In a recent CloudTimes article they ask, “Can Cloud Computing Stop Software Piracy?” The answer really depends on who runs the software in the cloud and how publishers in that context make money, as we discuss below.
The article points to a Business Software Alliance (BSA) study that found that “42% of users admitted to sharing their login credentials to paid cloud computing services with other people”. SaaS publishers that we serve have reported similar levels of abuse. The article highlights that even though the SaaS publisher operates and remains in control of the application in this context, they still might be leaking revenues to unlicensed software use. So, does credential sharing matter? Yes, if you happen to be among the 25% of SaaS publishers that employ a named-user licensing model[i]. In our experience, developing software license policies that allow a given user to access the software from a set of registered devices is an important strategy to minimize credential sharing abuse, as Salesforce.com[ii] and Netflix.com[iii] exemplify.
What if you charged for a SaaS application based on a usage metric, as about 31% [iv] (up from 20% in 2010) of SaaS publishers do? While the CloudTimes article does not discuss it, unlicensed software use in this context refers to scenarios in which enterprises consume more than what they agreed to pay for. For example, for one Flexera Software SaaS application (we have been a SaaS publisher since 1996) where we charge based on the number of unique machines managed by the application during a license term, we have found that about 12% of customers exceed their unique machine quota. Clearly, if you charge based on a usage metric, you need a way to track usage, compare them to entitlements and use this data to drive compliance conversations.
CloudTimes also mentions the notion of “dark clouds” – where an unauthorized party obtains a copy of the publisher’s software, deploys it in the cloud and either uses it or charges for it. Some publishers we serve have shared anecdotes where they have found instances of dark clouds running their software. For example, an intelligent device manufacturer that is pursuing a software-based strategy for telecom and networking products found that their virtual appliances had been downloaded from Amazon EC2 and deployed in another datacenter to drive an unauthorized business. This is indeed software piracy as is commonly understood. Software license enforcement solutions such as those from Flexera Software can be an effective weapon against this form of abuse.
Lastly, enterprises that deploy software in private clouds also run the risk of going out of compliance with the publisher’s software license terms. This is because virtualization technologies that are at the heart of private clouds make it very easy for an enterprise to clone software and over-deploy it. Microsoft has found that 11% of Windows Operating Systems that run as a guest operating system in a virtual environment are unlicensed[v]. In this setting, publishers and enterprises can and should look for a win-win – enterprises should be able to move virtual machines unfettered by software license enforcement while publishers should be able to monetize the value they deliver. Compliance management solutions that track usage of software in virtual environment and report it back to the publisher hold the key to ensuring a seamless experience for enterprises while protecting the interest of publishers.
In summary, while some members of BSA might believe that cloud applications will greatly minimize software piracy, we think the answer depends on the business and deployment model:
- Virtual private clouds greatly increase the likelihood of “piracy” through accidental overuse
- Credential sharing abuse is an issue and takes concerted efforts to minimize