8 billion – just 2.5 percent of total revenue and for getting in a bidding war with Dell over the acquisition of virtualization storage vendor 3Par and paying more that what it’s worth. Palmisano’s most acerbic statement was that HP was in such a weakened state that IBM no longer considered them a competitor. Not true of course, but it stings just the same.
It was Ellison and Hurd’s turn to heap praise on IBM during the Oracle September 16 earnings call. Ellison called IBM “a great services partner,” and said his partnership with IBM is “absolutely critical.” Ellison positively gushed while observing that “IBM’s mainframes add value because they aren’t commodity boxes and serve a real need.”
HP has remained characteristically mum about Palmisano’s and Ellison’s comments but it is undoubtedly plotting a counter attack. .
Collaboration and “co-opetition” between HP and Oracle may exist on paper and publicly but there is open enmity behind the scenes.
Merger Mania
The reality is that all of the top tier high technology vendors are on a collision course with one another spurred on by the need to grow by acquisition rather than organically. In a challenging economy it’s a dog-eat-dog fight for corporate and consumer monies.
Consider this: In the last six years Oracle’s Ellison has spent as much on mergers and acquisitions – over $40 billion (including the January acquisition of Sun Microsystems for $5.9 billion) – as the company’s profits over a 30 year span. In Ellison’s grand strategy scheme, the moves make sense because a bigger Oracle can more equally compete with the likes of IBM and SAP. HP is keeping pace with Oracle in the M&A sweepstakes – having bought Compaq, EDS, 3Com and most recently swooping down and outbidding Dell Computer for virtualization storage company 3Par for $2.4 billion and security vendor ArcSight for $1.5 billion. And now HP is in a bidding war with IBM to buy Israeli based Radware which makes application delivery, application security solutions and load-balancing switches.
Winners and Losers
Corporate customers are the biggest and most immediate potential losers. Partnerships, mergers and acquisitions may look like a game of Monopoly on paper but there’s a lot at stake. Even the best of circumstances – an amicable and well planned purchase with little or no product overlap – there’s a certain amount of disruption that follows an acquisition. In these cases, it takes six months to a year to integrate and assimilate an acquired firm into the fold. Oracle’s acquisition of Sun Microsystems which includes Sun’s SPARC server hardware, Solaris operating system and the open source MySQL database has a lot of users concerned about the future of those product lines, despite the company’s public reassurances.
And while few distributors or users will go on the record, many of them are understandably nervous about the potential ramifications when their major hardware infrastructure and software vendors fall out.
Imagine you’re the CEO, CIO, CTO or VP of IT who has to make purchasing decisions for the next three-to-four year upgrade cycle. Can you trust that HP and Oracle have truly made up? Or are worried about when hostilities between the two will break out again and that your firm might get caught in the crossfire? Can you trust the promises of your vendor(s) to retain an acquired firm’s product portfolio? And even if they do, will the top engineers and product managers from a company like Sun (to cite just one example) remain with the company post-acquisition? Will the licenses carry over or will your organization face steep price hikes in volume licensing? Service and support is another big issue in a post merger entity. Once again, corporate customers are wise to ponder potential changes.
Organizations also get rightfully nervous that their vendors will get distracted by the public wrangling and potential lawsuits. These issues frequently lead to product delays and quality issues. Oracle is the world’s Number One database vendor and the Oracle database also has the dubious distinction of being the platform with the most security flaws. According to the National Institute of Standards and Technology (NIST), the government agency tasked with monitoring security vulnerabilities, it recorded a whopping 321 security vulnerabilities associated with the Oracle database from January 2009 through June 2010. That’s six times more than the 49 vulnerabilities Microsoft’s SQL Server notched and nearly triple the 121 security vulnerabilities recorded by IBM’s DB2 database during the same eight and a half year period. Though there’s no proof of a connection, the security issues associated with Oracle’s database spiked sharply in 2006 – around the same time, the company embarked on its merger and acquisition campaign and they’ve remained elevated over the past four years.
Though reluctant to speak on the record, corporate customers and distributors have some trepidation about the impact of the growing competition between HP and Oracle, even though the immediate crisis appears to be over. If you have concerns, now is the time to voice them and also exercise your right to comparison shop. Speak frankly with your sales representatives and resellers. Use the confusion to your advantage to negotiate for better terms and conditions.
The biggest potential winners in this fight are HP and Oracle competitors. IBM, Dell and other hardware vendors have been openly wooing Sun’s SPARC and Solaris customers ever since Oracle first announced its intention to purchase Sun. Those efforts will continue unabated. IBM and Microsoft executives are also undoubtedly contemplating special sales promotions to lure customers away from the Oracle and MySQL database platforms.
IBM’s Palmisano was right about one thing: HP seriously erred when it slashed its R&D budget to just 2.5 percent of annual revenue. It should rectify that immediately.
There’s another apt African proverb: “When the music changes, so does the dance.” And when it comes to vendors, there’s no such thing as a permanent partner.

