Oracle’s New Audit Approach: How Should ITAM Teams Prepare?

In this podcast AJ Witt from The ITAM Review is joined by Michael Corey & Dean Bolton from LicenseFortress and Art Beeman and Joel Muchmore from Beeman & Muchmore. We discuss recent changes in Oracle’s approach to software license compliance audits, the reasons behind this, and what ITAM teams should do to ensure that they’re prepared.

Introductions

AJ Witt:
Hello, everyone. Welcome to this podcast from The ITAM Review, our subject today is the changing vendor audit playbook, looking specifically at Oracle, but also more generally as well. We’re joined today by Art Beeman, Mike Corey, Dean Bolton, and Joel Muchmore. Art and Joel are from Beeman & Muchmore, and Michael and Dean are from LicenseFortress. You may have heard from this crew on a podcast we did at the backend of last year as well, so we got them back around, because actually, we had a really good conversation, and we managed not to get sued as well, which is always a bonus in these situations. And also, congratulations to Beeman & Muchmore, you’re one year old this week, I believe?

Joel Muchmore:
Yes, we are. Thank you.

Beeman & Muchmore’s Anniversary and Oracle Audit Tactics [00:01:00]

AJ Witt:
Fantastic, great to see a change in… I read that really interesting email from you around this kind of micro approach to legal services coming off and packaging off very tightly packaged services around a specific area, so more to see, and something we at The ITAM review are going to be looking more at over the coming years as well, is the legal side of software licensing, and audits, and so on. So coming along, we’ve seen the Oracle’s audit tactics have changed in the past year or so, and I’m wondering, well, our first question here is, why is this? And how should you prepare for an audit with Oracle? And what might it mean for audit behavior from other vendors? And I suppose the best place to start here is, what was Oracle’s audit playbook used to be like? I’m sure many of our audience have been through it, but how did they used to play this game, Joel?

Joel Muchmore:
Well, it followed a fairly predictable script and playbook. So Oracle would come in, they would announce the audit, there would be a very routinized audit kick-off, you would then move into a manually completed Oracle server worksheet, multiple scripts would be run, there might be some negotiating back and forth, as to what scripts were run or not. They would land with an audit report that would invariably have precipitous licensing shortfalls.

Oracle’s Previous Audit Process and Shortfalls [00:03:00]

AJ Witt:
Yeah.

Joel Muchmore:
There were a handful of different ways those shortfalls might come about, it might be in disaster recovery, it might be in the use of VMware, BIOS core disabling, but there was a relatively predictable bundle of different things that Oracle would argue. This would shock the licensee into, “Holy wow, didn’t realize we were looking at six, seven, eight figures worth of under licensing right now.” And then they would begin negotiating against it.

AJ Witt:
Yeah.

Joel Muchmore:
And that would always land with really one of three different things. You would have just good old cash, you would pay, increase your revenue stream, and pay for back fees. It could take the form of the cloud credits, where they would come in and give you great discounts for these steep under licensing allegations with, “Purchase some cloud credits.”
“We don’t want cloud credits.”
“Take them anyway.” And that would become part of that discussion.

Negotiation Tactics: Cloud Credits and Agreements [00:04:30]

And then they would put in place, in some instances, more restrictive agreements. You would come in, there might be old legacy agreements that were very vague on certain issues, and they either could come up and replace those agreements with more modern ones that were more favorable to Oracle, or even just put in extra contractual agreements, perhaps moving in some of their partitioning policy, or other policy statements, or representations regarding how the VMware environment would be structured, but just anything to kind of put a tighter straight jacket around the licensee. And look, any particular audit might have only a few pieces of this, but all those together formed a relatively stable and concretized playbook that we saw multiple times.

AJ Witt:
[inaudible 00:04:28].

“Audit, Bargain, Close” Approach to Oracle Audits [00:05:00]

Michael Corey:
I just want to interact there, I think they take a playbook from the old sales acronym, ABC, always be closing, in the case of Oracle, it’s audit, bargain, close. Audit you, get us to throw a really big number at you, offer you a bargain, and then close. So we think we found 80 million, and we’ve heard numbers much larger than that quite a few times, so $10 million to make this problem go away, and then as Joel said, they’ll offer you this deal, and just like the car sales friend, “Hurry up and sign while you can get it.”

