Beware of Oracle's licensing 'traps,' law firm warns

13.10.2015
Oracle's aggressive licensing practices have gained it considerable notoriety over the years, and on Tuesday, a Texas law firm specializing in technology issued a warning urging enterprises to beware.

"Oracle software licensing is full of traps," wrote Christopher Barnett, an associate with Scott & Scott LLP, in a blog post. "Businesses need to understand the risks associated with those traps and to proceed with caution."

Of particular note is Oracle's License Management Services compliance arm, whose zeal for audits and "undeserved windfalls" is "nearly legendary," Barnett said.

It's common, for example, for the company to surprise customers with licensing fees associated with product options that they have never actually used, he pointed out.

Such options are sometimes inadvertently enabled during the installation process, but "if LMS determines that the options were enabled at any time -– even if only once, seven years or more before the audit data were collected –- it is common for those options to be included among the audit findings," Barnett wrote.

One of the biggest problems with Oracle software is how difficult it is for companies to track internally what they're using and how they're using it, said Julie Machal-Fulks, a partner with Scott & Scott, in an interview.

"They may use just one Oracle product and think they're using it correctly, but then Oracle comes along and says, 'no, you're using it wrong -- you owe us a million bucks."

It's difficult to track and understand, and clients are typically surprised by the results.

One of Scott & Scott's clients, for instance, was "trying diligently" to understand a particular product's licensing terms, but "he could not get Oracle to give him an answer about how to use it properly," Machal-Fulks said. "The client could not decipher it for himself, so he ended up going with another company's product just because it wasn't safe."

Oracle's product would have been the client's first choice, she added, so it's actually losing money in such cases "because people get nervous and just don't want to take the risk."

For companies that haven't already agreed to license an Oracle product, Machal-Fulks urges careful calculation of the product's real cost before they decide.

"Companies often look at the quote Oracle gives them and nothing else," she said. "I've had companies tell me later that if they had known how much it would cost in their environment, they would have chosen differently."

Oftentimes, customers don't even understand what information they would need to give Oracle in order to get a more realistic price. And even the smallest infrastructural changes made down the line can have considerable consequences.

For instance, "many don't know that if you cluster machines, that can have licensing consequences," Machal-Fulks said. "They don't find out until the middle of an audit."

Companies that are already using Oracle software, meanwhile, need to make sure when evaluating maintenance renewals that they are evaluating the same way Oracle would be.

That, however, is easier said than done, she noted, in part because many of the tracking mechanisms Oracle uses are proprietary.

"People will often say, 'we don't think things have changed that much, so we'll just renew,'" she said, when in fact even seemingly minor changes can have ramifications.

If third-party partners have begun accessing a company's Oracle tools, for example, that could have implications. Sometimes, such changes are not allowed at all, she said.

It may not be possible to eliminate all the risk, but there are things companies can do to make sure their "audit-readiness" is better rather than worse, Machal-Fulks said.

First and foremost, "periodically review your environment to see what, if any, changes have been made," she said. "If there are changes, there's a good chance there are licensing implications."

Not surprisingly, Machal-Fulks also recommends working with external firms experienced with Oracle audits.

Oracle did not immediately respond to a request for comment.

Katherine Noyes