BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

Rimini Street Loses Another Court Battle To Oracle While Rimini’s Customers Lose Data Security

Oracle

By Michael Hickins

A US District Court judge has issued a permanent injunction in favor of Oracle against Rimini Street, prohibiting the third-party provider of enterprise software maintenance services from engaging in certain practices in its dealings with Oracle business customers.

Oracle originally sued Rimini Street and CEO Seth Ravin eight years ago for engaging in what Oracle called “an illegal business model.”

Judge Larry R. Hicks of the US District Court in Nevada granted the new injunction, ruling that Rimini Street had infringed on 93 Oracle copyrights and thus “irreparably injured” the software company.

The court noted that it was Rimini Street’s brazen misconduct that enabled it to “rapidly build” its infringing business, while at the same time irreparably damaging Oracle because Rimini’s very business model “eroded the bonds and trust that Oracle has with its customers.” 

In addition, Judge Hicks ruled that Oracle is entitled to $28 million in legal fees stemming from the legal battle.

The court order makes clear that “Rimini Street’s business has been built entirely on unlawful conduct, and Rimini’s executives have repeatedly lied to cover up their company’s illegal acts,” Dorian Daley, Oracle’s general counsel and executive vice president, said in a statement.

While the Court’s ruling makes clear that Rimini Street has engaged in illegal business practices, portions of the previous trial unearthed evidence that should be equally troubling for Rimini’s customers—they are more vulnerable to security breaches.  By its own admission, Rimini Street doesn’t patch Oracle software that it is servicing, leaving customers open to hostile attacks by everyone from petty criminals to competitors looking to steal company secrets.

Rimini CEO Ravin argued in court that security patching is “an outdated model.” He said Rimini Street does not apply security patches to the software it supports, and said customers are “responsible for their own firewalls and their own security protections.”

Of course, that guidance runs counter to the warnings of security experts—and even the US government, which last year urged companies to swiftly patch their software to protect themselves from ransomware and other forms of cyberattacks.

In a security alert dated May 12, 2017, US-CERT, the federal Computer Emergency Readiness Team, wrote: “Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.”

Edward Screven, chief corporate architect at Oracle, called Ravin’s security posturing “totally ridiculous. It’s completely and totally ridiculous.”

To save a few dollars, some CIOs may be willing to overlook the years-long infringement Rimini engaged in to build its business. But the evidence shows that they do so at their peril. Cybersecurity is a boardroom issue these days, and ignoring industry-standard best practices for data security is a risk smart organizations shouldn’t be willing to take.  

Update: On September 11, 2018, the US District Court temporarily stayed the permanent injunction while Rimini Street seeks relief from the appeals court.

Michael Hickins is director of strategic communications in Oracle's public relations department.