It’s no secret that the software industry has an audit addiction. It’s an easy way to drive large growth numbers without having to put the effort into providing a true solution selling experience for the client. It’s even easier for them when they don’t need to concern themselves with worrying about your customer satisfaction. A vendor like Microsoft is generally concerned about your customer satisfaction before an audit starts and will continue to be concerned about it post audit. In fact, your Microsoft account team is evaluated very rigorously on your customer satisfaction and they are very concerned about the risks that audits/SAM engagement have on it.
Smaller vendors such as AttachMate and OpenText have been watching and see how relatively easy it is to drive a gap in an audit situation. The problem is that the shared risk that exists for the larger software vendors doesn’t necessarily exist in these situations. The risk for you is that these vendors often represent only a small amount of your annual software spend. As a result, there is less risk for them to audit you as they can view any findings as pure upside.
A common tactic we are seeing is that they approach you and request that you conduct an internal assessment which seems benign on the surface. Usually one of the questions in their site survey document asks if you use virtualization technologies in your environment. Once you confirm that you have virtual environments they will frequently shift the engagement into a more formal audit.
What they are hoping to find is that you have virtualized one of their applications such as OpenText Exceed and have accidently provided possible access to it to a large number of your users. On the surface this seems pretty par for the course in software licensing. Where It becomes predatory is when you realize that there is a subtle change in how OpenText and AttachMate license several of their products. Most major vendors license their applications on a per user OR per device basis. OpenText and AttachMate often license on a per user AND per device basis. The number of licenses required in these cases is the result of the number of users multiplied by the number of devices. Just think about that for a moment and let it sink in:
Number of Users X Number of Devices (this includes mobile devices)
We have seen situations where a client’s annual spend with one of these vendors has historically been in the $150,000 range suddenly being presented with a one-time bill in the hundreds of millions of dollars because a server setting was wrong. Of course, you will fight this and negotiate it down but it won’t be easy, it will be time consuming and it will still be expensive and unbudgeted. It also won’t feel fair and this is why I consider this tactic predatory. It’s also been successful and I expect that more smaller vendors will be looking closely at your virtual environments.
So what can you do about these sorts of vendors and tactics? Here’s my short list of top recommendations: Re-check your virtualization settings. Make sure that you have your user community set up so that users only have access to the applications they require. I can’t stress this enough!
I also recommend engaging MetrixData360 to do an internal self-assessment of your licensing. We will review both your software entitlements and your deployments. The result will be a report that identifies any licensing shortfalls, opportunities for licensing optimization and provides recommendations to deal with any licensing gaps.