Blog post

Oracle’s Acquisition of Sun and the Impact on Identity Management

By Earl Perkins | November 03, 2009 | 10 Comments

As an analyst, I’ve taken a lot of telephone and face-to-face inquiries about what we think will happen when the acquisition of Sun by Oracle is completed (or if it is completed– but that is another blog). We wrote a couple of research notes on the topic and more are in the works that look at the entire company portfolio impact, but being in IAM, I’m going to confine my comments to the identity implications of this acquisition. Let’s see if our line of reasoning about these unfolding events matches, or if you have different views on this very important topic.

First, it’s important to put the IAM part of the discussion in context with the major decision Oracle made to acquire Sun. In the great tradition of my favorite philosopher Dirty Harry, “a man’s got to know his limitations”. In this context, it means that the role of IAM in the Oracle decision to buy Sun was practically non-existent. Other Gartner research highlights the key areas that made the go-no go decision for acquiring Sun, and if IAM was even on it, it was dead-last. So let’s put the discussion about what Oracle will do with Sun IAM in the “oh yeah, we got this too” category. I’m not trying to be rude, I’m just trying to highlight the boundaries of this discussion and avoid conspiracy theory.

Second, one has to consider what kind of products we’re talking about and what historical evidence you may have to draw upon to help you do any kind of analysis on what may happen. We’re talking about products (in IAM) that overlap almost perfectly with existing products in Oracle’s portfolio. What usually happens to such products? We could try falling back on other trite sayings like “To the victor belong the spoils”, but what I’m really going to suggest may be counter-intuitive. I actually think that in spite of the overlap, there’s less reason (from historical evidence) to believe that this automatically spells doom or dismemberment of the the Sun IAM suite. Now why might one conclude that?

Oracle’s first mission in life is not to support international standards. It isn’t to consolidate and streamline the market and provide fewer choices for customers. It isn’t even to provide a one-stop shop for most IT needs. Oracle’s first mission is to make money, bluntly. To the extent other things can be done that assist in that (e.g. taking good care of customers) fine, but we are a free-enterprise society. If I look at it from that perspective, and I look at the several thousand IAM customers Sun has acquired over the years, I detect a distinct desire on the part of Oracle to maintain recurring revenue from those customers as one of its main priorities– particularly in an area that I received as a bonus part of a larger deal. This means that any snap judgments about which products to merge, which products to discontinue, which services to consolidate, all are going to take a little bit longer than you might suspect, and the final decisions may surprise you.

Having feature overlap isn’t the only kind of overlap discussion to have. One must also look at the customer profile, and to understand where Sun and Oracle overlaps occur. This means horizontal across industries (i.e. how many more banks has Sun sold to than Oracle, for example, and so on), vertical across customer size (small business, corporate, enterprise) and structure (centralized, distributed, decentralized). There are a number of variables to consider, with one really important question in mind: how much overlap occurs between Oracle and Sun products in potential customer markets, and is there a way to leverage two pretty good weapons to “divide and conquer”? Further, is there a shorter path to taking over competitor customer markets by approaching it with two weapons than with one? Which takes less time? Let’s be pragmatic here, not technologically elegant just to be elegant. There’s little return in that.

Third, play the scenarios out and estimate the timing. Let’s assume scenario 1 is “keep the Sun portfolio intact and sell– to different market segments or sectors, but in any case continue development and support” and scenario 2 may be “begin systematic review and integration of products wanted by Oracle, discard the rest”. (There are several other logical variations, but this is a blog, not a research note, so let’s be– pragmatic.) If scenario 1 does occur, it buys Oracle time to review what they have, build a long-term integration/migration strategy, and implement that over several releases of the product — say at least five to be safe. Assume one major release a year, it buys them 5 years to settle the existing customer base and offer continued opportunities for new Sun customer acquisitions. Scenario 2 is a much longer, more involved process (that is, if it’s done right) to align architectures, styles, approaches, workflows to a common future architecture, or to systematically gut the Sun product (or the Oracle product, for that matter) and do “best of breed” selection. Again, this takes a long time to do, and I would still estimate at least 5 years to reach a viable final roadmap state.