AJ Witt:
Yeah.

Art Beeman:
And just to underscore here, because it really establishes the atmospherics of any of these discussions and the negotiations, to borrow from the vernacular, maybe the military vernacular, it was a shock and awe approach, in other words, when they come in, and you are on your heels as a customer from the start, that suffuses the entire process going forward, because in a manner speaking, the customer is recovering from that shock and awe throughout the process.

Oracle’s Shift to Unpredictability in Audits [00:05:47]

AJ Witt:
Yep. Great. Okay. And so what’s changed now? What are you seeing that’s changed in the last year or so?

Joel Muchmore:
Less predictable.

Michael Corey:
[inaudible 00:05:47].

Joel Muchmore:
Go on.

Michael Corey:
No, no, please. Go, Joel.

Joel Muchmore:
Less predictable. Just as a matter of course, you never know where the football’s going to bounce, but you used to be able to kind of say, “There are certain issues that are not really going to be an issue. 30 days to correct it is in the contract.” We used to counsel clients, the 30 days isn’t really an issue, you are unlikely to hear about that. Now, clients are hearing about that 30 day timeline almost instantly, and we’ve actually had some audits that got hairy, because it looked like they were going to go right up to the wire, and Oracle was at least threatening to start issuing termination notices.

Termination notices are coming out a lot more frequently than we used to see them. They used to be a rarity, Mars versus Oracle, we didn’t see one for three years after that. But these days, we’re seeing them much, much more frequently, and the things we might be able to negotiate in the close, whether it’s certain kinds of releases, they used to be more generous with the releases, Oracle has just tightened up its legal, and anything that you pry out of them these days can really be a fight.

Changes in Oracle’s Legal and Contract Tactics [00:07:00]

AJ Witt:
Right, I see. So there seems to be a bit of an arms race going on, maybe we’ve all got quite good at defending Oracle audits, and there seems to be less, as you say, less leeway for maneuvers and negotiations, so perhaps they’re… What do you think is behind this? I mean, there’s been a few things that have gone against them recently, I’m thinking of Supreme Court, Oracle versus Google, being probably the big thing around the APIs, and also the ongoing litigation around JEDI as well, the defense contract. Anything else there to add as well, or to add a bit of color around those two points?

Joel Muchmore:
We definitely thought they were on their best behavior while Oracle v. Google was going on, because-

AJ Witt:
Yeah.

Joel Muchmore:
To expand their copyright in a licensable issue like Java, I mean, the havoc that Oracle could reap with that if they had won, would’ve been just cataclysmic. So we always assume they were on good behavior, and ready to lift that good behavior if they lost, but then there’re the other two matters that you would also think they’d be on good behavior for, Sunrise firefighters, and the JEDI one. So that’s a little unpredictable there, as to what exactly they’re responding to. One of my best guesses is that first, they had shock and awe, now the market’s somewhat saturated, with our writings, LicenseFortress, the work that ITAM is doing, and perhaps they’re just like, “Got to shake it up again. People were becoming complacent with what our playbook was, so we changed the script, so nobody waltzes us in thinking they know what we’re going to do.” And to reintroduce the fear and uncertainty.

Oracle’s Response to Recent Legal Issues [00:10:00]

AJ Witt:
Yeah, I see, I see. I mean, one of the things that did come out in the last two years or so, I think, was there’s a new audit clause in new contracts for Oracle. They’ve tightened things up around that, around having to use their scripts, and various other things. Could you talk about that a little bit, and as to what’s involved there?

Joel Muchmore:
Yeah, absolutely. Basically, there are three elements in the new audit clause that I think are notable, one of them, as you exactly say, it specifically says that they can run scripts, I think the exact language is data measurement tools. And I always thought that was a response to a couple of matters they had lost over in Europe, where they tried to get a licensee to run scripts, they refused to, took it up to court, the court said “Absolutely not, it’s not in the contract.” Lo and behold, two years later, we find it in the contract now.

