Confessions of a Software Auditor (Pt. 1 of 2)

I have heard many stories about the pain and affliction software auditors have caused many organizations; however, I had not yet met an auditor—until now, this was to be my first time meeting with a software auditor in person. 

We sat across the room from each other in a dimly lit room. I could hardly make out his face, but I remember his eyes. His eyes seemed to pierce my soul. Outside, the rain was coming down hard creating a constant sounding roar. I thanked him for meeting with me. When the auditor spoke, a chill went through my body while he shared his story, or better said, his confession.

He shared an experience about when he assisted in a software audit of a large European organization. The organization was being audited by both Oracle and IBM at the same time. He said that after a full analysis of their license entitlements, his team identified over 150 million euros of software licenses that were not properly licensed across both software vendors.

I couldn’t believe what I was hearing. I asked him, “How is it possible that an organization can get into this type of situation?” I then mumbled, “Do they not read their software license contracts?”   

Although I could not be sure, it seemed as if for a second, he smiled before leaning forward in his chair. “Read their contracts?” he said. “You don’t understand, it’s not about reading the contract, it’s about understanding the contract.” 

He explained how so many organizations get into trouble with software vendors because they don’t invest in the resources required to understand and manage software licenses. He gave me details about IBM, Oracle, Attachmate, Adobe, and Microsoft licensing models that gave me some insight into how so many organizations are failing their software audits.

Regarding IBM software licensing, he asked me the following questions:

  • Did you know ILMT is a contractual requirement to be installed on every server that has an IBM product installed? Unless the customer has a prior agreement with IBM to use other tool combinations to discover, measure, and report IBM product usage, ILMT is the only tool that can be used. If not, you will violate your license agreement.
  • Did you know that IBM releases over 3,000 license changes a year, and they have over 100 license metrics? Some IBM products could have up to 5 or 6 different license metrics depending on what a customer has purchased.
  • Did you know virtualization can have a huge impact on licensing, especially if clustered? A customer could purchase sub-capacity licensing which could in fact require full capacity licensing under an audit, depending on how the servers are configured.
  • Did you know that bundling IBM products is quite challenging when it comes to understanding how the software licenses should be applied? He explained that when products reside on different servers, customers could end up paying for unnecessary licenses on products if they don’t understand what licenses are covered by a bundled license

The software auditor went on to explain how organizations often miscalculate their Oracle licenses.

Regarding Oracle, he asked me the following questions:

  • Did you know that different versions of VMware affect Oracle database program licensing differently? Customers must be sure to understand the deployment of Oracle products within the virtualized environments in order to avoid under-licensing inflicted by different versions of vCenter/vSphere.  Different versions of Hyper V and Xen will also affect many Oracle program licensing models.
  • Did you know Oracle will accept partitioning as a legitimate way to reduce licensing requirements? Furthermore, Oracle accepts its own product called OVM as an acceptable form of partitioning. 
  • Did you know that Oracle’s licensing rules are much more flexible for clients using the Oracle Cloud than to third-party cloud environments?
  • Did you know that if an organization decides not to renew their Unlimited License Agreement (ULA), they need to certify the usage of all products included in their contract within 30 days of the ULA expiration? He explained that many customers don’t realize that 30 days isn’t enough, and that more than 30 days is needed to do this exercise.

I then asked the auditor, “What ever happened to that large European company that was audited? Did they pay the penalties?” He said, “They hired a software license optimization company to help them negotiate with us.”   

He explained to me that the rep from that firm successfully mitigated the penalties from 150 million euros to 8 million euros. Furthermore, he was able to negotiate a payment and he negotiated their upcoming software license contracts so that the organization would not find themselves in this situation again.

After sharing his experiences with me, the software auditor sat back in his chair and told me he was tired. He agreed to meet with me again the following day to share his experiences with Microsoft, Attachmate, and Adobe.

Be sure to check out Part 2 in this series: Confessions of a Software Auditor (Pt. 2 of 2)