Ask any 10 qualified people to guess which of the major database platforms is the most secure and chances are at least half would say Oracle. That is incorrect.

The correct answer is Microsoft’s SQL Server. In fact, the Oracle database has recorded the most number of security vulnerabilities of any of the major database platforms over the last eight years.

This is not a subjective statement. The data comes directly from the National Institute of Standards and Technology.

Since 2002, Microsoft’s SQL Server has compiled an enviable record. It is the most secure of any of the major database platforms. SQL Server has recorded the fewest number of reported vulnerabilities — just 49 from 2002 through June 2010 — of any database. These statistics were compiled independently by the National Institute of Standards and Technology (NIST), the government agency that monitors security vulnerabilities by technology, vendor, and product (see Exhibit 1). So far in 2010, through June, SQL Server has a perfect record — no security bugs have been recorded by NIST CVE.

And SQL Server was the most secure database by a wide margin: Its closest competitor, MySQL (which was owned by Sun Microsystems until its January 2010 acquisition by Oracle) recorded 98 security flaws or twice as many as SQL Server.

By contrast, during the same eight-and-a-half year period spanning 2002 through June 2010, the NIST CVE recorded 321 security vulnerabilities associated with the Oracle database platform, the highest total of any major vendor. Oracle had more than six times as many reported security flaws as SQL Server during the same time span. NIST CVE statistics recorded 121 security-related issues for the IBM DB2 platform during the past eight-and-a-half years.

Solid security is an essential element for many mainstream line-of-business (LOB) applications, and a crucial cornerstone in the foundation of every organization’s network infrastructure. Databases are the information repositories for many organizations; they contain much of the sensitive corporate data and intellectual property. If database security is compromised, the entire business is potentially at risk.

SQL Server’s unmatched security record is no fluke. It is the direct result of significant Microsoft investment in its Trustworthy Computing Initiative, which the company launched in 2002. In January of that year, Microsoft took the step of halting all new code development for several months across its product lines to scrub the code base and make its products more secure.

The strategy is working. In the past 21 months since January 2009, Microsoft has issued only eight (8) SQL Server security-related alerts. To date in 2010 (January through June), there have been no SQL Server vulnerabilities recorded by Microsoft or NIST. Microsoft is the only database vendor with a spotless security record the first six months of 2010.

ITIC conducted an independent Web-based survey on SQL Server security that polled 400 companies worldwide during May and June 2010. The results of the ITIC 2010 SQL Server Security survey support the NIST CVE findings. Among the survey highlights:
• An 83% majority rated SQL Server security “excellent” or “very good” (see Exhibit 2, below).
• None of the 400 survey respondents gave SQL Server security a “poor” or “unsatisfactory” rating.
• A 97% majority of survey participants said they experienced no inherent security issues with SQL Server.
• Anecdotal data obtained during first-person customer interviews also elicited a very high level of satisfaction with the embedded security functions and capabilities of SQL Server 7, SQL Server 2000, SQL Server 2005, SQL Server 2008, and the newest SQL Server 2008 R2 release. In fact, database administrators, CIOs and CTOs interviewed by ITIC expressed their approbation with Microsoft’s ongoing initiatives to improve SQL Server’s overall security and functionality during the last decade starting with SQL Server 2000.

