Study reveals more than half of companies have faced software audits within the past two years. Microsoft, Oracle, SAP, and IBM top list of auditors.
7 Super Certifications For IT Pros
(Click image for larger view and slideshow.)
The five vendors mostly likely to audit corporate software licenses are Microsoft, Adobe, Autodesk, Oracle, and SAP, in that order. Among organizations with 10,000 or more employees, IBM took the number-four spot, bumping Oracle to number five, and moving SAP off the top-five list.
These are among the findings of the "2013 Software Audit Industry Report," a survey released last month by Express Metrix, a provider of software asset management software. Based on interviews with 178 senior IT managers at North American companies with 500 or more employees, the study found that 53% of respondent firms have been audited within the past two years. Companies with 5,000 to 9,999 employees were the most audited, followed by firms with 10,000 to 25,000 employees.
Audits are inquiries (and sometimes systems-monitoring investigations) to ensure that every copy of installed software is actually licensed. Anecdotal reports indicate that audits are on the upswing. Express Metrix launched its survey to create an annual benchmark that will yield reliable statistics on trends. Auditing used to be carried out primarily by the vendor-funded Business Software Alliance (BSA), but that's changing, according to Dawson Stoops, a co-founder and VP of sales at Express Metrix.
"The BSA is still doing audits, but many vendors, because of their need to drive revenue, have taken on the task of doing audits themselves," Stoops said. "Now that industry groups and individual vendors are both auditing, we're seeing more activity."
The top-five list shouldn't be surprising in that these are among the leading software suppliers around the globe, and more customers translates into more audits. Rounding out the survey's top-10 list of most-frequent auditors are McAfee, Attachmate, VMware, and Symantec. With these and other prominent suppliers of software now auditing, the question isn't will you face an audit, but when and will you be ready?
Tracking software installed versus software licensed may sound straightforward, but when companies have hundreds, thousands, or tens of thousands of users, things can get complicated. Carolina Container, a High Point, N.C.-based packaging company, was audited by Microsoft last year, and JC Coleman, the company's network administrator said "it caused a lot of headaches."
"I had to come up with real numbers, real quick -- for every operating system, every Office suite, every SQL Server, Visio, PowerPoint -- everything," said Coleman.
The company's calculations were complicated by the fact that Carolina Container makes extensive use of terminal services (also known as remote desktop services). "Over half of our environment is thin client, so I couldn't scan anything to know who had what access to what software," Coleman explained -- an observation that hints that virtualization and private-cloud delivery might also complicate licensing matters.
Microsoft was ultimately satisfied with the numbers that Carolina Container reported and the company had only a minor increase in licensing fees. The biggest hit, according to Coleman, was the time it took him and his staff to come up with accurate numbers. Vowing not to repeat that experience, Coleman said he has since licensed Express Metrix's software in part because it can track software usage through terminal services as well as conventional installations.
If companies track software and licenses at all, they often do it with a mix of spreadsheets, file cabinets, and purchasing systems, according to Stoops. But that leads to a reactive approach when vendors give notice that they plan to audit -- a right they have stipulated in most every software licensing agreement. Stoops said software asset management (SAM) systems monitor actual software usage and enable companies to take a proactive approach that might help them eliminate shelfware and reduce license and maintenance fees.
"Our software gives them an inventory of what they have, reconciles that with what they own, and, over time, gives them detailed insight into what's actually being used," said Stoops. "So when a vendor says, 'We're going to do an audit in two weeks,' the CIO can be ready and say, 'Great, bring it on.'"
With the rise of auditing, the entire SAM category -- with vendors including Express Metrix, Flexera, and Snow Software -- has gotten a lift. Larger organizations tend to use IT asset management systems to track software as well as other intellectual property. Indeed, Stoops said Express Metrix licenses its technology to IT asset management system providers including IBM and BMC.
While SAM software introduces yet another piece of software that has to be licensed and tracked, Stoops described it as "audit insurance" and said it typically costs $10 to $20 per user. A "freemium" version of the software, introduced last week, inventories software on up to 1,000 machines, but you'll have to buy the paid version to get software usage tracking and advanced features for tracking software licenses.
Doug Henschen is executive editor of InformationWeek, where he covers the intersection of enterprise applications with information management, business intelligence, big data, and analytics. He previously served as editor-in-chief of Intelligent Enterprise, editor-in-chief of Transform magazine, and executive editor at DM News.
Solid state alone can't solve your volume and performance problem. Think scale-out, virtualization, and cloud. Find out more about the 2014 State of Enterprise Storage Survey results in the new issue of InformationWeek Tech Digest.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.