AJ Witt:
Right.

Joel Muchmore:
Really tightened up the non-disclosure, it used to be whatever Oracle states is confidential, is confidential, and cost information, but they put right in the contract now that anything around the audit, whether we brand it as such or not, is going to be subject to the confidentiality provisions. We’ve always thought that is a crucial part of Oracle’s playbook, is to silo everybody as much as possible. So are they prepping to start attacking people for confidentiality? I don’t know yet, but there’s certainly a ratcheting up the concern to have people discussing their audit experiences with each other.

Impact of Oracle’s New Audit Clauses [00:12:00]

AJ Witt:
Yeah, I see. I mean, that feels really anti-competitive in a way. And that would affect us, because we want to encourage people to share their audit experiences within the community. That’s just fundamentally a fair thing to do, is to know how to legally take on these large organizations, who are perhaps being sharp with what they’re doing, and obviously, have far more power in any expectation, any relationship in fact, they are far more powerful than almost any organization, I would say. I’m sure there would be the case that there are very few large corporations out there who’ve got the in-house legal experience to be able to take on Oracle on their own terms, in their own contracts.

Dean Bolton:
Yeah, but I mean [inaudible 00:10:56], one of the things that we’d like to point out is that we never want it to get to this point, we think it’s fundamentally unfair the way this happens. Oracle has products that a lot of them are fantastic, we think they’ve spent a lot of time, and effort, and money in developing them, they should be able to charge whatever they want in there. But the customer should be able to make a determination about whether that price fits for them, it shouldn’t be this unknown, like, “We went in, we thought it was going to be 10,000 euros, it ends up being a 100,000 euros.” That’s the part that’s unfair around it. And so a lot of the time it’s helping customers understand how to keep these within what they purchased, how to make the best use of what they purchased, and how to avoid these issues, and if you do that proactively, then a lot of this stuff down the road about running the scripts and the contractual language in there, the 30 days to cure audits kind of goes away, because you’re now using the products in a compliant and optimized manner, which I think is really what customers want.

How Proactivity Can Help Avoid Audit Issues [00:14:00]

AJ Witt:
And yeah, I-

Michael Corey:
And by the way, when you take that burden of an audit off the table, they become very happy customers. Because as Dean said, and I agree, I’ve been working with Oracle for 36 years, it’s great technology, it’s rock solid, it does the job, but when you hire a contractor, and they tell you the cost to build the addition is 30,000, and it’s $80,000, or $160,000 a year later, you have a problem. And so really, once you take that burden away, they’re very happy customers, and don’t want to go anywhere.

AJ Witt:
Yeah, I would echo that experience as well. We had Oracle, and then SQL Server, where I was working, we had DBAs in both those teams, they generally preferred Oracle, but they ripped Oracle out because I’m an audit. It’s a very strange tactic, it’s almost like Oracle don’t need to be evil [inaudible 00:12:56] way. It’s that sort of, “Well, you are the best in town, so why do you have to be so aggressive with your audit practices? Surely there’s a better way.” And I mean, we see this from other vendors, we see IBM coming along with the IASP Program. They should really have another acronym for that, because it’s really difficult to say. But IBM have recognized that audits are a problem for their customers, and they’re bringing forward this program whereby you can engage with one of four partners over it, and manage those licenses, and actually make the audit thing go away. There are pros and cons of that approach as well, but Oracle just seemed to prefer the confrontational litigation approach.

Michael Corey:
But think about this, Oracle’s gotten so big they can’t really grow through acquisition anymore. There’s only so many companies you can buy, only so many companies you can assimilate.

AJ Witt:
Yeah.

Michael Corey:
They’re struggling from organic growth, and so then you look at the audit barrier, it’s really easy, because most customers don’t realize, in a copyright infringement, the burden of proof is on them.

AJ Witt:
Yeah.

