This post is in response to a LinkedIn post entitled "A Customer Asked Oracle for EULA Help and Here's What Happened" - Originally posted on ITAM Channel web site (HERE).
Here's my comment with additional supportive data:
"Lesson learned - for the thousandth time: Do NOT engage the copyright holder (or its 'independent auditor' friends) in conducting a review of your software portfolio. The result is invariably a costly punitive audit of your enterprise - often followed up by 'me too' audits as other copyright holders 'discover' that you can't effectively manage your technology environment.
Reality Check: It isn't just Oracle - it's nearly every major software publisher and a large percentage of the less than major publishers.
Reality Check Number 2: Since we began recommending that asset managers monitor settlements and keep them in an "Audit Trends" notebook, the software industry and its enforcement friends have nearly eliminated ANY public reference to a majority of audits. When virtually no one knows the true negative impact of software audits, then no one will be effectively prepared to counter one. (And we STILL don't "get it" that we're being hunted in a seriously crooked game of software safari.)
It's been over twenty years since the software industry players ramped up their predatory enforcement actions, yet the average enterprise remains virtually clueless regarding the risks they take in not proactively, and aggressively, managing the entire life cycle of software goods, services, and contractual relationships.
Try this on for size: You know those 5% of audits that are actually made partially public? The amount of the fines in the publication represents less than 1/3 to 1/6 of the actual financial impact of the audit on the targeted enterprise. (To put it more clearly, actual audit costs are between 3 and 6 times the published fines - and that's a VERY conservative percentage.)
If you have ANY doubt (even if you have no doubt), get your people trained in effective software and copyright compliance assurance. Be sure that your asset managers understand the wide range of license types and the potential of each license to put your enterprise at risk. Or, if you really want to pay more for less, carefully vet ANY group you hire to help you with license management.
Historically speaking, in the mid-90s, the client-server software industry players discovered that they could take a page from the mid-range and mainframe players and gain a significant revenue stream merely by auditing their customers for license compliance. Through their own attitudes, they created an "us versus them" atmosphere within an entire industry.
This predatory audit attitude was made even more lucrative when many of the software players and their friends began hyper-enforcing license terms and conditions. Highly paid legal teams began re-crafting software license agreements to include multiple onerous terms and conditions (Ts and Cs). These Ts and Cs were intentionally built to ensure that virtually any enterprise without a crack legal team of its own would be guaranteed to violate at least one--frequently more--license clause (or clauses).
Result? Instant violation.
Couple these new license styles and a downright greedy audit attitude with intense lobbying to create even more consumer unfriendly copyright-related laws and regulations and the entire world is now expected to view ineffective software asset management as intentional software piracy.
Think I'm wrong? Read any settlement relating to software license violations. In excess of 90% of these will blithely label any licensing mistake - any level of non compliance - as piracy. After all--piracy generates better publicity than inability to manage the asset.
So? The result? Software publishers literally leap at ANY opportunity to audit your enterprise, and if your enterprise is a small- to medium-sized company, you get to be in their 'favored target status group'. Companies in these categories have proven themselves easy audit targets as well as being the most willing to merely write a check when confronted. Keep in mind that any sane corporate lawyer--even the part-timers--will always push to settle out of court--hence the ease of confrontation to settlement audit opportunities.
Want to become a target? Here's the brief list of options:
I could go on, but you should get the picture by now. Non compliance is not about licensing. It's about revenue streams and licensing sharp practices. As business technology consumers we have to wake up and recognize that we're being constantly placed on the defensive--reacting to supplier predatory audit practices. There are only two realistic methods to minimize these audits.Here's my comment with additional supportive data:
"Lesson learned - for the thousandth time: Do NOT engage the copyright holder (or its 'independent auditor' friends) in conducting a review of your software portfolio. The result is invariably a costly punitive audit of your enterprise - often followed up by 'me too' audits as other copyright holders 'discover' that you can't effectively manage your technology environment.
