Ineffective SAM? - Another company fails Oracle audit - was it intentional?

AGL Energy was just forced to pay over $800k for Oracle license non-compliance.

This is just the latest example of failed compliance audit - and I for one believe it was not intentional.  I have talked to other customers who found themselves in the same situation.  There are many reasons why organizations fail audits.


1.       Poor inventory - if your inventory systems don't discover all software, you will not be aware of what's in your environment and will not be able to prevent over-use of licensed software.  Here is where having appropriate tools and deployment policies, as I suggested in one of my blogs on ISO-19770-2 tags, will help improve inventory results.  In many cases one tool does not fit all - so make sure you have the appropriate tool to collect the right data.  The industry may be telling you inventory is a commodity, but inventory for the purpose of software licence compliance is definitely not.


2.       Inadequate policies - if too many people have access to software media and licenses, if individuals or business units can buy their own licenses and don't have to report those purchases to software asset managers, you can find yourself unable to prove compliance and will be forced to pay fines.  Make sure that you either prevent individual purchases or require that personal purchases are recorded in official company records.  Remember, if it is installed on company equipment, you are liable.


3.       Software allowing access to non-licensed functions - software (such as Oracle DB) grants users access to all functions, regardless of licensing, you will likely find that many unlicensed options are used.  Make sure everyone is aware that they have to check with SAM administrator before they install new instance of any software.


4.       And perhaps the most startling example - technology and automation may end up costing you a lot of money for non-compliance - technology like vMotion can move an Oracle DB VM from a small physical box to a large one (let's say in case of a failure) and that can cost you dearly (one of my customers had this happen and ended up with a million dollar non-compliance bill).  In this case, you need to make sure that you are part of the team setting up automation rules - if not, then you will have to be extra vigilant on the inventory front.


I am sure there are others, but these are more common.


So, no, I don't believe this breach was intentional, but until vendors make it easy to inventory and maintain compliance, you will always be at risk, especially in today's world of self service and automation.


Interestingly enough, Oracle actually has taken some very positive steps to help customers ensure Oracle DB compliance with their "Verified by Oracle" program.  Through this program, software such as HP Universal Discovery, which embeds Oracle's own audit mechanisms to collect information about your Oracle DB environment in its HP UD for Oracle Licensing module allows you to pass Oracle DB audit without the auditor ever showing up at your site.  In combination with HP Asset Manager, you can discover your Oracle DB environment (including installed options) and calculate compliance on ongoing basis with Asset Manager’s Software Asset Management (SAM) module.


It is very important to remember that SAM is not easy – if you need to raise visibility into impact of SAM, point your management to the AGL article or our ITAM blog.  If you don’t already have Universal Discovery or Asset Manager SAM module, contact your account rep.  If you need the latest content pack for SAM, go to HP Live Network for AM SAM (Business) content.

vijay gavande | ‎04-18-2013 12:56 PM

Do HP's own products on deployment side and discovery side can reconcile data in asset manager from licensing as we as Installation aspect?

| ‎04-19-2013 11:54 AM
Nice post Daniel. I can only hope that where Oracle are leading other vendors will follow. If they do not then it could be a sign that they are set on using SAM as an on-going cash cow. In my mind it would also be a driver for their customers to look to others, if you have a vendor that's not going to aid you in your work to be compliant and another that will then you can see how things could shift within the customer base.
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.