Strong security is a must for every organization irrespective of size or vertical industry. Databases are among the most crucial applications in the entire network infrastructure. Information in databases is the organization’s intellectual property and life blood.

Databases are essentially a company’s electronic filing system. The information contained in the database directly influences and impacts every aspect of the organization’s daily operations including relationships with customers, business partners, suppliers and its own internal end users. All of these users must have the ability to quickly, efficiently and securely locate and access data. The database platform must be secure. An insecure, porous database platform will almost certainly compromise business operations and by association, any firm that does business with it. Any lapses in database security, including deliberate internal and external hacks, inadvertent misconfiguration, or user errors can mean lost or damaged data, lost revenue, and damage to the company’s reputation, raising the potential for litigation and loss of business.

It’s also true that organizations bear at least 50 percent of the responsibility for keeping their databases and their entire network infrastructures secure. As the old proverb goes, “The chain is only as secure as its weakest link.” Even the strongest security can be undone or bypassed by user error, misconfiguration or weak computer security practices. No database or network is 100 percent hack-proof or impregnable.Organizations should consult with their vendors regarding any questions and concerns they may have about the security of ANY of their database platforms. They should also ensure they stay updated with the latest patches and install the necessary updates. Above all, bolster the inherent security of your databases with the appropriate third party security tools and applications. Make sure your organization strictly adheres to best computer security computing practices. At the end of the day only you can defend your data.

Registered ITIC site users can Email me at: ldidio@itic-corp.com for a copy of the full report.