Oracle Audits and Revenue Growth Challenges [00:16:00]

Michael Corey:
So an Oracle audits you, customers are always shocked to find out that they have to prove that they have the license, and they have to prove they were using the license in accordance with its terms, it becomes an easy way to generate revenue. And let’s face it, they’re a transaction engine, they’re about revenue, and, “Oh my god, every time I audit, I land…” And then, they put these policies out there, and they look at people like they’re actually contractual obligations, and customers voluntarily just overpay for the software.

AJ Witt:
Yeah, yeah.

Michael Corey:
And by the way, Oracle’s not the only one doing this, just to be clear, this is the bad boys of technology, and bad girls of technology.

AJ Witt:
Yeah, yeah. It’s a good point about the organic growth, I mean, yes, they aren’t growing. I guess one area where maybe things are changing, could we touch a little bit on Oracle Java, and advances in that area, and things you’re seeing maybe in the market from audits starting around that, and litigation, and so on?

Dean Bolton:
Yeah, I mean think that’s a great point in there. Oracle announced four years ago that they were going to change their contract around Java when they acquired it from Sun two years ago, in April of 2019, that change took effect. And what we’ve seen is Oracle being, as Art and Joel mentioned, fairly on good behavior around that during that timeframe. They had Java sales teams that would contact customers, inform them of the change, try to work with them to work on subscription deals, and it was pretty cordial, informal, but all of that has changed. And really, it does seem like it was tied to the Oracle v. Java ruling on April 5th, because the week before, it was one tactic, and the week after, literally, it was a very different experience for some customers that we’ve been working with-

AJ Witt:
[inaudible 00:16:07].

Dean Bolton:
And they’ve been much more insistent, much more aggressive around there. To date, we still have not seen anyone be formally audited for it, it’s all from sales, and threats around that, but they are becoming much more focused on that for growth, and going forward in a very aggressive manner.

The Shift in Oracle Java Audits [00:18:00]

AJ Witt:
Right.

Art Beeman:
I think an important distinction that should be made is the one between the product, and the intellectual property. The product, no question, as Mike, and Dean, and Joel underscored, is a very, very good product, and one would think, “Wow, just ride the wave of a successful product, the product that the market wants, and you’ll be where you need to be.” But there’s another component to it, it’s the intellectual property. The aggression can be attached to a business decision as to how we’re going to protect our intellectual property, because that’s really what these licensing agreements are about. They have the copyright, they want to protect the copyright. And I think that in a larger manner, it’s historically been the case with Oracle, you saw it in their litigation against SAP some years back, the case they took all the way up to the Supreme Court with Google, and the intellectual property interest they asserted there.

Oracle’s Focus on Protecting Intellectual Property [00:20:00]

Art Beeman:
The bigger picture here is, Oracle’s very aggressive, very assertive, and at times, audacious, and even brinksmanship surrounding their intellectual property. That’s what they’re trying to protect here. And in their view, if you send the message out in the market that we take our IP very seriously, and they’re not alone in that, there are companies that establish that sort of business philosophy. On the other side of the coin, and Joel and I know this as IP litigators, there are some companies out there, not necessarily even in the software space, and their view is, “Hey, look, you assert intellectual property against us, you’re going to have to take it all the way up to the Supreme Court to get us to ever pay.” And that’s their business philosophy, in terms of intellectual property cases, assertions against them. Someone decided in the corporate suite, “That’s the best way for us to go about doing our business and surviving in the market.” Oracle’s view, I think it’s quite transparent, and I think it’s going to accelerate, for many of the reasons that Joel, Dean, and Mike pointed out, is that “Okay, now, the Supreme Court and the Google case didn’t buy our argument, but that means the horses can come out of the barn, and we’re going to do our thing now, and we’re going to make sure that the market appreciates that, it’s our IP, it’s our copyright, and for that matter, patents, and I’m sure in other spaces, we will protect them.”

AJ Witt:
Yep. Yeah, so it’s very much sending a message. And I guess the next question is, how should we respond as IT asset managers, and people responsible for managing this risk from Oracle software? What do we need to do, maybe that we need to do differently to what we’ve been doing before?

