Background

Tarynx is an international energy company and a key player in the European sector with over 2,000 employees.The organization sought to proactively address potential compliance issues tied to commercial Java usage. Oracle’s licensing model poses significant financial risks, particularly for companies unaware of where and how Java is deployed across their estate.

The Challenge

Tarynx understood the potential for significant financial exposure from Oracle’s commercial Java licensing but lacked a clear picture of how widespread the risk was across their environment. Without clear visibility into Java installations across its network, even a single unidentified instance could trigger a substantial claim. Initial investigations revealed that commercial Java was part of Tarynx’s standard machine build, meaning it was present on nearly every device. Additionally, there were instances of different Java versions scattered throughout the environment, increasing the complexity of compliance assessment and mitigation.

The Solution

ITAA implemented a comprehensive four-step Java risk assessment and mitigation process:

1. Discovery: Leveraged fingerprinting, custom queries, and path analysis to uncover all Java installations. The scan yielded over 1 million data points.
2. Filtering: ITAA categorized and prioritized these installations by risk, identifying that over 90% posed no licensing issue.
3. Deep Dive: ITAA developed tailored tools and questionnaires to scrutinize remaining high-risk installations. This ensured even a single non-compliant instance could be addressed.
4. Mitigation Strategy: Delivered a step-by-step plan for Tarynx to tackle residual risks, including:
   • Guidance to centralize and restrict Java usage to approved internal versions.
   • Checklists for analyzing specific use cases and evaluating ISV licensing or OpenJDK compatibility.
     

Crucially, the goal was not to eliminate all Java use but to provide Tarynx with the tools and strategy to manage and mitigate the risk effectively.

Conclusion

Thanks to ITAA’s targeted support, Tarynx avoided a potential Oracle claim worth up to $1.44 million for a five-year commercial Java subscription. By identifying the actual risk points and equipping Tarynx with a pragmatic mitigation plan, ITAA enabled the client to approach any future Oracle discussions with confidence and control. This engagement underscores ITAA’s expertise in managing vendor risk and navigating complex software licensing environments.

*Protecting our clients’ confidence is of the utmost importance at ITAA. While our case studies are based on true projects, we have used fictitious names and removed or changed other identifiable details.