Reality Check: It isn't just Oracle - it's nearly every major software publisher and a large percentage of the less than major publishers.
Reality Check Number 2: Since we began recommending that asset managers monitor settlements and keep them in an "Audit Trends" notebook, the software industry and its enforcement friends have nearly eliminated ANY public reference to a majority of audits. When virtually no one knows the true negative impact of software audits, then no one will be effectively prepared to counter one. (And we STILL don't "get it" that we're being hunted in a seriously crooked game of software safari.)
It's been over twenty years since the software industry players ramped up their predatory enforcement actions, yet the average enterprise remains virtually clueless regarding the risks they take in not proactively, and aggressively, managing the entire life cycle of software goods, services, and contractual relationships.
Try this on for size: You know those 5% of audits that are actually made partially public? The amount of the fines in the publication represents less than 1/3 to 1/6 of the actual financial impact of the audit on the targeted enterprise. (To put it more clearly, actual audit costs are between 3 and 6 times the published fines - and that's a VERY conservative percentage.)
If you have ANY doubt (even if you have no doubt), get your people trained in effective software and copyright compliance assurance. Be sure that your asset managers understand the wide range of license types and the potential of each license to put your enterprise at risk. Or, if you really want to pay more for less, carefully vet ANY group you hire to help you with license management.
Historically speaking, in the mid-90s, the client-server software industry players discovered that they could take a page from the mid-range and mainframe players and gain a significant revenue stream merely by auditing their customers for license compliance. Through their own attitudes, they created an "us versus them" atmosphere within an entire industry.
This predatory audit attitude was made even more lucrative when many of the software players and their friends began hyper-enforcing license terms and conditions. Highly paid legal teams began re-crafting software license agreements to include multiple onerous terms and conditions (Ts and Cs). These Ts and Cs were intentionally built to ensure that virtually any enterprise without a crack legal team of its own would be guaranteed to violate at least one--frequently more--license clause (or clauses).
Result? Instant violation.
Couple these new license styles and a downright greedy audit attitude with intense lobbying to create even more consumer unfriendly copyright-related laws and regulations and the entire world is now expected to view ineffective software asset management as intentional software piracy.
Think I'm wrong? Read any settlement relating to software license violations. In excess of 90% of these will blithely label any licensing mistake - any level of non compliance - as piracy. After all--piracy generates better publicity than inability to manage the asset.
So? The result? Software publishers literally leap at ANY opportunity to audit your enterprise, and if your enterprise is a small- to medium-sized company, you get to be in their 'favored target status group'. Companies in these categories have proven themselves easy audit targets as well as being the most willing to merely write a check when confronted. Keep in mind that any sane corporate lawyer--even the part-timers--will always push to settle out of court--hence the ease of confrontation to settlement audit opportunities.
Want to become a target? Here's the brief list of options:
- Call technical support
- Displace virtually ANY major software product with one from a competitor
- Call and ask for licensing help
- Order upgrade licensed products
- Acquire ANY "free" software products
- Forget about removing demo or eval licensed products
- Purchase COTS products at your local office supply store
- Buy ANY software title online
- Accept named user licensed products
- Distribute products across your enterprise without reading the permissions
- Speak the wrong sentence to a supplier rep or software publisher rep
First:
Get trained to proactively manage the entire software portfolio of goods, services, and contractual relationships. That means REAL training, not training developed or sponsored by the very enterprises that have set you up for audit in the first place.
Next:
Carefully negotiate every license with compliance in mind. Recognize that the absolute root cause of 90% of license non compliance is the reality that business technology consumers simply have no clue how licenses actually work. In a majority of cases, those being audited have never read those licenses, let alone negotiated the onerous terms and conditions out. When we recognize that the supplier fully intends to hyper-enforce all license clauses, why wouldn't we ensure that those licenses are negotiated to be mutually beneficial?
Closure: Yes, you could contact the software publisher when you are concerned about compliance issues, but it's nearly a 100% guarantee that their first response is going to be to audit you.
Time for some serious changes?