Proactive Approach to Oracle Software Risks [00:22:00]

Dean Bolton:
I think that the biggest thing is that you have to be proactive, you cannot be like an ostrich, and just put your head in the sand, and hope that you’re not going to get caught up in it. The dollar figures around it, especially from Oracle, even with Oracle Java are just too great that if you take that approach, at the same time, you’re probably going to be updating your resume, or your CV. So I think it’s one of those things you just can’t assume it’s not going to hit you, and that you can just hope the problem goes away. So you need to be proactive on that, and I would say, these are complicated tasks, as we’ve mentioned, the landscape is changing all the time. So I would say, it’s almost unfair to try and put this on your internal IT team when they’re trying to manage the day-to-day operations for the business.

AJ Witt:
Yeah.

Dean Bolton:
You’ve got to worry about high availability, business continuity, performance, all of that stuff, and then you add in these legal contracts, and all the intricacies there, the software license rules that change on a regular basis, negotiations in there. That’s a huge burden to ask for any group, aside from maybe the largest companies out there. So I would say, you’ve got to be proactive around it, and reach out to groups that are experienced in that. We’re biased, we have some recommendations on for what groups to reach out for, but there are a lot of good firms out there, and I would say, that for all customers, it’s those two things: be proactive, and get some help.

Responding to Oracle Audits: Proactivity and Legal Counsel [00:24:00]

AJ Witt:
Because this is very much something that is going to happen, and it’s nothing personal, I mean, as I understand it, this isn’t really Oracle using some intelligence and thinking, “Oh, we’re going to go after those guys.” It’s just, you’re on the merry-go-round, you are next in line to be audited, and maybe it’s associated with the ULA, or with a contract renewal or something, but it’s nothing personal as such, it’s just what they do. Right?

Art Beeman:
That’s absolutely correct, yeah.

Joel Muchmore:
They’re definitely metrics that might goose you or flag you, and like you say, certifying off of the ULA, or ending tactical support streams, anything like that, but that just kind of ups your odds a little bit, as you say, you’re on the carousel, and it’s going to stop on you at some point, there’s no doubt about it. And I want to second what Dean was saying about the proactive approach, that’s absolutely right, and sometimes, that work needs to be done at the time that you want to do it the least. You’re closing up your audit, everybody is fatigued, you’re on your seventh round of negotiating very specific terms on the contract, not the time to fold up your tent and accept it, you’ve got to keep on pressing it all the way through to the conclusion. And then even after that, organize your contracts, put them in a central repository, be sure that you have somebody eyeballing that you are doing your contract, both at the technical level, as well as with any other reporting level.

Ongoing Maintenance and Audit Readiness [00:26:00]

It is going to take both the proactive and ongoing maintenance at all, both technical and legal levels, so that when the merry-go-round stops at you, you’re like, “And here’s what I’ve got.” And you can present it to them in a neat, clean, and organized fashion, and going right back to what Mike and Dean said at the very beginning, at that point, Oracle has happy customers.

AJ Witt:
Yeah.

Michael Corey:
Well, and even more importantly, if your contract’s got a URL link to someplace, print it off-

Joel Muchmore:
Yeah.

Michael Corey:
The processor table, one year changed, I think it was three or four times. Well, if you didn’t print off the right processor table in your contract, and you get audited, and you go all of a sudden print it off, now the deck’s stacked up against you. And the other thing is, that there is a legal aspect to this, this is not a job, in my opinion, for in-house counsel. There’s just so many twists and turns from these software vendors who do this day-in and day-out, that you have to have that trusted advisor through the process.

The Importance of Printing Contracts and Legal Expertise [00:28:00]

And the other thing that really I found disconcerting, we were having a conversation one day, is this whole concept of downloaded contracts, whenever you install software, it presents you a contract-

AJ Witt:
Yeah.

