Five Strategies For Surviving A Software Audit
March 5, 2018 Alex Woodie
Dealing with a software licensing audit can be a scary thing, particularly for smaller outfits with limited resources. Martin Thompson of the Campaign for Clear Licensing recently clued IT Jungle into some of the audit strategies that big software companies are employing, and how software customers can be prepared.
Oracle, IBM, Microsoft, and SAP are widely respected for the quality of their software and the responsiveness of their technical support. But they are also feared by customers due to the legal power they hold, the restrictive licensing terms in contracts, and how they use software audits to extract higher revenue from customers.
The Campaign for Clear Licensing has been at the forefront in documenting some of the worst abuses of the software giants. The UK group has been at it for years, but the practices haven’t changed much over that time, according to Thompson.
Here are some of the ways software behemoths are using restrictive licensing and software audits against their customers now, and how customers should respond.
Build An ‘Audit Castle’
As word over licensing and audit abuses of the software giants has gotten out, corporations have boned up on their legal rights and instituted processes to deal with aggressive auditors. As a result, software companies are looking elsewhere to get their audits off the ground, including getting their foot in the door in companies’ foreign subsidiaries.
“It’s like, I can’t get into the main headquarters of the company so I’m going to try their subsidiary in Guatemala and try to get our audit underway from there,” Thompson says. “This is the equivalent of going to mum when dad says no.”
A company’s defense is only as strong as its weakest link, so it behooves companies to institute strict processes for dealing with wormy auditors. Thompson recommends training the managers of foreign subsidiaries to refer all auditors’ requests for information about their use of software to their headquarters.
“The best practice is to reject it and push it back up to head office, which means you need to educate end users around world about not responding to audits and to push things back,” he says. “Most companies are building an ‘audit castle’ to create a defendable position, and that castle needs to extend globally, not just cover the headquarters.”
Know What You Need
Software customers who don’t know what kind of software they need and aren’t informed about the different options available to them are sitting ducks for the sharps at software giants, Thompson says.
In the old days, software customers who were found to be violating terms of their contract were assessed a monetary penalty. That has largely fallen by the wayside, and now the audit is used as a way to coerce customers into buying more product, Thompson says.
“For modern companies with innovative IT teams, best practice is they have a good understanding of what they have and what they’re using, and they drive the conversation with Oracle,” he says. “They take the conversation to Oracle to say, ‘This is what we have, this is what we’re going to need in the future,’ rather than be driven by Oracle.
“Weak customers are the other way around,” he continues. “They get driven by Oracle, and they end up with what they deserve, basically.”
Prepare For Cloud
“For Oracle, an audit is a form of foreplay,” he says. “It’s a presales engagement. It’s not about inducing compliance. It’s about how can I find out what the customer is doing so I can sell them some cloud, basically.”
Selling licenses to enterprise cloud solutions is the ultimate commercial resolution for audits at most major software companies these days, Thompson says.
“Let’s audit the customer and find a shortfall and try to build a solution that allows us to force our strategic product on them, which is cloud,” he says. “Oracle is not alone in that. You’ll see the same behavior from IBM, Microsoft, and SAP. Anything that allows them to sell cloud is good.”
The software bigs are quite keen on increasing their cloud revenues to make Wall Street happy, which results in cloud being the end-game for audits. Customers should be aware of this situation and the motivations of the software giants as they enter into negotiations, and be aware of alternatives to the enterprise cloud offerings.
“This is basically old dinosaur behavior,” Thompson says. “SAP are clinging onto their customers with fingernails trying to stop them innovating, because other they’ll be eaten alive by all the cloud solutions that are coming out that are stupidly easy to use and a lot cheaper. So they’re being awkward just for the sake of it.”
Know Your Rights
The vast majority of customer licensing agreements give the software vendor the right to audit their customers’ use of their product. The timeframe is typically one audit per year. Although no vendor actually audits every customer every year, they’re increasing the frequency of audits as the years go by, Thompson says.
“It’s something they’re signed up to,” Thompson says. “They can delay it. They can use tactics to kick the can down the road. But ultimately, they’ve got to do it, contractually.”
While customers can negotiate the audit clause out of the contract, that’s rare. “The standard Oracle contract includes an audit clause,” he says.
Information is power in most situations. In the case of enterprise software, knowing what you need gives you an upper hand over the software behemoths.
Thompson says he’s seen many examples of customers who keep paying maintenance and technical support for a software product that is out of date and may not even be supported by the vendor anyway.
“You buy some of these products and they say ‘You can have an upgrade entitlement to take you to X version,'” he says. “But the version you’re on they’re no longer supporting, but customer is under the illusion they need to pay maintenance to get support from IBM when in reality they’re not actually providing support for that version anyway. So there’s ignorance about what you’re actually entitled to and what the plan is.”
Thompson advises some IBM i customers to assess whether they can get maintenance cheaper from other sources. He mentioned the company Rimini Street, which provides third-party support for JD Edwards products. (Spinnaker Support is another option). He also mentioned a company called Origina that supports nearly 900 IBM software products.
Companies in the European Union may also get a better deal by purchasing used software. While the practice has won legal victories in the EU, it’s not as widespread in the United States.
Above all, Thompson stresses the importance of looking for alternatives, whether that comes in the form of cloud offerings or better deals for on-prem software. Most companies will be using ERP software for a while, so they should chart a path that makes sense in the long-term. “Some of this stuff can go indefinitely and you can keep using it,” he adds. “It’s just you don’t need to be paying enormous amount for it.”