audit changeDoesn’t Oracle ever learn? The tighter their grip on their customers, the more those customers will slip through Oracle’s fingers and find themselves to non-Oracle products and clouds.

After 35-plus years Oracle has made a change to their contract audit clause designed to force you to put your sensitive information in Oracle’s hands, and ultimately find non-compliance that could be used to force you to Oracle’s cloud.

Recently Oracle added language to their contracts saying that you agree to “the running of Oracle data measurement tools on your servers and providing the resulting data to Oracle”.

On the surface this looks like bad news for Oracle customers because you are contractually agreeing to their tool and handing over the data. This provision was never in Oracle contracts before. Dig a little deeper, however, and you can use this change to your benefit.

Is Oracle trying to push you to their cloud?

Clearly (or maybe not so clearly) Oracle is desperately trying to get you to their cloud, whether you want to go or not. Oracle’s customers, rightfully, have always pushed back on Oracle’s non-contractual, and often ridiculous, audit claims by their LMS/SIA/GLAS teams. (What’s their name today??) Now, Oracle is trying to make it more difficult to push back. Their strategy is clear. Audit you, find non-compliance, then move you to the Oracle cloud. Audit. Bargain. Cloud. We’ve been talking about it for years and this is another attempt by Oracle.

Why is this good news for you?

First, my guess is that 99.99% of Oracle customers do not have this language in their contracts. For those 99.99% of Oracle customers with the older audit language, Oracle just admitted that you don’t have to run scripts when you are audited!

Think about it. If your existing contractual audit language required you to run Oracle’s tools, then Oracle would not have made this change. Oracle gave you an easy out. We always recommend that clients not run the Oracle tool unless you know the answer first. After all, audits are supposed to be transparent and not in a black box somewhere in Romania.

Oracle’s new move makes it so much easier to follow the Palisade audit process, push back on Oracle, take control of the audit, and avoid penalties.

Why wouldn’t you just run the Oracle tool?

I’ll give you two reasons to start with. Firstly, and probably of the least importance (if you can believe it) is that because Oracle licensing is not black and white, Oracle can take that information and say almost anything in their results. Oracle doesn’t stick to the contracts. They can make non contractual claims of non-compliance through “rules” about virtualization, claim that random “policies” cover your licensing in a non-Oracle cloud, etc. The list goes on and on.

Secondly, and of even more importance is that the Oracle tools pull very sensitive information and leave it in an unencrypted format. Examples include usernames, IP addresses, your customer’s order information, etc. In fact, previous versions of Oracle’s tools collected passwords and runtime ports. That’s right. Passwords left in plain text! Who knows what Oracle will put into future versions of their tools? User beware!

There are plenty more reasons to avoid Oracle’s data collection vacuum but the first two above should be enough.

What should you do now?

First, if you are being audited and you have the old language, use it to your advantage! There is no reason to run Oracle’s tool now. Palisade is already deploying this strategy successfully.

Second, avoid the new language. At Palisade we have created alternative language that protects you from Oracle. Remember to negotiate everything in your Oracle contract. This is another thing to negotiate and push hard with Oracle. Again, use it to your advantage in the negotiation. Can you imagine that conversation with Oracle? “So, you want me to agree to run software on my most sensitive servers that could bring down my network and hand confidential information over to you? Oh, and I can’t see the software because it could change in the future?” I think that’s a NO!!!

Third, if you are going to run the tool, make sure you know the answer before Oracle. Again, Palisade can interpret all the output, compare it to what’s in your contracts, and help you defend yourself from Oracle. I will state with no hesitation that Palisade will interpret your usage and contracts far more accurately than Oracle will.

You have ultimate control!

Once again Oracle is making a contract change designed to make your life, and your Oracle relationship, more difficult. The good news is that you still have ultimate control over this process and you can use it to your advantage. Don’t let Oracle control the process, methodology, or results. It’s your data and your usage and you own it!

Oh, one more thing, Oracle isn’t making this change very well known. They are sneaking it into their agreements in the most innocuous ways. If you’re doing any business with Oracle be careful, and call Palisade Compliance!