Oracle just dropped a bomb on SAP, alleging broad theft of intellectual property. This has huge implications for both companies. If this effort is successful, and Oracle's allegations are correct, they will be able to dramatically compromise SAP's ability to compete in the market.
Even the implication that SAP's intellectual property may not be its own will cast a shadow over SAP's resources and, unless it was proven that Oracle orchestrated the entire thing (given this is Oracle, this isn't as impossible or paranoid as it otherwise might sound), this should shift sales away from SAP. Oracle is one of the likely beneficiaries of this shift.
However, so far Oracle has apparently connected the problem only to the activities of one person who may have been acting without corporate sanction and who is, apparently, an ex-PeopleSoft employee. This last may do more to explain the piracy than the broad implications that Oracle alleges and, if true, could limit the damage to SAP but certainly not eliminate it.
In the next few months we'll see if Oracle brilliantly played, or overplayed, this strategy, but we know right now that SAP is hurting and this is a good reminder of why we all need to start rethinking security, both from a standpoint of what competitors could do to us and what we could do to ourselves.
Impact on SAP and Oracle
Before we start, let's be clear on the impact on SAP and Oracle if these accusations are true and the situation was not manufactured. From Oracle's side, it will have lost a huge amount of intellectual property which has likely resulted in competitive offerings that have taken business that otherwise would have been Oracle's. This has devalued their own services, increased their relative costs and decreased their profitability. The fact that their security was so easily compromised through the use of ex-customer ids makes them look foolish and negligent with regard to security, which does negatively impact the perception of Oracle and its offerings.
However, if SAP is proven guilty, damage to it could vastly greater. Its own intellectual property will have been compromised along with any ability to defend it. It could owe its largest competitor huge sums of money and might have to license some of its own products back at exorbitant prices. In an extreme, but unlikely, case, it could be looking at the corporate equivalence of a terminal illness and might never recover, which goes to the core of why Oracle is playing this up as much as it is.
In short, Oracle looks negligent and SAP looks crooked, and while Oracle could gain vastly more than it loses, this will help build a foundation around the belief that they aren't secure, which could follow a number of their offerings, particularly if competitors were to connect Oracle's lack of security to features in Oracle products which make this kind of a problem likely.
Checking Ethics and Checking the Door
In short, being unsecure is stupid, and stealing intellectual property from a competitor is incredibly stupid, given the repercussions of both and the laser-like focus IT has on security right now.
What happened to Oracle could happen to anyone, and just because you aren't aware of the competitive theft of intellectual property it doesn't mean it isn't happening. In fact, it may be time to increase your vigilance on physical security and start taking hard looks at your competitors' products to see if your stuff is showing up in them aggressively. One of the cheapest ways to stay competitive, if you don't get caught, is to steal from the leading vendors, and companies in emerging markets have never had that much problem with this approach. Paying someone to be an employee of a competitor is a really inexpensive way to get good intellectual property cheaply.
The other side of this coin is the alleged unethical behavior at SAP. Employees can misact: They are people and can have gambling and drug-related problems or affairs they need to fund and cover up. They can be blackmailed and, over the years, I've seen problems come from each of these sources. HR is most companies is weak, but many of these problems are obvious if you only look for them. Anyone experiencing one of them should not be in a position of trust, particularly if they oversee a critical part of the company.
On ethics and the right way to get competitive intelligence I recommend SCIP, the Society of Competitive Intelligence Professionals. While I no longer belong myself, largely because I don't do this kind of work anymore, you can learn from the best there and find out how to get most of the competitive information you need without exposing your company to the kind of problem that SAP is now experiencing.
We are experiencing an increase in security threats of an unprecedented nature. It's time to make sure you aren't either one of the key victims or a major, and terminally ill, part of the problem.