Oracle Begins to Audit Java
Oracle has officially begun to audit their customers for Java. In order to get a better grip on what this means for our clients and the ITAM world at large it’s best to start at the beginning.
How Did We Get Here?
In early 2019 Oracle announced that it would begin charging commercial users of Java for access to updates/patches released on or after April 16, 2019. Prior to this announcement, Oracle sold a few commercial Java products which offered its customers advanced features of Java, as well as 24/7 support. These commercial offerings were sold as perpetual licenses—similar to how Oracle traditionally sells their Database and Middleware products—and separate from their free offerings, Oracle’s Java Development Kit (JDK) and Java Runtime Environment (JRE). These had always been free to use and upgrade as long as no “commercial features” were being utilized. With the 2019 change, Oracle scrapped their former commercial offerings and included all use of Java under a new subscription-based license model whereby customers must pay annually if they want to install, upgrade, patch, use commercial features, or receive Oracle Support services for Java installations taking place on or after April 16, 2019.
Is This a Problem?
It depends. This change to Oracle’s licensing of Java means that almost every organization in the world needs to:
- Stay on versions of Java which pre-date April 16, 2019 (better check with your Security team on how they feel about this option)
- Remove or replace Oracle Java from their environments; or
- Purchase a Java subscription
Regardless of which option an organization chooses there will be some required investment by the organization to determine how much and what versions of Java are currently deployed, the feasibility of removing or replacing Oracle Java, and the cost of an annual subscription. We’ve seen Java subscriptions range anywhere from $8K to $3M – annually.
How Is Oracle Managing Compliance for Java?
Just as they do with all their products, Oracle makes downloading and installing Java easy. Too easy. The Java Sales team monitors these downloads and uses the email domain name of the installer to track the downloads back to a specific company. Once they have enough “evidence” that a company is using licensable versions of Java, the Sales team makes contact with someone inside the company, typically in IT, Purchasing, or Vendor Management. They ask for information from unprepared or unaware individuals, those individuals overshare information, and Oracle sends a bill for a new Java subscription. Not exactly how you want to incur extra and unforeseen costs to the business.
But many organizations are familiar with Oracle’s sales tactics and are properly prepared by assessing their need for Java before making a purchase. However, when this process takes longer than the Sales team is willing to give, they begin to involve members of Oracle’s audit division to participate on calls and email threads to intimidate the customer and speed up the sale via the threat of a Java audit.
These “soft audits” have been happening since Oracle made its Java announcement back in 2019, and are the reason for so many rumors throughout the industry that Oracle is auditing Java. They were not formal audits and compliance was managed through Sales.
Until now.
What Changed?
According to some of our North American clients, Oracle auditors are no longer simply participating on Sales calls and email threads. They are sending official audit notices on Oracle letterhead and invoking their right to audit via the “audit clause” found in the customer’s Oracle Master Agreement (OMA). These are not “soft audits.” These are real audits, and they could have a major financial impact for organizations that have not prepared themselves.
How Can Anglepoint Help?
Immediately following Oracle’s change to Java licensing in 2019, our team of Oracle license experts—many of whom are former Oracle executives and auditors—created a process and service offering to assess an organization’s use and need for Oracle Java. We can help determine where Java is installed, how much of what is installed requires a license, possible options for removing Java or replacing it with a free alternative, and we provide our findings in simple-to-understand reports so our customers can have the ammunition they need to make the best decision on the path forward.
The process typically takes 4 to 8 weeks on average and is sold as a fixed fee depending on environment size.
Schedule a free call with us below to find out if our solutions would be right for you. To learn more about Oracle and Oracle auditing, please visit our Oracle resources page. There you can find helpful webinars and articles for more in-depth information.