Michael Corey:
And people just say, “Accept.” And I asked the question of Joel and I, and I said, “Well, what happens if one day Oracle put in there, you must use their script during an audit? And the DBA just clicked it, would that be upholdable?” And the answer I got back, the short answer was, “Yes, if you don’t question it right away, or push back on it right away.” Well, Oracle’s a reputable vendor, we don’t like their tactics, but like Microsoft, they’re a reputable vendor, they’re not trying to pull that game. But not all these software vendors are reputable. There are vendors out there that are purposely putting things in these downloaded contracts to set customers up for problems in the future.

AJ Witt:
Yeah, it’s a very good point, the contract enforced is the contract that was enforced when you made the purchase, and Oracle and others aren’t like Microsoft where they have… I mean, Microsoft have an archive, product terms for every single month, so if you bought it in month three, you know what terms apply to your licenses at that point. And they change very frequently, they’ve got a lot of products, of course.

Contract Changes and Legal Considerations [00:30:00]

AJ Witt:
So it’s a very good point of getting those contracts centralized, basically, knowing what you’ve signed up for. I mean, I think this is probably the crux of the matter, is, it’s very easy for procurement to go off and do a procurement-led approach to buying Oracle, and maybe not pay enough attention to the… Or really to comprehend what’s there in that contract. And you also touched on in-house counsel, not necessarily being software, IP experts, I mean that’s obviously something that I’m sure Art and Joel would agree with, but I think it’s a general point. They’re probably more interested in defending their organizations against probably bigger macro threats I imagine, customer litigation and so on, rather than things in a business-to-business world.

Joel Muchmore:
The learning curve is just so steep, I mean it’s both something you can’t learn by just being out and reading a few articles here and there, and then the specifics of it, the context of it is just so unique to every vendor, it’s not that an in-house counsel couldn’t pick it up after a few years, but that they’ve got other stuff to do. And then that goes back to both what we are doing, and what I think other law firms are doing too, we’re saying, “We’ve got a small piece of your puzzle. In this case, it’s Oracle licensing and other software licensing, we unbundle it from everything else, and then plug us in, so we can provide that one small bit that you don’t have the time, or really the inclination, or the need to learn.” That is an interesting trend here that we’re paying a lot of attention to, and that we’re really happy to be part of. We offer a small thing, plug us in, let us go-

The Importance of Context in Contract Terms [00:32:00]

AJ Witt:
Yeah.

Joel Muchmore:
And it’s an interesting new model that we’re very excited about.

Michael Corey:
What I was underscoring was the importance of context, in other words, when you look at a contract, what do the terms mean? It’s the context in the technology space, the industry space, and terms mean what they mean from the standpoint of the history of the document, and what other parties signed up for, and perhaps even related adjudication. And that’s why in this instance, the experience and expertise is so important, because that’s what Dean, Mike, Joel, and I bring to the table. We know that context-

AJ Witt:
Yeah.

Michael Corey:
And we get right to the issues.

Contracts, Context, and IT Asset Managers [00:34:00]

AJ Witt:
It’s a very good point. This is really a question for the audience when they’re listening to this podcast. I know that I was trusted as an IT asset manager to read a contract, and to think, “Oh yeah, that looks all right.” And to sign that contract, effectively to sign that contract, or at least to tell my boss to say, “It’s okay to sign.” Over a certain value, they went through legal, but not always. And legal would quite often just probably just do a very high-level standard contract kind of… I guess there’s a checklist of what they go through to have a look at, and court of law, and so on. I wonder also, for IT asset managers out there who are listening to this, how many of you are actually trusted to go, “This is okay.” Almost being seen as part of your job.
We’re not lawyers. No, we may be procurement people, or maybe technical people, but we’re almost certainly not lawyers as IT asset managers. And it’s a good case in point, we would go out and talk to managed service providers for some technical aspects of what we do, and surely, it makes sense as well to go out and get this legal counsel approach to particularly these very big contracts. These are big multi-million pound, euro, dollar liabilities, that we are potential… Or risks that we’re managing here. I certainly remember having sleepless nights around certifying our ULA for example, and being trusted to make big decisions about things that I thought were way above my pay grade. I guess that may be a thing elsewhere as well, so this is where this is coming from, the idea that, yes, you can go and get this as a service to help you with these big decisions.

