It’s a challenge faced so far only by the most ultra-successful software companies, but a major turning point comes when a product becomes a utility.
It doesn’t happen often, but there’s a big difference when a piece of software goes from something you use to compete against your rivals, to something that the market is widely reliant upon.
Oracle is learning this lesson right now, after its acquisition of Sun Microsystems in 2009 made the company the custodian of Java.
The database giant has been widely criticised for what was seen as a lacklustre response to a major security hole discovered in Java 7, which was already being exploited by malware writers and created a vulnerability in every device that uses that version of Java.
The problem is that almost every device these days, uses Java – PCs, laptops, smartphones, tablets; if you’re connecting to the web and using a browser, you probably have Java installed. That’s a very attractive hole for a virus to target.
Microsoft, of course, went through this process many years ago. It was branded a monopolist in court when aggressive sales tactics became anti-competitive behaviour. That could only happen because the firm became so successful and so dominant in its market that behaviour previously considered aggressive but acceptable, no longer became legally acceptable.
The lessons for Redmond continued when Windows became the favoured target for virus writers, and the company realised it had to take a whole new attitude towards security. Now, 10 years after the launch of its Trustworthy Computing initiative, and with Patch Tuesday part of the IT vocabulary, Microsoft – while not perfect – is seen in many quarters as an example of how to approach software security.
The Windows maker realised it had to change from snarling competitor to responsible citizen and trusted partner. It doesn’t always achieve that, but it’s come a long way since those times.
Oracle has always been among the most aggressive of IT companies in its approach to selling – formed very much in the mould of ultra-competitive founder Larry Ellison, a man so competitive that he literally rewrote the rules of America’s Cup sailing to suit his team.
A former managing director of Oracle’s UK operation once looked me in the eye and said, “Believe me, what Larry wants, Larry gets.”
Larry certainly wanted Java, but his company is now starting to learn the responsibility that comes with it.
By contrast, Apple is doing its absolute best to avoid its products becoming a utility in any way. The court case that has seen Samsung hit with $1bn damages for violating Apple patents is all about establishing that only Apple can do things the Apple way. And if you want to play the Apple way, you do so only in Apple’s walled garden, to Apple’s rules, and nobody else in the playground gets to take the ball home at the end of the game. It’s going to be very interesting to see if the iPhone maker can maintain that position forever.
We will, at some point in the coming years, start to see cloud providers going through the same learning process. When a cloud service becomes a utility – and seeing as utility computing is one of the big aims of the cloud, it’s going to happen – the provider will have to change its behaviour, or potentially face external regulation.
That’s why we refer to heavily regulated gas, electricity and water companies as utilities.
With the growing interconnectedness of everything, one supplier becomes dependent on another becomes dependent on another, and so on. In a market ruled by ultra-competitors, that doesn’t work.
That is why much of the cloud is being built on open source, and why firms like Google choose to donate their software to the open-source community. Suddenly software needs to be something owned by nobody if it’s going to be efficient and cost-effective for everybody. That’s why the UK government is so keen to adopt open source and open standards and find ways to avoid being locked in to patent-encumbered software products.
Oracle’s recent Java security experience is, in the grand scheme of things, a small problem, quickly resolved. But it’s a big example of the way the software sector is going to evolve over the next 10 years.