The major shift to cloud computing, largely towards technology and applications by Amazon and Google, has unleashed uncomfortable pressures on major corporate companies that still utilise their software ‘on-premise’.

A number of the traditional software heavyweights, such as Oracle and IBM, have decreasing on-premise software revenues whilst seeing unexpected challengers take much of the new cloud services revenue.

To underline the point: despite the huge opportunities in the cloud market, Oracle’s revenues have crept up by just 7% in six years, while IBM saw its revenues fall for 22 successive quarters from 2012, only bottoming out this year.

By contrast, over the past 12 years, Amazon Web Services has gone from non-existent to a $24 billion cloud business. Meanwhile Google has seen significant success with its G-suite, launched in 2010 and already a $4 billion-per-annum business.

So, with cloud computing now increasingly dominant, what do the on-premise providers do? The answer for many traditional software vendors has been to turn to their own existing client-base for revenue generation – they do this by exercising contractual rights for ‘software license reviews’.

The imposition of heavy penalties

The rights to review a company’s software licenses are part of the license terms. They entitle the vendor to access to the customer’s IT infrastructure, analyse data as to software usage and to require co-operation.

These reviews – or software audits, as they are generally referred – are often carried out on behalf of the software vendor by major accountancy firms such as Deloitte, EY, KPMG or PwC or, in Oracle’s case, its License Management Services division.

Invariably, shortfalls are exposed for some products with the consequent demands being unexpected and onerous. Not only can, contractually, the vendor impose penalties, but they can also insist that the new software purchases are at list prices, and that audit costs and 2-3 years of back support are paid.

Of course, no credits are given or refunds made if any over-licensing is uncovered (software for which too many licenses had been acquired) or if software has been installed but is not in use.

Audits come around in regular cycles, but with shifting technology usage such as virtualisation, corporates can rarely know whether their existing matrix of licenses correlates directly and exactly to usage.

Microsoft, SAP, Oracle and IBM have thousands of product lines, versions and license metrics that change regularly. On top of that, the complexity of remaining compliant is compounded by opaque and ambiguous contract wording, often shored up by guidance notes, white papers, policies and website downloads.

3 Things That Will Change the World Today

The result: customers are immediately on the back foot.

On the one hand, the company is understandably anxious about reputational risk; are they going to be exposed for copyright infringement, they will ask. On the other, the customer fears that key business applications could be turned off because of alleged license shortfalls. The business has little room to manoeuvre. So they pay up – often at prices greatly in excess of commercial deals available on the market.

A new battleground

The amounts sought can be eye-watering. Diageo was found liable in the High Court last year for under-licensing when it opened up its ordering to customers using iPads rather than, as previously, only utilising a call centre. The ‘indirect access’ claim by SAP totalled more than £58 million.

In another case, ABN-InBev, the world’s largest brewer, was impaled in another under-licensing claim by SAP for $600 million. The matter was eventually settled in a New York arbitration late last year for an undisclosed amount.

These two claims represent only a tiny visible fraction of a new battleground, with hundreds of corporates receiving notification letters that have been ‘selected’ for such a license review by one of the major vendors.

The audits carried out are often bruising and confrontational, with many customers determining never to give further business to that vendor. But until the legacy system usage can be fully removed, the customer remains exposed indefinitely.

There has been some backlash. In Chile, its National Economic Prosecutor’s Office (FNE) obtained evidence from 115 customers of Oracle and subsequently secured five undertakings from the software giant to reduce the impact of ‘erroneous’ or ‘automatic’ installation of programs by users.

Finally, in California multiple class action lawsuits were issued in August on behalf of Oracle shareholders alleging, amongst other claims, that Oracle threatened current customers with “audits” of their use of the Company’s non-cloud software licenses unless the customers agreed to shift their business to Oracle cloud programs.

In response, some vendors have sought to placate the market. In Europe, SAP introduced improvements to its licensing terms earlier this year after fierce criticism over the ambiguities  as to whether and to what extent ‘indirect access’ to SAP systems needed licenses – particularly after the risk was so clearly exposed in the Diageo case.

SAP admitted: “User-based pricing worked well in the past and it still does to some extent, but it does not work for indirect usage scenarios.

“It is a decades-old problem, and SAP is not the only one facing it. It is a very complex challenge and we won’t be able to solve it overnight.”

Despite such discontent, many corporates are, for reasons of data security, business risk or continuity, unable to shed their on-premise software usage in favour of newer cloud services with different providers. Until they do so, letters inviting a customer to accede to a software audit will continue to be the start of a bruising and expensive process.