This means that Sun customers have a fairly long planning cycle– if these assumptions of future movement are reasonably accurate or logical. It also means those potential customers who have chosen Sun or are considering Sun aren’t automatically discouraged from doing so. As an analyst, I’m keen on seeing the process by which vendor selection is done not be unduly influenced by uncertainty. It is logical to be careful, methodical, and even conservative in product selections. But do not let undue uncertainty about futures that really are futures affect what may be a good choice for your enterprise. I find it a bit disturbing that consideration of Sun identity solutions is affected more by the length of time this acquisition is taking than in the real factors customers should use in such a decision process. Sun’s solutions are good ones, the people providing the solutions are very good at what they do, and it distresses me to see the company caught in the limbo of uncertainty and suffering for the wrong reasons as a result. This would be the case for any vendor caught in such a situation if the solutions they offer are viable and are likely to remain viable for a long time. I am not showing favoritism to Sun (just ask them, they’ll tell you they get bashed plenty when we perceive they’ve earned it), just stating a fact applicable to any vendor in this situation. If you must consider the future in your vendor choices (and you must) make them based on risk and informed likelihood, not artificially induced uncertainty.

Please let us know your views on this topic either way.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Ant says:

    In support of scenario 1 — if under other circumstances, & with a less complex product set — consider why CA continues to support both ACF2 and Top Secret.

  • Luca says:

    So, what do you think about Sun claims “to open sourcing all of its identity management software products by early 2011”? Is that, in your opinion, a possible scenario 3?

  • Earl Perkins says:

    the claim of open sourcing for IAM software products by early 2011 was and is pretty ambitious– the reality is probably a longer-term goal spanning 5 years or even longer, since there are a number of areas affected by open sourcing for the solution. Thought Oracle claims commitment to open sourcing, it isn’t fully clear at this time just how real that commitment truly is.


  • Jim Guinn says:

    My firm is Oracle Partner for both Apps and Tech – specifically an IdM Pillar Partner for a couple of regions as well holding the status with Sun as a Sun Principal Partner for IdM so we have a lot of practical – not analytical – experience with both platforms.

    We completely agree that Oracle is in the business to make money. FYI so is Gartner – last I checked you aren’t a non-profit. Also, we agree that Oracle will not be able to pull the plug on either identity platform they will own after the acquisition (OIM) or Sun’s (IdM) anytime soon – for many reasons including the ones stated in your post. Having said that there is one area you have not considered in your blog.

    What if they let the products live side by side for a many many years?

    Think about it – what have they done with PeopleSoft and JDE? They have evolved those apps in-light of having Oracle EBS. No one killed one for the other. Each identity solution can have a place in the Oracle family of products – if nothing else because they do not want to disrupt existing clients and their revenue stream.

    It is my opinion and I share that with our clients often – these products will emerge over time into a consolidated code base and all the common functionality they like (regardless of OIM or IdM) will be supported platform going forward. So, if you have a critical business need to implement user provisioning, access management, access certification or any of the identity management “elements” get moving and make a decision based on the products best fit and not speculation on which will emerge. If you don’t have a business need for identity solutions today and you have alternatives that help you meet any identity related business needs then don’t do anything just yet – see if the ORCL:JAVA deal actually happens.

  • Earl Perkins says:

    I’m not sure what the point was of pointing out we’re all capitalist pigs, but I hope we never implied Gartner was an altruistic open-source research firm. 🙂

    having said that, the opinion you put forward is actually the scenario that I tend to view as the pragmatic one, and perhaps i should be saying “at least 5 years” rather than trying to hone in on any one number for this consolidation to take place— if it takes place at all. The IT industry is no different from most industries in that we try to seek a practical answer that benefits everyone involved, including the client. This is what I meant above by highlighting that competitive strategy for Oracle might be enhanced with two weapons instead of one. And as my colleague indicated, even overlapping functionality in two products has a history of being maintained (e.g. CA, ACF2 and TopSecret) when it makes sense to do so.
    I’m just not 100% sure that’s what you’re saying in your response. First it sounds like we’re both describing the side-by-side theory, then in your last paragraph you make a good case for “consolidated code base and common functionality”, i.e. they practice some form of consolidation or convergence. The fact is we’re not in disagreement– including the fact that Gartner likes money as much as Oracle Partners do. :-/


  • Alexander says:

    Hi, all this sounds strange since Oracle already pronounced what they are going to do with SUN IdM and no guesses are needed :

    How will Sun’s Identity Management and SOA products fit into Oracle’s middleware strategy?

    Sun’s Identity Management and SOA products are expected to be integrated into the Oracle Fusion Middleware product family. Sun and Oracle’s Identity Management (IdM) and SOA products bring distinct and unique areas of strength. The combined products will benefit from increased R&D, rapid innovation, increased support for open standards, and a much larger ecosystem of partners and users. Oracle is committed to ensuring that the investments of Sun customers in middleware products are protected similar to what we have done for past acquisitions.

