Making sure all the software your organization uses is properly licensed can be a pain but it's clearly important — unless you like dealing with legal authorities. Lots of businesses get themselves into trouble by neglecting the important job of software licensing reconciliation, so I thought I'd talk to someone in the IT field who has expertise in this area to find out what can go wrong and how you can avoid it. Peter Monaghan is a 20-plus year experienced IT professional who like many started off on a helpdesk. He quickly climbed the ladder to engineering with industry certifications (Novell CAN, Microsoft MCSE+I, Sun Solaris CSA, SolarWinds Certified Professional) and then later went on to project management with ITIL and CBCP (certified business continuity professional) certifications, and finally up to management with a BSc in information management from University of Phoenix in 2006. Currently, Peter manages security, corporate monitoring, business continuity preparedness/disaster recovery, and SAP administration, and security for a leading wine and spirits distributor in the U.S. Let's listen now to Peter as he explains the importance of prioritizing software licensing management, gives some examples of violations to show what can go wrong, and asks our readers for feedback on how they keep the licensing police away from their door.
Make software licensing a priority
Software licensing reconciliation is often a priority that finds its way far down the list of things for IT departments to do. Usually right down there with salary adjustments and SOP updates. However, unlike the other two examples, licensing reconciliation can find its way to the top of the priority list in a great big hurry when the software vendors come calling wanting to do an audit or a "true up." Far too often companies find themselves unprepared and caught off-guard. The results can be painful and disruptive for an IT department. And, sometimes, very, very expensive.
Two prime examples come to mind. First, in the spring of 2017, a UK court ruled in favor of the ERP software company, SAP, against the worldwide spirits supplier, Diageo, in an indirect licensing violation case. The court determined that Diageo was violating SAP's licensing T&Cs when they were connecting a third-party app to their SAP ERP. In their claim, SAP asked for £60 million ($82 million) in unpaid fees. Consider that Diageo has hundreds if not thousands of RFC connections to their SAP ERP and they were most likely unaware that they were violating their agreement. Diageo claimed that they were acting in good faith. But SAP's licensing agreements were clear. The impact of this court decision has caused other SAP customers to panic and audit all their systems that are connecting to their SAP ERP to verify licensing compliance by end of the year so that they can avoid the pain of a lawsuit and the cost of fines. The disruption to these businesses is immeasurable.
The second example is when Microsoft made a licensing change for SQL Server back in 2011, aka "The Money Grab." Microsoft decided to change their enterprise agreement licensing in late 2011 for SQL servers from per-processor to per-core without notice. VAR's were on the phone with their customers immediately breaking the bad news and offering their support. Reports of annual licensing fees went from thousands of dollars to millions, and from millions to multimillions. All the while Microsoft customers were getting nothing more in return! This left many companies scrambling to reduce, consolidate, or eliminate SQL servers ahead of their enterprise agreement renewal with Microsoft, usually with only a couple of months' notice. Other key and critical business projects were put on hold to address SQL licensing. In many cases, money, which was not budgeted for, was spent to save money. Once again, the disruption to these businesses was immeasurable.
Keeping the licensing police at bay
"How did this happen?" we ask. How can businesses and organizations allow themselves to be caught off-guard? These are questions that many CIOs and IT directors had to answer to their leadership when they had to ask for more money or explain why projects had to be delayed. Calling SAP and Microsoft to complain or negotiate was about as useful as going outside and yelling at traffic.
Other than the Fortune 100 and large governmental and military entities, there are few business and organizations that have staff dedicated to software licensing compliance. That responsibility usually falls on IT managers and those responsible for asset management. So, how did this happen? Well, a common, and humorous, comparison that I often come across is that Abraham Lincoln's historic and powerful Gettysburg Address clocks in at a shade over two minutes, yet the standard EULA, usually written in indecipherable legalese, for any software these days is more than three pages. (I believe Apple's exceeds 11 pages!) Who has the time or patience to read and digest that?
Now ask yourself, how many software packages and applications do you have running across your enterprise? This should include desktop, server-based, and mobile. Do you, or someone else at your company, know the terms and conditions of the licensing for these software packages? Better yet, are they being regularly audited for compliance and/or usage reviewed to minimize spend? Keep in mind, there is no "get out of jail free!" card for shadow IT in the court's eyes. Fortunately, there are many firms out there ready to provide their services when it comes to software license audits, but for a hefty sum. The alternative is to "kick it down the road" and deal with this issue another day. But what will the disruption level be? It's difficult to predict the next "money grab" and who it will come from. I suspect that as more companies go all in with the cloud the money grab will arise from there. Think about it: IAAS equals cheap space and cheap processing for hungry consumers with insatiable appetites as they try to keep up with the demands of the DevOps consumers.
So, my questions to you, dear reader, are: How do you react when it is too late and the vendor is knocking on your door? How do you remain proactive, stay organized, and prevent sprawl? Do you have all your T&Cs on file? It's 10 o'clock: Do you know where your licensing agreements are? Post a comment here if you have one and/or email Mitch at firstname.lastname@example.org to have your comments included in the mailbox section of a future issue of our newsletter WServerNews, which goes out each week to over 400,000 IT pros around the world.
Photo credit: Shutterstock