First Oracle, now IBM! IBM is the among the 40 software vendors to be a part of the Business Software Alliance (BSA). Just another reason to be mindful of your software licensing compliance!
We often refer to software audits as a bad thing… when vendors are knocking down your door and are threatening to fine you. Well, auditing, when YOU are the one doing it, is a positive and effective way to avoid those fines. The best way to find out if you are or are not in compliance, is to audit yourself. Licensing accounts for at least 20% of an IT budget – getting this in order is also a way to save some money (or at minimum be sure that you are efficiently spending that 20%!).
When self-auditing, there is no vendor looking over your shoulder, it can be done with care instead of haste, and will reveal anything you may have to fix should you get audited for real. We recommend self-audits every 6 months, as businesses change so frequently that the way software is being used (and by how many people) is in constant flux.
While self-audits are not easy and they are time consuming they will save the organization in the long run. Audits are on the rise from ALL software vendors and they are auditing businesses of all sizes. Be ready for an audit to avoid heavy fines, and as an added bonus optimize your software licensing spend!
90% of all audit letters sent in 2012 were the result of tips from whistle-blowers, according to the BSA. 90%!!! So those current and former employers that didn’t get the raise they wanted or had a bad day with their boss…they can earn some cash by filling out a simple online form (see below). It’s easy, anonymous and lucrative.
Considering the BSA represents 40 software vendors (including Adobe, Oracle and IBM), it would be pretty easy for any company, large or small, to be caught. Software vendors are auditing more and more and the BSA is just one way for them to find out who they should be targeting.
What is the lesson here? Don’t give whistle blowers any ammo – do a self-audit, get your licensing in order and be prepared!
We talk a lot about audits on here, today, we are going to take a moment and define the different types of audits.
Self – often requested by trade associations acting on behalf of software vendors. These are the friendlies of the audits, it is conducted by YOU and results are provided to the vendor.
Independent – This type of audit involves the use of a third part auditor and is the most costly and time consuming. You have virtually no say in the process and must bear the costs of the audit. The only upside is that the auditor is independent, and not an employee of the software vendor.
SAM Engagement – SAM engagements have been used recently by Microsoft, the software vendor requires a third party audit and the results are reported back. The auditor does not need to be independent and the audited company must purchase licenses to become compliant. These audits are typically much less costly as the vendor will forgive past non-compliance with the only cost being the license discrepancy.
Publisher-Staffed – simply said, this should be the last option, if you can avoid it, avoid it! Just as the name implies, this is an audit performed by the software vendor, they collect information and use it as a basis for the dispute. It’s intrusive and one-sided. Best to request a self audit if at all possible.
Any audit is bad news, our advice, get ahead of it!
We talk a lot on here about being audited by your software vendor – from the letter, to the audit itself, to the fines and so on. What we have yet to warn you about is taking those auditors at face value – along with their math. What do we mean by that? Well, don’t assume they know 100% of the licensing rules or know everything about your business. You would assume the auditors know the licensing rules in and out. Maybe, maybe not. They certainly don’t know your business like you do. They make assumptions. Assumptions about how your licenses are being used and assumptions that will essentially increase the return of their audit.
This is why two things are so incredibly important to avoid bigger fines that you deserve:
- A proper SAM program must be in place to manage inventory and maintain your compliance (it will save money too, but you know this if you have been reading our blog!)
- It pays to have an expert on your side. If the auditors don’t even know their own licensing rules, chances are – since we assume you have other duties at your company besides following licensing rules – you are not 100% up to speed on the constant changes. Ask someone who does know to keep you in check.
Always negotiate, always question the auditors, don’t EVER just take their word for it.
Gartner recently put out their annual report: The Software Vendors That Are Auditing Now and What to Do About It. Based on survey data from their IT Financial, Procurement and Asset Management Summits, the research firm found software vendor audits have, once again, gone up. The percentage of respondents who said they had been audited in the last 12 months rose from 61% to 65% in 2011. Also interesting was the top five vendors doing the auditing: IBM, Adobe, Microsoft, Oracle and SAP (which is a new entrant to this list).
Gartner suggests that organizations look more closely at Software Asset Management, and start taking these threats seriously, as changes are increasing that you will, at some point, face an audit by one or all of your vendors. Many respondents also noted that they vendor had to have lengthy discussions with those being audited to explain licensing rules and clarify why they were not in compliance – this tells us one thing – if the customers don’t understand it, they need to be less confusing! You shouldn’t need an expert or an in-house person to explain the licensing to you, but unfortunately you do in order to stay compliant!
We have often addressed the BSA and their piracy fighting tactics here on this blog as a warning sign for those who aren’t taking compliance as seriously as they should be. PC Pro Magazine recently wrote a story about a small business that was targeted by the BSA and the exact tactics that were used to strong arm them into an audit. Admittedly, the business owner did not know if he was in compliant, but blamed the recession and trying to keep his business afloat as to why licensing fell to the wayside. You can read about the entire ordeal here.
It gives good insight as to what exactly happens when a disgruntled employee turns you in, and how far the BSA will go to validate the claim, which they say are where 20% of their leads come from. Something to think about! And yes, we are in a recession, but what many businesses do not realize, is that managing your software assets can actually save you money- which is a thing of beauty in a recession!
Check out our archived events section, we have several resources on audits and SAM to get you started!
No matter what day or week it is, we’ll always get a question about “how else can we use our license” with a very specific example. The short answer is – you must always use licenses as they are intended for use, otherwise you will be out of compliance, and penalties can be steep! We understand that there are a lot of gray areas in your licensing agreement, but this usage is usually not one of them.
One example of this is the Microsoft Developer Network (MSDN), one of several subscription-based offerings from Microsoft. It gives a licensed user access to many tools, to support forums, to trial version software, and many more features. However, the applications supported by the software available under the MSDN subscription can only be used in a development environment. Once these applications are deployed in production, the proper licensing is required. For example, SQL Server can be downloaded by an MSDN licensee. Once the application is to be deployed in production, SQL Server licensing for the production environment must be purchased. However, one of the benefits of MSDN is that licenses do not have to be purchased for proof-of-concept initiatives.
Be sure that you are properly licensed at all times, non-compliance is a big issue and most organizations don’t even realize they are doing it!