Suppliers clamp down on licence compliance

IT managers attending a Gartner conference have described software suppliers as increasingly threatening.

IT managers attending a Gartner conference have described software suppliers as increasingly threatening.

They were also unhappy about suppliers conducting audits to determine whether users are complying with licensing agreements.

IT professionals and Gartner analysts have noted the increased use of software audits in recent months as suppliers look for ways to generate extra revenue from existing users to make up for reduced spending on new licences.

Suppliers such as Microsoft and Oracle have a history of auditing some of their customers, but conference delegates said other software developers are also pushing harder on audits.

Some users are trying to be proactive. For instance, the US city of Chesapeake recently completed a nine-month internal audit of its Microsoft desktop software licences and found itself  to be "in pretty good shape," according to Janet Hadley, an account administrator for the city.

But other users are still getting their licence-tracking in order so that they can be prepared for potential audits.

"We are looking for an asset management tool to help us to track software licences and invoices more effectively," said Ken Walton, a project manager at Verizon Communications.

Verizon can no longer monitor its licensing agreements manually, Walton said, "because we just don't have enough people".

At Harley-Davidson Motors in Milwaukee, software contracts are administered by project managers.

"But that is not what we want to be doing," said Shannon Kaul, an asset manager at the motorcycle maker. So the Harley-Davidson subsidiary plans to add a centralised contract manager "who can also assist with compliance issues," Kaul said.

Jane Disbrow, a Gartner analyst, said IT departments generally do a lousy job of monitoring their software agreements. "If your tech support people are like most tech support people, record-keeping is not their forte," she said.

Toyota Motors recently inked a global desktop and server enterprise licensing agreement with Microsoft that is supposedly "audit-proof", said Charlie Clark, a technician at the automaker's Toyota Technical Center unit.

Microsoft enterprise licence holders "are less likely to be audited" than other users of its software, noted Gartner analyst Alvin Park.

But he has been told by several Gartner clients that they were asked by Microsoft to conduct internal audits on server-based products that are not covered by the enterprise agreements, including SQL Server and server versions of Windows.

Rebecca LaBrunerie, a Microsoft product manager for worldwide licensing and pricing, said that Microsoft has pulled back on the number of audits it conducts.

"That does not mean that we won't talk with our customers about how many licences they have," she said.

Jacqueline Woods, vice-president of global pricing and licensing strategy at Oracle, said the company has kept the number of customer audits it conducts steady at about 400 a year for the past three years.

That works out to less than one-tenth of 1% of Oracle's installed base of 200,000 customers, Woods said.

In addition, at least 25% of the audits Oracle does are requested by the customers themselves, she said.

Candle, the independent supplier of solutions for networked business, confirmed that it has become much more aggressive about trying to curb piracy of its software.

Since launching a formal program a year ago, Candle has audited more than 1,000 of its 5,000 or so customers, said Steve Gerrity, assistant vice-president of contracts and administration.

"We view audits as a cost-effective way to defend our intellectual property," Gerrity said. But he added that Candle has seen an increase of between 1% and 2% in revenue as a result of the audit program.

Peter Beruk, director of antipiracy at Network Associates, said the security software supplier has also recently increased the number of compliance-related audits it is conducting. But it is "not sending out audit letters to 50 customers a week," he added. "We're doing this more on a case-by-case basis."

Even so, some attendees said the audit threat could hurt user-supplier relationships. "It's like the supplier is saying, 'We don't trust you,' " said Pat Kitchen, director of IT administration and co-ordination at packaging manufacturer, Pactiv.

Thomas Hoffman writes for Computerworld

Read more on IT risk management