5 Ways Your Hosting Provider Can Put You Out of Compliance

ORACLEYour Third-Party Hosting Provider may be putting you out of compliance. Unfortunately, your organization is liable if they do. Most providers have clauses in their contracts which absolve them of all responsibility. Is your hosting provider jeopardizing your compliance? Read more to find out.

1. Virtualized Environment

Do you know if your Third-Party Hosting Provider is running your software in a virtualized environment? We find that Oracle can and will require licensing outside of their client’s own non-dedicated use for those who use a Third-Party Hosting Provider utilizing forms of virtualization. Many organizations think that the Third-Party vendor would be liable for any resulting license compliance issues, but that is never the case. All Third-Party Hosting vendors that own and manage the hardware that hosts client software assume no liability for software license compliance. The client is always liable.

2. Disaster Recovery

Do you know how Disaster Recovery is handled within your Third-Party Hosting Provider? We continue to find situations where a Third-Party Hosting vendor is deploying a form of Disaster Recovery that Oracle would consider to require additional licensing, but clients are never informed of it requiring additional licensing. Some Hosting vendors have even stated that such licensing was not required, but it was only their opinion and had not been confirmed by the software vendor.

3. Proprietary Hosting

Are you running any Proprietary Hosting solutions at your Third-Party Hosting Provider? Oracle’s past policies have dictated that Proprietary Hosting is forbidden, but have recently shown some loosening of those restrictions, but only when Oracle Cloud is the solution in use.

4. Data Sovereignty

Do you know where your data is? Data Sovereignty is a topic that comes up more often as organizations try to ensure that they are not breaking any government jurisdiction on rules and policies that would impact Third-Party access for legal, security, or privacy purposes. The policies and rules can vary greatly by country. Third-Party Hosting Providers often have datacenters in many different countries. Even if your primary data is contained in a local or a geographically acceptable datacenter, your disaster recovery site may not be.

5. Hardware Platforms

Do you know the hardware platform in which your software is being run? We constantly come across organizations that have great difficulty getting such information from their Hosting Provider. We have even seen instances where the Hosting Provider refused to provide such information to the client. Outside of Oracle approved Cloud Computing Vendors, it is necessary to know the details of the underlying hardware so that proper licensing can be calculated.

Share