GSA UK - Software Audits: a Real but Manageable Threat

Founding Member of FormIGA – the global Industry for Good Alliance

Home
RESOURCES
Industry News
Software Audits: a Real but Manageable Threat

Software Audits: a Real but Manageable Threat

3 Sep 2015 12:00 AM | Anonymous

Business enterprises today are increasingly susceptible to vendor audits of their software portfolios – audits that can expose significant violations of licensing terms and result in millions of pounds in fines and penalties. Several factors are driving this trend and software vendors face declining sales of new products – and audits represent a potentially lucrative new revenue stream. In addition, implementation of new technologies such as cloud and virtualisation can wreak havoc with an enterprise’s licensing portfolio, as can a merger, acquisition or divestiture. Vendors, meanwhile, are becoming more and more attuned to signs of vulnerability from their customers.

In this environment, an effective sourcing strategy that leverages third-party expertise, in-house resources or a combination of both is imperative. Such a strategy can drive enterprise-wide asset management that maintains visibility into licenses, contract terms, utilisation and pricing. This insight enables customers to demonstrate compliance and – whether or not they are audited – improve their contractual terms and supplier relationships.

A number of factors can drive violations of software usage. Volume licensing agreements allow businesses to deploy assets directly to large numbers of users, leading many customers to over-deploy products. This results in the acquisition of software without adequate tracking or inventory management processes, thereby putting the enterprise at risk.

Vendors also offer customers licenses to “sandbox” new products in test environments. Under such agreements, customers often freely share access to the new products, without realising that in fact the license allows for only one user.

A wide range of “red flag” events signal to a vendor that a customer is likely to be out of compliance with contractual obligations for licenses. The most commonly cited is involvement in a merger, acquisition or divestiture. Enterprises dealing with organisational disruption, new geographical and legal jurisdictions and the release and acquisition of users and software licenses are highly vulnerable to compliance violations.

Organisational growth that’s not accompanied by additional purchases of software license is another common audit trigger. Vendors also scrutinise accounts for signs of attrition of licensing expertise – experts in the arcana of software agreements are rare and their departure leaves a significant gap that won’t go unnoticed.

In a broader sense, the implementation of any new and innovative technology also increases the risk of non-compliance. Virtualisation initiatives that move workloads around a heterogeneous server infrastructure and cloud-based IaaS, SaaS and PaaS deployments can all significantly impact licensing terms and contractual structures. Reconciling legacy agreements to the conditions of transformed environments presents a daunting challenge. In the context of today’s rapidly changing marketplace, any technology implementations should be viewed as a potential audit trigger as well as a sourcing event.