Clearing Oracle’s Contract Audit Hurdles

By Craig Guarente

Enterprises are managing, storing, and analyzing much larger data loads as they become more digitally driven. But the wealth of data from analytics, big data projects, cloud, mobile, and the Internet of Things has come at a cost. Enterprises are bringing on new solutions, more resources, and greater capacity to support the data deluge. Given that Oracle® is the leading provider of database solutions, working with many of the world’s largest companies generating large volumes of data, the company’s sales team sees this as a significant revenue opportunity. However, what is good for the vendor is rarely good for the customer.

The rising tide of data has contributed to the success of all database management system vendors in the market. But no other database vendor has the sheer market dominance and historic penetration of Oracle. Therefore, no other vendor is better positioned to take advantage of the recent flurry of data-driven activity. Businesses today want to move at digital speed and be able to design, deploy, and manage applications to meet demand. All the tools exist such as the DevOps approach to application development and containers to help spin up application instances rapidly. Vendors promote the ease of deployment via the Cloud — everything suggesting that businesses adopt applications at will. However, this also creates huge headaches for the CIO and CFO as it leaves a messy trail of application instances that may or may not fall within existing licensing agreements. The growth of shadow IT demonstrates how real this issue has become today.

One Oracle strategy for dealing with existing customers, and the one enterprises must be prepared for when entertaining a relationship or negotiating with Oracle, is as simple as A, B, C — Audit, Bargain, Close. Just a threat of an audit is sometimes enough to get Oracle customers to the bargaining table for new contracts or contract renewals. An important thing to remember is that enterprises have contractual rights in any audit and can retain tremendous leverage. Furthermore, if the IT team has complete 20/20 vision over its Oracle portfolio, the audit threat is significantly less potent and enterprises still have an opportunity to lower or control costs even as data loads continue to rise.

Critical to developing or maintaining 20/20 vision is knowing some of the hurdles that Oracle regularly uses to trip up enterprises in the contract management or evaluation stages. The following are four major hurdles with some tips on how to manage them:

1. Lock in Support and Maintenance

The biggest hurdle Oracle uses is the way it locks in support and maintenance with licensing contracts. One way Oracle representatives achieve this lock-in is to encourage rolling up multiple small contracts into one larger contract. Procurement or budget departments often support this more streamlined approach because they will have fewer contracts to manage, and it will look attractive on the surface because of fewer terms to police.

But once the licenses with companion support and maintenance are rolled into one contract, Oracle makes the argument they can never be decoupled. Even if licenses are retired, enterprises are often still required to pay the support and maintenance fees because they are linked to another product on the same contract that is still in use. It’s important to note that such lock-in terms are not directly stated in Oracle’s contracts, but instead found in Oracle’s support policies that may be reference in a URL. (See №2.)

2. Mysterious ‘Other’ Policies

Oracle uses policies that are not spelled out in contracts to control a great many activities. One example of this is how Oracle pushes an extreme licensing view when their customers utilize virtualization technologies like VMware. If you read through your Oracle contracts there is probably nothing in them that speaks to virtualization. There probably isn’t even a URL that references a virtualization policy. Nonetheless, Oracle will consistently use their virtualization policies as a hammer when hitting their customers with an audit finding. The real kicker with this one is that the virtualization policies specifically state they are not part of your contract and they are for educational purposes only. Yet, Oracle still uses them. Oracle customers have a real opportunity to push back on Oracle when that vendor tries to use these types of documents in an audit or licensing discussion.

3. Mergers, Acquisition, and Divestitures

M&A activity by Oracle customers is an amazing source of revenue for Oracle. Every Oracle contract has a clause in it that defines who can use the software. This restriction becomes particularly onerous in larger contracts called ULAs (Unlimited License Agreements). ULAs can last for three or four years and at the end, if the ULA customer has done any M&A activity, that could cost them millions of dollars they were not expecting to spend. It is critical that the Oracle customer heavily negotiate the terms of these restrictions to avoid this scenario. Unfortunately, most enterprises do not have the proper language to help in these instances. By the end of the contract it could be too late and Oracle has you trapped.

4. Your New Products & Services

It starts as simple small talk between your Oracle rep and a database administrator about new product news on the company website. The Oracle rep makes note the company is offering a new software-as-a-service and your DBA proudly proclaims that the bedrock is Oracle and it’s working well. Can you see what’s coming? The Oracle rep informs company management that their new externally facing product is not necessarily covered by existing licenses. Enough doubt has been seeded without an official audit for executives to come to the bargaining table and examine a new contract to support their newest product. The fact is that just because your Oracle licenses are being accessed by your customers does not necessarily mean that you are out of compliance. In the Oracle world this revolves around the definition of “external usage.” Guess what? That’s not defined in your contract either. I think we can all see the pattern here. To avoid this scenario, your enterprise must understand your Oracle contract terms before branching out on Oracle technology. In the Oracle contracting world unlimited does not mean unlimited, and internal business operations does not mean only internal personnel can use the software. If you are face with these questions it is best to engage an independent Oracle licensing and contracting advisor for guidance, before you move forward with using Oracle on that new project.


Being successful in the Oracle A, B, C audit power struggle requires more than remaining contractually compliant. Enterprises need to have ready means to communicate compliance, and Oracle has to know compliance requirements have been met. After all, Oracle conducts audits to generate revenue by finding new reasons customers must buy licenses and cloud services. And while audits cost them much less than it costs enterprises to deal with them, they still cost Oracle money, so there must be some upside for them. If enterprises can clear the uncertainty up front, it takes away a great deal of leverage at the bargaining table. It can even help companies avoid having to come to the table at all.

Craig Guarente is the CEO and founder of Palisade Compliance. This article was adapted from a talk delivered at Postgres Vision 2016 on Oracle cost containment and contract management, and which will be delivered again at Postgres Vision 2017, June 26–28 in Boston. Founded in 2011, Palisade Compliance is now the leading independent provider of Oracle licensing, contracting, audit defense, and cost reduction services. Craig worked at Oracle for over 15 years, ultimately as Global Vice President of Contracts, Business Practices, and Migrations.