LicenseFortress’s Comprehensive Approach [00:36:00]

Michael Corey:
I guess I’d add to this that when we designed LicenseFortress, what we saw was a flaw in how people were handling software license compliance. It’s not that the average SAM tool isn’t good, it’s the fact that a lot of times you go into large organizations, and they’re struggling with how to use the SAM tool. And so since they’re not using the tool correctly, it’s not gathering the right information. And the problem with the SAM tool, the just having a SAM tool was, “Yeah, I had an inventory of what I had, but it doesn’t mean I know how to interpret that against the contract.” Then we looked at the license consultants, and they understood contracts, but did they understand the context of dealing with Oracle? Did they understand the context of how it equates to technology? What does it mean when Oracle changes the rules on hyper-threading? Do they understand that a hyper-thread is about 20% improvement over a regular processor?

AJ Witt:
Yeah.

Michael Corey:
So you had to have that combination of technology, contract expertise, and then legal expertise. You have to have legal expertise as a backbone, and it’s the three of them working in tandem. But then the other problem was, they looked at it as a point in time, before we came along, the rule of thumb was you came in and you did your annual audit, they patted you on the back, you fixed the problems, and everything was okay. Well, but here’s the problem, your DBA goes to download a piece of software, and they get a legal contract, and they see something that bothers them. Do they have access to somebody that can answer that question? So we decided to make it a service, you’re getting ready to deploy a new technology, and you want to understand it in the context of the legal, and the technology piece.

The Importance of Proactive Service in License Management [00:38:00]

And so what we realized was, you have to have that proactive relationship, 365 days a year, where you’re not worried about the meter running, so you’ll come to them with questions, no matter how small, because little things can become big problems if you don’t deal with them correctly.

AJ Witt:
Yeah, I completely agree. I can remember going back and forth, not so much on Oracle, but on SQL Server, around just that very point, around hyper-threading, what’s a virtual core? What’s the virtual process of things like that? And it’s the kind of question that you needed to finish an answer on, because in SQL Server world, that’s double the price, it’s a big change, and it’s difficult to interpret. And if you’re not doing it every single day, then you don’t have the expertise around it. I think that’s the thing. We often say, look at your contract, go and talk to the vendor, get it varied to meet your terms. Is that really realistic with Oracle? If you’re signing up for a new ULA, can you really get them to vary their terms in your favor these days?

Negotiating Oracle’s Terms in New ULAs [00:40:00]

Joel Muchmore:
Yes and no. Some parts of it are etched in stone, might as well be the Rock of Gibraltar. But other sections, more on the periphery, the ones in the margins, you can work with them on. And whether it’s the integration of other materials you can carve out, you can carve, as you’re exiting ULAs, certain kinds of releases, certain kinds of no-audit provisions going forward, there are absolutely things on the margins that you can do, but there are things that you cannot. It’s really both a case-by-case matter on what the topic is, what the software is, what kind of contract it is, and also who you’re dealing with. And as we all know, Oracle just closed their fiscal year, lots of deals get made in the 72 hours counting down, and-

AJ Witt:
Yeah.

Joel Muchmore:
Miracles are performed at that time that aren’t going to be performed again until the end of the first quarter of this next year.

Key Contract Terms: Risk Allocation and Legal Protection [00:42:00]

Art Beeman:
Encounter the Rock of Gibraltar that Joel described when you get into any contract terms and issues related to allocation of risk, real risk. Something goes wrong, where do the consequential and incidental damages to the customer land? Things that if they gave on that, it could change the very face of the market for them in their interactions and deals with other customers.

AJ Witt:
Yeah.

Art Beeman:
So the one way of viewing it is, the greater the risk, the greater the goal on the part of the customer to reallocate those risks, the tougher the terrain will be.

