Software License Compliance: Myth vs. Reality
Sep 12, 2008 4:00 AM PT
The issue of compliance is forever on the minds of IT executives, and even more so in the last 10 years, due to increased audit activities by software vendors, complex licensing rules and the management of multiple vendors.
Non-compliance with a software vendor's licensing can create uncomfortably large fines and legal fees for any enterprise. Compliance is key throughout any organization. In today's environments, vendor audits -- from Microsoft, Adobe, Oracle and SAP -- have become commonplace.
Organizations such as the Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) have been formed to combat software piracy. In fact, BSA offers a US$1 million purse to whistleblowers turning in companies that are not in compliance with software vendors' licensing rules. The BSA operates on membership fees from vendors and settlements they get from lawsuits against vendors -- with many lawsuits resulting in payments between $11 million and $13 million. The environment is such that non-compliance is not an option.
With the rising popularity of virtualization and a growing mobile workforce, corporate IT departments need to keep up with the shifting business/IT ecosystem along with the different types of software licensing needed for the changing environment. Therefore, when changes are made within an organization ahead of the curve, the licensing can get tricky and quickly put your organization out of compliance.
What Can Be Done Beforehand?
A recent survey by King Research revealed that an alarming 69 percent of IT executives are not confident about being compliant with their software licensing agreements. If uncertainty exists among the majority of IT executives, it's time for this group to seriously begin creating and implementing some type of software asset management (SAM) program that will cover the next 12 to 18 months and account for any business changes that the company may incur. Automated SAM software programs can help jump-start compliance management but more importantly, utilizing an expert with knowledge of the constant changes in software licensing rules will help to avoid those circumstances where you believe you are compliant and in reality you are not. An automated SAM program does not, and will likely never, replace human decision making. Whether a company is compliant with its software licensing usually depends on the scenario and needs to be looked at in each individual context.
Companies will spend nearly $160 billion on software purchases this year, with an additional $100 billion-plus spent on enterprise software maintenance costs including licensing fees. According to IDC, that number will grow to $137 billion by 2010, representing nearly half of software vendors' revenue. With numbers in the billions, the C-suite will need to recognize the importance of diligence with software licensing compliance.
Why Do They Do This?
With IT budgets remaining flat year over year and increasing competition in the software market, vendors are in need of new revenue streams. According to the BSA, software piracy in the eight states studied cost software vendors an estimated $4.2 billion and lost revenues to software distributors and service providers were an additional $11.4 billion, for a total industry loss of more than $15 billion.
With those lost dollars, it has been said that software vendors use licensing and maintenance fees to recoup those numbers, increase profits and make investors happy. Case in point, SAP increased its licensing and maintenance fees this year to "stay in line with their competitors," but there has been much speculation that the massive pricing increase was due to investor demands for higher profit margins.
Because software licenses are governed by contracts with vendors and U.S. copyright law, both civil and criminal penalties are a possibility. Fines can be as much as $150,000 for each illegally installed copy of software, which includes legally purchased software that is not properly licensed. As an individual, fines can be up to $250,000 and up to five years in jail. These costs are in addition to legal fees, negative publicity (BSA loves publicity) and time spent away from the company to deal with the lawsuit.
The Audit Process
Form your team; include the C-suite and any IT staff included in SAM to be sure that proper communications between members take place. Be sure and have buy-in from the C-suite as to what the situation is and what you will need to get the best outcome. It's important when providing documentation and required materials from the auditor to provide only the information requested.
Information they will likely ask for includes:
- Proofs of purchase
- Invoices and sales receipts from vendors
- Manuals and certificates of authenticity
- Purchase records for any software and licenses listed in the audit report
- Comparison of your purchased licenses to the installations found -- be sure to consider free and paid upgrades
Since auditors will typically give you only a few weeks at the most to gather these materials, a good discovery tool is worthwhile. Be sure to double check what these tools find -- although they provide on-demand information, at times they can miss products such as Client Access Licenses and licenses used for remote employees.
When the audit is complete and the discrepancies are found, communication comes back into play. There will be an explanation to the C-suite as to what is missing, how much it will cost, and how to avoid this happening again. Expect the fines to be two to four times the cost of the software for each instance of non-compliance. Additionally, you will need to purchase the correct number of licenses.
Negotiating a Settlement
After your audit is complete, it's the C-level offices' duty to report back to the auditor for them to determine the cost of your non-compliance. At this point you will have the opportunity to negotiate several points, including whether you would like to settle in court -- which is quite rare -- or out of court and request that the results of either remain private. From your side, you will likely be asked to consent to ongoing audits and present a plan for future SAM.
You may want to look at the audit process as an opportunity to evaluate your SAM process and make improvements. At times, it can be a wakeup call for "do it yourself" IT managers to realize they need outside experts help from those that solely focus on keeping up with changing licensing rules to implementing an automated SAM system. By properly managing software assets, cost savings will result over time by avoiding over- and under-licensing. The average savings is usually about 18 percent the first year and increases year-over-year, with the average cost savings being 30 percent from the total sum of the software licensing and maintenance fees over the years.
Like in any business, being ahead of the game is often encouraged and a way to minimize "leaks" or surprise expenses in any budget. Unless there is an existing enterprise SAM program, a software audit will invariably lead to surprise expenses from fines due to non-compliance and the involvement of attorneys, and it's a drain on resources diverted to working on the audit. It also draws unnecessary attention to your IT practices from customers and even internally with the C-suite (especially in light of the very public lawsuits by the BSA). Software licensing compliance is an issue that should remain a priority for C-level executives as well as IT managers -- who can end up being held personally responsible for mismanaged software assets.
Before an auditor comes knocking at your door, get help -- call in the experts to help get software assets on track and automate the process as much as possible. Consultants are available to evaluate licensing on an ongoing basis to keep up with business and licensing changes.
Scott D. Rosenberg is founder and CEO of Miro Consulting, a software license management firm based in New Jersey.