Gartner’s new report, Software Vendor Auditing Trends: What to Watch for and How to Respond (May 23, 2012) contains interesting food for thought for enterprises. According to the report, 65% of the respondents in a recent Gartner survey said they had been audited by at least one software vendor during the past 12 months. The vendors reported as auditing for software license compliance most frequently were (in alphabetical order) Adobe, Attachmate, Autodesk, IBM, Infor, Informatica, Microsoft, Oracle, SAP, Symantec and VMware.
The report goes on to point out the myriad license compliance issues of each of the high-audit vendors, along with Gartner recommendations for how to best address these issues. A close reading of the Gartner “primary area of risk” portion of the report highlights a common thread that enterprises must take into account in order to be “software audit ready”. Here are a few short snippets:
- Adobe: “…Inventory discovery tools cannot ensure compliance with all license terms and conditions, such as the contractual restriction that Adobe Acrobat forms may save no more than 500 completed responses without a server product license, as these tools identify only the software installations and not the way in which the software is used…”
- Attachmate: “…In many cases, customers are confused about the difference between the mainframe and thick-client (standalone) versions of the products, and about the ways in which they can be used…”
- Autodesk: “…Autodesk's license models are complex and confusing, particularly the way in which subscription entitlements and prior version rights work… Autodesk products are notoriously difficult to audit and many clients find that their incumbent tools are unable provide the necessary information to demonstrate compliance with negotiated license terms and conditions…”
- IBM: “…IBM has announced and set forth a new International Passport Advantage Agreement (IPAA), effective 18 July 2011, with changes to terms and conditions… When reviewing [license]entitlements, ensure that these terms are updated in your contract and SAM databases and processes to track and manage compliance…”
- Infor: “…Risks include failure to comply with the usage rights for software licenses, source code and object code, for software licensed now or previously by Infor, Baan, SSA Global, Lawson Software and other licensors' products acquired by Infor… Infor customers are often not aware of these limitations or issues as IT asset management and IT procurement may not be actively reviewing these older license agreements…”
- Informatica: “…Customer [software] audits seem consistently to target several key areas of Informatica functionality. Because PowerCenter (and many Informatica products) are licensed on a per-CPU-core basis, customers need to ensure they are not deploying the software on more CPU cores than they are licensed for…”
- Microsoft: “…The most common compliance issues faced by Microsoft customers typically relate to a lack of understanding of the subtly nuanced licensing requirements…”
- Oracle: “…The primary areas of risk appear to be vague areas of license metrics and usage entitlements, including changes in license metric definitions that may show up in ordering documents that differ from those of some earlier deals…”
- SAP: “…SAP license bundles have shifted considerably over the years. The exact bundle was generally not well defined in contracts, which now makes it difficult for clients to know whether they are entitled to use specific software in their agreement…”
- Symantec: “…Both desktop and server virtualization require a detailed check of license terms…”
- VMWare: “…An ELA (Enterprise License Agreement) grants licenses for software to be deployed and used before the ELA expires. Customers who set aside licenses just in case they might be needed in future can find that these licenses are not covered under the terms of their current ELA, especially if it is uncapped…”
Even a quick reading of this Gartner report reveals that enterprises cannot hope to be compliant and software audit ready if they only concentrate on inventory and counting of licenses. Indeed, the greater risk comes from not being aware of the complex licensing terms and product use rights contained in each software license agreement, and ensuring that users are at all times compliant with those terms.
Gartner provides excellent recommendations on the actions that enterprises should take to ensure compliance with those license terms. The question remains whether those recommendations can be put into action without automation. Given limited time, resources and the enormous complexity around software asset management and license optimization, I think not. Having automated license management solutions in place capable of tracking license terms, applying software product use rights, and reconciling software installations and usage with license entitlements would seem to be the only practicable solution to assist the resource-challenged software asset manager implement Gartner’s recommended approach.