  • Earl Perkins says:

    I read the pdf, and it is tied up in discussions about technical and application architecture, not the disposition of products, the markets which they will serve, and the configurations of those solutions. it merely says something that would be intuitively obvious in almost all acquistions: we’re going to realize efficiencies of scale by having two groups of people that use to do different things become one group of people do those different things. there is also no timeframe on when this vision will be realized, whether it’s before the end of this year or this decade. Other than that, it’s pretty clear. :-/. And if this is an answer, why do we keep getting clients coming to us asking us the same type of questions over and over that aren’t be answered with this?

  • Dave Treece says:

    I agree that Oracle will not want to disrupt a revenue stream especially on a product line that they might not consider a “strategic” part of the acquisition. They will let the overlapping products run in parallel for some time. My concern is not whether they will support the product but how will they support the product. The name of the game in supporting these complex tools is human resource talent. Will the Sun resources who really know the product be willing to join Oracle? Will the old time WaveSet folks that are still around want to endure another take over? Will the implementers start migrating away from the solution to other products? If you were an implementer, what technologies are you going to train your consultants on? I think they will have a tendency to train their consultants on products with more defined roadmaps than ones with uncertain futures even if the uncertainty is a couple of years out. As a person who runs these tools, the last thing you want to do is put in a tool that takes 6 to 12 months and then a year later have to do a potentially complex upgrade.

    If the product is more of an afterthought for Oracle, then the chances are likely they will be too busy with other parts of the acquisition to put together a cohesive strategy on how they are going to align the products. With this uncertainty, I see the talent that supports this product gravitating to more defined pastures. I hope Oracle will quickly define their strategy, keep the talent, and keep putting money into the product so that it can stay viable and a good product decision for customers.


  • Earl Perkins says:

    Dave, I agree with you that how ongoing support (e.g. research, development, feature upgrades, etc.) remains a concern. If you have followed the evolution of Waveset into Sun Identity, you are aware that a number of those original planners and developers moved on to other projects (e.g. SailPoint). I agree the key though is how many that remain will be willing to join Oracle. I only have the data from Sun and Oracle clients as well as Oracle history to draw upon, and I believe the answer will be ‘enough’ for knowledge transfer to occur into a larger pool of R&D IAM folks– it’s one of the advantages Oracle does have, a significantly large pool of talented developers that can extend the product’s capabilities. For implementers, i believe coexistence is an easier environment to learn than migration, since they’re already (theoretically) familiar with both systems, particularly larger integrators. They would then have to learn how to develop migration use cases in addition to what they already know.
    Again, i agree with you in that I believe they will be pretty busy with the other pieces of the acquisition, hence my minimum of 5-7 years to really decide to do something as intricate as consolidating architectures. But if they did, in 5-7 years though who acquired Sun as their system of choice would be seeing upgrade options that led them to that consolidated system anyway, so acquiring the Sun product with long a lead time is less threatening than converting within 1 year. That’s of course IF this theory is correct. :-/

  • Although I am aligned with the opinion of “not much change any time soon”, I see some new support for the Open Source view based on some comments here. Presenting a list of plausible assumptions is probably appropriate to reflect on some of the previous comments and bring forward some new points on an alternative longer term strategy.

    1) Revenue is a key focus, or the board would walk
    2) The new hardware accounts is top of the pile for various short and long term revenue strategies creating a five year window where Oracle will not be focused on the supporting software benefits of Sun
    3) Even if it looked at the software, previous-JDE, Sun-MySQL, and Sun-Java are all higher on the list for strategy, so again, support for five years with no focus on the IAM stack
    4) There is precedent for current Sun talent to leave the local pool (re: Waveset heritage now at Sailpoint)
    5) Customers will make risk averse product decisions, even more so now, with the media surrounding this that dramatically increases hypothesis on worst case scenarios
    –Up to here my points are derived from comments above, and here I continue in another direction–
    6) Sun’s product achievements to date suggest the local talent is aligned with supporting the Open Source / Open Standards view
    7) At this point in the business cycle following a recession there are many, many more new small and medium sized businesses who will need IAM solutions
    8) A migration towards open source allows the talent to stay engaged (directly at Sun or indirectly with new contributing Partners), and opens the target market to smaller, medium sized businesses (a revenue strategy that Oracle might permit Sun to pursue almost independently)
    9) Open source development reduces the risk of ongoing support (anybody can establish commercial support easily if required) and feature development, in much the same spirit of MySQL, a model that Oracle can continue to build on, similar to Innobase perhaps
    10) It may additionally bring Oracle closer to some other strategic plays or alliances (i.e. Cloud Computing which may be aligned with open platforms like EC2 and Eucalyptus but faces IAM stack challenges)
    11) Oracle could use some image support in the Open Source space, in much the same way IBM and Sun have improved their own image in the last decade. Few executives realize Oracle has been a top 10 Linux kernel contributor, ahead of Google and behind IBM in March 2008.