Knock, knock
Why software vendor audits are causing increasing misery for end users and what partners can do to help
Disingenuous. Cynical. Obtuse. These are just some of the words that have been used to describe software vendor audits.
Whether you view them as a legitimate means of protecting intellectual property, or a flagrant revenue grab, audits are on the rise - in frequency and ferocity - and so too is the demand for channel partners that can help end users defend themselves against them.
Oracle, IBM, Microsoft and SAP are among those said to be ramping up their compliance activities to claw in easy revenue from customers who, often inadvertently, find themselves incorrectly licensed.
According to some estimates, the major software publishers are now generating up to 60 per cent of new licence sales from compliance activities, with recent research from IDC and Flexera Software finding nearly two thirds of end users were audited during the preceding 18 to 24 months.
Audit antagonism
Some 58 per cent were audited by Microsoft, the survey found, 21 per cent of which were handed true-up bills of $1m (£662,000) or more. Adobe was the next most aggressive (29 per cent), followed by IBM (21 per cent), Oracle (12 per cent) and SAP (eight per cent).
VARs and consultancies that can help end users get their estates in order either after - or preferably before - a vendor audit claim they are in hot demand.
Paul Sheehan, co-founder of SAM consultancy ITAM Solutions, said the number of inbound requests for assistance his firm receives has hiked 500 per cent over the past three years, which he said is "the net result of the background of increased audit threat".
"When a vendor's new business revenues start to dry - whether that's because of market saturation or market conditions - it's natural to turn to compliance as an alternative source of revenue and to get very scientific about it," Sheehan (pictured) said.
Oracle, for instance, now has hundreds of staff trained specifically to maximise compliance revenues, including a significant Romanian data-processing team, with some of this capacity currently transitioning to India, Sheehan said.
"There are now very large organisations within these vendors that are very focused on training and programmes specifically to tease compliance revenues from end clients. Ten years ago, this wasn't the case," he explained.
Sheehan added: "The key mechanism the vendors use is knowing that the complexity within large organisations means they cannot respond [to audits] within the few weeks the vendor often gives them. Thus the debate is often not about whether they owe them money but a good cop, bad cop routine over how much. What organisations such as ours are trying to do is put the data, power and information into the hands of customers so they can defend themselves against a compliance or renewal event in a timely way."
Paul Bromelow, group commercial director of IBM partner APSU, which is also aggressively expanding its software licensing compliance activities, agreed.
"It's difficult to navigate your way through the changing world of vendor Ts and Cs on software, and clients find it even more difficult as they just don't have the level of expertise that a channel partner typically has. That's why we are seeing our business in this area growing," Bromelow said.
License to bill?
Many settlements arising from vendor audits are now more about forcing customers to buy forward-annuity contracts rather than rear-view mirror compliance, said Chris Gough, managing director of channel-only SAM consultancy Derive Logic (pictured left).
"For some vendors, new licence sales through audits account for over 60 per cent of their net new licence sales," he said. "Auditing has very little to do with compliance - that's just the mallet they hit people with."
Derive Logic is planning to double its 30-strong headcount over the next 18 months to cope with the increase in demand it is seeing, said Gough.
Built into most licensing agreements is the absolute right to audit.
But the complexity of vendor Ts and Cs - particularly for datacentre software - means most end users who fall foul of vendor audits are accidental pirates, said Martin Thompson, founder of end-user licensing body Campaign for Clear Licensing (CCL).
"It is very rare for me to come across an organisation that does not want to be compliant," Thompson said.
"The nature of the modern audit is about building deals and not compliance. They will find anomalies in the customer estate, get you on the back foot and then say ‘we'll forget about the oversight if you sign up to our cloud service for the next three years'. Microsoft is very good at this.
"All the top 10 software manufacturers now have audit teams of some description that have sales figures on their heads."
Honest Joes often fall foul of Ts and Cs forcing them to install tools for measuring software usage, Bromelow said.
"IBM uses this thing called the IBM License Metric Tool," he said. "It's supposed to be customer installed but it's actually very difficult to put in place. We help the client install the metric tools the vendors want them to install and keep track of it - we deliver that as a service."
If software vendors expended the same energy making their licences easy to manage and measure as they put into audits, they wouldn't need to audit in the first place and customers would ultimately be happier and would spend more, Thompson argued.
"[CCL is] pro-software," he said. "Ask any reseller how they find dealing with Microsoft SQL on VMware in the datacentre and they'll say it's clear as mud. It's complicated and difficult to measure and yet it's great innovation. We feel that licensing is a barrier to deals being done and innovation in the market," he said.
Get it wrong and the penalties are "very, very aggressive", said Bromelow.
"If you take a common piece of software like IBM Websphere, you could have residual stubs across 60-70 machines and only be using them on two. You finish up with what should have been the sub-capacity license cost of something very small being implemented, from a penalty perspective, at full capacity across all the environments you've got. And that's really expensive. Unless you can prove you are compliant, you don't really have a leg to stand on as a client, so it's a really scary place."
Good vendors, bad vendors
CCL recently wrote an open letter to Oracle founder Larry Ellison, urging him to address the "deep-rooted mistrust" in the vendor's customer base over licensing and is now examining the licensing and auditing practices of IBM and SAP, which it sees as the next-worst offenders.
Not all vendors are equally guilty, Gough at Derive Logic agreed.
"The good vendors want a long-term relationship and to work in a trusting way if there are issues of compliance," he said. "The bad vendors can't step back from the commercial side of non-compliance and try to hit the customer for every penny they can. Ultimately, the relationship with the customer then goes into decline."
Thompson said CCL had already noticed a change in attitude from Oracle.
They have started doing more licensing education around their end user groups and have been participating in ITAM and SAM summits," he said. "There's a long way to go, but it's moving in the right direction."
CRN approached Microsoft, Oracle, IBM and SAP for comment for this piece. Only SAP responded, saying it was "committed to working closely with our customers to ensure that our licensing practices are communicated clearly and that our customers are receiving the best possible guidance from SAP, as well as our partners".
End users must consider whether to work with a SAM service provider that also sells volume licence software, such as Insight, Kelway or Softcat, or an independent consultancy, CCL's Thompson said.
"It can be good to work with someone who sells the licensing as well, as they know it more intimately. But there is a big growth in the market for independent partners. It's like independent financial advisers: Sometimes you don't want the person advising you to also sell you the mortgage," he said.
In any case, there is a skills shortage in the SAM market as both VARs and boutique specialists scramble to staff up to cope with rising demand, Bromelow said.
"It's difficult to recruit quickly enough to keep track of it so we have been using contractors to tide us over and are also looking at the possibility of acquisitions," he said.
"CCL are absolutely just in their cause to try to get things cleaner, clearer and less obscure, but the vendors are also within their rights to protect their IP," he said.
"Until the time CCL wins the battle, I'm afraid the clients are going to have to take assistance from people like us."
CRN says
Critics such as the Campaign for Clear Licensing will say many of these audits now have little to do with compliance and everything to do with generating revenue. One residual software stub out of place and they will be taken to the cleaners - or at least forced to buy cloud software they don't want for the next three years.
Of course, it could be seen differently. After all, why shouldn't vendors be able to protect their IP and penalise customers that have been lax in their compliance?
Whatever your view, it is undeniable that both the frequency and ferocity of audits are on the rise as vendors whose technology has reached saturation point are lured towards this lucrative and often tax-free source of revenue. And neither is the murky world of software licensing, particularly in the datacentre, getting any easier to understand, manage or measure.
It is only the trusted advisers in the channel - whether they are independent consultancies or SAM practices within resellers - that can provide the help end users need to defend themselves against this growing threat.