Since January, the high technology industry has witnessed a dizzying spate of dueling, vendor product announcements.
So what else is new? It’s standard operating procedure for vendors to regularly issue hyperbolic proclamations about their latest/greatest offering, even (or especially) when the announcements are as devoid of content as cotton candy is of nutritional value. Maybe it’s just an outgrowth of the digital information age. We live and breathe instant information that circumnavigates the globe faster than you can say Magellan; the copy monster must be fed constantly. Or maybe it’s the protracted economic downturn which is making vendors hungrier than ever for consumer and corporate dollars.
Whatever the reason, there’s no doubt that high technology vendors – led by Google and Apple – are engaged in a near constant game of one-upmanship.
Apple indirectly started this trend in early January, when word began leaking out that Apple would finally announce the long-rumored iPad tablet in late January. The race was on among other tablet vendors to announce their products at the Consumer Electronics Show (CES) in Las Vegas in mid-January to beat Apple to the punch. A half-dozen vendors including, ASUSTeK Computer (ASUS), Dell, Hewlett-Packard, Lenovo, Taiwanese manufacturer Micro Star International (MSI) and Toshiba all raced to showcase their forthcoming wares in advance of Apple. It made good marketing sense: all of these vendors knew that once Apple released the iPad, that their chances of getting PR would be sorely diminished.
I have no problem with smaller vendors or even large vendors like Dell and HP, who rightfully reckon that they have to make their announcements in advance of a powerhouse like Apple to ensure that their products don’t get overlooked.
Apple vs. Google Battle of the Mobile Web Titans
But when the current industry giants and media darlings like Apple and Google start slugging it out online, in print and at various conferences, it’s overwhelming.
Apple and Google are just the latest in a long line of high technology rivalries. In the 1970s it was IBM vs. HP; in the 1980s, the rise of networking created several notable rivalries: IBM vs. Digital Equipment Corp. (DEC); IBM vs. Microsoft; Oracle vs. IBM; Novell vs. 3Com; Novell vs. Microsoft; Cabletron vs. Synoptics and Cisco vs. all the internetworking vendors. By the 1990s it was Microsoft vs. Netscape and Microsoft vs. pretty much everyone else.
The Apple vs. Google rivalry differs from earlier technology contests in that the relationship between the two firms began as a friendly one and to date, there has been no malice. Until August, 2009 Google CEO Eric Schmidt was on Apple’s board of directors. And while the competition between these two industry giants is noticeably devoid of the rancor that characterized past high tech rivalries, it’s safe to say that the two are respectfully wary of each other. Apple and Google are both determined not to let the other one get the upper hand, something they fear will happen if there is even the slightest pause in the endless stream of headlines.
Google and Apple started out in different markets – Google in the online search engine and advertising arena and Apple as a manufacturer of consumer hardware devices and software applications. Their respective successes – Apple’s with its Mac hardware and Google’s with its search engine of the same name have led them to this point: a head to head rivalry in the battle for supremacy of the mobile Web arena.
On paper, they appear to be two equally matched gladiators. Both companies have huge amounts of cash. Apple has $23 billion in the bank and now boasts the highest valuation of any high technology company, with a current market cap of $236.3 billion, surpassing Microsoft for the top spot. Google has $26.5 billion in cash and a valuation of $158.6 billion. Both firms have two of the strongest management and engineering teams in Silicon Valley. Apple has the iconic Steve Jobs who since his return has re-vitalized the company. Google is helmed by co-founders and creative geniuses Larry Page and Sergey Brin and since 2006 and Eric Schmidt, the CEO who knows how to build computers and make the trains run on time.
Fueling this rivalry is Apple’s and Google’s stake in mobile devices and operating systems. In Apple’s case this means the wildly successful iPhone, iPod Touch and most recently the iPad and the Mac Mini. Google’s lineup consists of its Chrome OS and Android OS which will power tablet devices like Dell’s newly announced Streak, Lenovo’s forthcoming U1 hybrid tablet/notebook due out later this year. The rivalry between the two is quite literally getting down to the chip level. Intel, which has for so long been identified with Microsoft’Windows-based PC platform is now expanding its support for Android – a move company executives have described as its “port of choice” gambit. Apple is no slouch in this area, either: its Macs – from the Mac Minis’ to the MacBook Pros, ship with Intel inside. Last week Nvidia CEO Jen-Hsun Huang weighed in on the Apple/Google rivalry on Google’s side, predicting that the tablet designs will converge around Google’s operating system.
But a stroll through any airport, mall, consumer home or office would give a person cause to dispute Huang’s claim: iPads and iPhones are everywhere. Apple recently announced that it has sold over two million iPads since the device first shipped in April. During a business trip from Boston to New Orleans last week I found that Apple iPads were as much in evidence as hot dogs at a ballpark.
Ironically, Microsoft, a longer term traditional rival of both Apple and Google is not mentioned nearly so often in the smart phone and tablet arenas. That’s because Microsoft’s Windows OS is still searching for a tablet to call its own. Longtime Microsoft partner HP, abruptly switched course: after Microsoft CEO Steve Ballmer got on stage and demonstrated Windows 7 running on HP’s slate, HP bought Palm and earlier this week acquired the assets of Phoenix Technologies which makes an operating system for tablets. That leaves Microsoft to promote its business centric Windows 7 phone which will run Xbox LIVE games, Zune music and the company’s Bing search engine. All is not lost for Microsoft: longtime “frenemy” Apple CEO Steve Jobs said recently that the new iPhone 4G will run Microsoft’s Bing fueling speculation that Apple will drop support for Google’s search engine. Both Google and Apple are still competing with Microsoft in other markets like operating systems, games and application software to name a few, but that’s another story.
There are other competitors in the smart phone and tablet markets but you’d hardly know it from the headlines. Research In Motion’s (RIM) Blackberry is still a market leader. But Apple and Google continue to dominate the coverage. I guess high technology just like sports revels in a classic rivalry. And this one promises to be a hard fought struggle.