In a recent article in The Wall Street Journal titled, Software Audits Ding Businesses for Millions of Dollars, the author highlighted the increasing prevalence of audits by software publishers and the resulting unscheduled expenses (sometimes large amounts) enterprises are asked to pay for non-compliance.
I believe that such an attitude of one-upmanship between software publishers and customers is unnecessary as most enterprises that are the target of software audits are honest and want to be compliant.
Unfortunately, they do not have an easy way to do so. A typical enterprise licenses numerous software products from different publishers, each having different licensing terms and enforcement mechanisms. In such a scenario, can software publishers realistically expect enterprises to be aware of their compliance status?
It is fair that software publishers expect to receive credit for every bit of intellectual property that enterprises derive benefit from. However, shouldn't publishers also have some responsibility in providing an easy mechanism for enterprises to stay compliant? If software publishers themselves haven't (or do not want to) figured out a way to monitor compliance status, it is unfair of them to expect IT organizations of enterprises to do so.
To illustrate the challenge by drawing a parallel to a consumer scenario, "Would you be happy if you had no way to monitor your cell phone usage but are expected to pay whatever the service provider tells you each month? Worse still is if you are locked in and cannot switch easily from one provider to the other." This is the vulnerable state of many enterprise customers.
Many prominent software publishers understand this state of enterprises and augment their auditing capabilities (many times making this their core competence) to gain revenues. To defend against this, enterprises use third-party solutions to monitor their license usage. Such an offering, like the software license optimization solution from Flexera Software, is beneficial as it provides enterprises the information required to optimize their software spend as well as to confidently face audits and purchase negotiations. However, this shouldn't preclude software publishers from having a shared responsibility in ensuring software compliance, especially when they are likely to slap a huge bill based on audits.
To reiterate, it is fair game that software publishers expect that they be paid for their intellectual property but the onus on compliance should not be solely on enterprises. Publishers should also take responsibility to help honest customers to be honest. They can do so by adopting the best practice of developing "compliance-aware" software. For more information, read the related blog Making software audits obsolete.
Have you conducted or been subjected to software audits? What are your thoughts / experiences?