Michael Corey:
And then I’ve heard Dean say this numerous times, so I just want to make sure that… And you made this point lots of times, Dean, which is, don’t go to the vendor for answers on how to use their software. Because Oracle’s going to quote Oracle policy, and

also Oracle policy many times is going to do is artificially inflate the cost. So the vendor’s not the right place to go to get an honest answer on how to use the software legally.

Vendor Policy vs. Legal Expertise [00:44:00]

Joel Muchmore:
[inaudible 00:34:02] oh, go on, Dean, please.

Dean Bolton:
I was going to say, that’s absolutely correct, Mike. It’s unfortunate, but they can tell you about the features in this case, but how to do the licensing, that’s not the right source of truth for any customer.

Joel Muchmore:
And it’s a sad fact that you don’t want to disclose too much to Oracle, and we often counsel people to say, “Beware of that overly friendly sales associate, because they’re recording information, they’re writing things down, and it gets sent back to license management services. Not all the time, there’s not a one-to-one to it, but information does have a way of traveling about, and coming back to bite you when you think you’re just answering innocent questions.”

AJ Witt:
Yeah, absolutely. And that’s the case with other vendors as well, and it is difficult to get that definitive view on license rights, and license allocations and so on. You can talk direct to the vendor, well, you’re going to get one answer there. You may talk to a reseller who maybe give you a slightly more customer-focused answer, depending on where they are in their sales cycle and so on. But for the definitive answers, you need experts, you need the guys on this call, you need expert training that we offer as well, and so on. So it’s really about building the expert knowledge, and actually, even then I would imagine there’s still so much gray in these contracts that there’s always room for interpretation, and movement as such.

Final Thoughts on Contract Hygiene and Expert Knowledge [00:46:00]

Art Beeman:
No doubt. No. Another way of viewing it is that, we try to emphasize with our clients the importance of just good contract hygiene, collect the documents, know what constitutes the contract. I can’t tell you how frustrating it is when you’re working with a client initially, and you asked him for something that you would think would be pretty straightforward, “Hey, send me the stuff that relates to the contractor, constitutes the contract.”
“Well, we’re having problems finding those documents.”

AJ Witt:
Yeah.

Art Beeman:
That’s going to be an even bigger problem then when you’re in negotiations with a vendor.

AJ Witt:
And these are things, of course, that go back 20, 30 years, Oracle’s a mature product. So you may have signed your initial Oracle agreement last century, and that’s going to be on a piece of paper somewhere, in a filing cabinet somewhere, in an office where you probably aren’t there right now even. So it is a general problem for IT asset managers, it’s probably the dirty secret almost, in the sense that, we do really good stuff around discovery with tools, and running scripts, and understanding what our environment looks like, and that’s only one side of the equation. We are not great at gathering entitlements, and understanding what those entitlements are. It’s an area where we could certainly see improvements, because you’ve only got one half of the equation otherwise, you don’t have the details to know whether you are compliant, non-compliant, and what the size of the risk is.
So something for another topic maybe. So to summarize today, first up, thank you everyone for listening, and thank you to all of our expert speakers. Oracle have changed how they’re doing audits, they’re becoming a bit more aggressive, they’re becoming quite more focused on terms, a little less leeway on these things. And the key is to be, as always, is to be prepared, to expect them to come knocking, and to expect them to perhaps to be trying to accelerate that process using the new audit clause, and being, as well, quite focused on time scales.

Closing Remarks and Acknowledgements [00:48:00]

So there’s lots to get prepared for here, I think. Do expect a change in Oracle’s behavior towards your contract. So probably now is a very good time to start looking at those contracts. Thank you to Dean and Mike from LicenseFortress. Thank you to Art and Joel from Beeman & Muchmore. LicenseFortress and Beeman & Muchmore work together on Oracle licensing, feel free to go and have a look at their websites, and see what they get up to. And as always, The ITAM Review is here to help you with all things Oracle and indeed, any other licensing as well. So thank you for listening, and thank you everyone for participating.

Joel Muchmore:
Thank you.

Dean Bolton:
Thank you.

Michael Corey:
Thank you.