A question we often get asked is, “How does Oracle know about our latest technology roll-out?” Have you ever wondered how Oracle seemed to know all about your organisation’s internal workings, requirements, and future projects when you neither directly shared with them, nor were they party to any of the discussions?
Even more alarmingly, how did they know you bought new non-Oracle hardware, deployed non-Oracle virtualisation, or that you’re moving to a non-Oracle cloud or third-party support provider?
These are really good questions, with many possible answers. A common denominator is that Oracle is adept at obtaining intel about your business. How is this possible, when sometimes you don’t speak to anyone from Oracle for months?
Triggers that can alert Oracle
Oracle has multiple touch points within your organisation. These can be triggered when, for example, someone from your organisation:
- is investigating the functionality of a product or programme for a new project
- is re-platforming or refreshing hardware
- attends an Oracle product or services seminar
- attends a non-Oracle product or services seminar
- shares via social media their attendance at an event held by an Oracle competitor
- is renewing and/or negotiating Oracle support; or
- an Oracle unlimited licence agreement (ULA) is coming to an end.
Oracle can also be alerted about your intentions by chance, such as the awkward situation one of our clients told us about recently, when both Oracle and a competitor of Oracle’s arrived at the same time in their reception area, for different meetings.
Other sources Oracle can obtain information from include:
- Managed service providers. You may have one or many of these engaged within your ecosystem. They may be unaware of licensing implications when providing their services to you.
- Oracle partners and resellers. You may also have one or many of these. They usually have Oracle’s and their own interests at heart.
- External licence services providers that are not fully independent.
- Contract negotiators. These can be employees or individual contractors. They may not be fully versed in technicalities and complexities of specific Oracle licensing implications such as virtualisation or product migration paths.
- Oracle’s own License Management Services (LMS) and/or Software Investment Advisory (SIA) teams.
- Project teams. These are often excited by the project and the shiny, new products and features, rather than licensing implications.
- Database administrators or developers. These often download products/updates, and may be unaware of the need to “untick” options.
- Procurement/commercial/legal teams/business owners.
How to minimise your exposure to Oracle
Oracle can take advantage of any opportunity to, for example, find an instance of non-compliance to generate revenue, or move you, preferably, to their cloud services. One of our clients had no less than 13 Oracle salespeople and two partners engaged at the same time, for the same deal – that never eventuated. This type of scenario, which we encounter at Palisade Compliance all too frequently, is made more convoluted due to the multiple layers of connection that exist between your organisation and Oracle. Most of these channels “provide” information to Oracle inadvertently, or because of an “obligation” contractually or by association to Oracle (such as partners or resellers).
What can you do to minimise any exposure or ensure you don’t have information inadvertently passed on to Oracle?
- The number one tip (and good old common sense) is to ensure that everyone in your organisation treats your information as internally confidential. Information must only be shared when authorised to do so. This is tricky to enforce, but the consequences of inaction can be costly.
- Make sure you understand any third parties’ loyalties and obligations to Oracle.
- Make sure that any third parties have visibility only around what they are engaged to do for your organisation, and that you are covered with relevant confidentiality clauses.
- Ensure there is zero conflict of interest with any organisation you engage to provide services – if you’re in doubt, check it out.
How to ensure that confidential information about your licence arrangements is kept confidential
1. Ensure that back-to-back, non-disclosure agreements are in place with staff and external providers (yes, that includes us!).
2. Ensure that all staff, whether they are in your IT, financial, legal, or business divisions, understand that your organisational information, road maps, plans, direction and vision is exactly that: YOURS and should not be shared unless they have the right approvals to do so. Stay in control of your business by keeping your information within your business.
3. When it comes to third party services linked to Oracle licensing, similar to those provided by Palisade Compliance, make sure that any service provider is vetted in regards to their relationship with Oracle.
- One way of establishing this is to search on Oracle’s website to determine whether the provider is really as independent as they say they are.
- Check to see if they white-label themselves and/or subcontract with Oracle or with an Oracle partner at any point.
- Do they partner with Oracle and/or an Oracle partner in any marketing or solution activities?
Stay in control of your business by keeping your information within your business.
Our position is that it is always important and necessary to be accurately licensed and to make sure that your organisation uses only licences and services that are contracted and paid for.
Get in touch with us today to talk about minimising your risk of exposure to Oracle.