If you run software for a business, take note: Vendors are watching you closely.
Corporate users are expected to pay in full for all the ways they use a vendor's software, and on what systems, and for all the people who use it, and maybe more. Complicating matters further, the rules can often change.
It's not easy for enterprises to keep track of every penny, but vendors do. Tales of the widely dreaded "compliance audit" are increasingly common.
"Vendors are putting more pressure on customers," said Craig Guarente, co-founder and CEO of Palisade Compliance, which helps Oracle customers negotiate with the database giant. "They're definitely using audits to get leverage with their clients."
For example, a vendor may question the company's compliance in one area and use that as an excuse to call for a brand-new cloud contract. The message: Sign that contract, and those issues will be overlooked.
"As software vendors hunt for top-line growth, they turn to license audits as a means of generating additional revenue," said analyst Frank Scavo of Strativa. "Some go so far as to sue their customers for years or decades of alleged underpayment."
Licenses are often unclear in many ways: Some fees are based on the number of users, others on CPUs, others on transaction counts, and others on different metrics altogether. SAP's licensing terms, for example, include the squishy concept of "indirect access." Oracle often zeroes in on the ambiguities associated with virtualization.
Even if a company has controls in place, "they can hit you with something spurious, tentative or made up," agreed Duncan Jones, a vice president with Forrester. "They're sort of like, don't ask, don't tell, thanks for the money."
A Tuesday report from software asset management company Flexera underscores those trends. A full 65 percent of enterprises surveyed for the report have faced a software license compliance audit by a vendor within the past year; 44 percent paid $100,000 or more in so-called "true-up" costs as a result.
Organizations typically do not have enough licenses for some software, but they also often pay maintenance on software they are underutilizing, Scavo said.
"I’m working with one client right now that went through a significant downsizing several years ago," he noted. "Although they are back on a growth path, they are paying for more ERP licenses than their current user headcount requires. The vendor thus far has been uncooperative in allowing them to cut back their license count."
The problem has become particularly acute as vendors have begun shifting their marketing and sales efforts to the cloud, even as they continue to rely on traditional license revenue to keep investors happy.
"They claim great adoption of new cloud products, but actually it's coming from these audit threats," Jones said.
Many licensing and audit groups are siloed off from the rest of the vendor, too, so they don't see the damage their efforts can inflict on customers' long-term relationships with the company, Jones said.
Vendors may like the revenue boost they get from audits, but in the long run, "it can kill off opportunity," he said. "I've heard from a customer that had been buying from IBM for 50 years, and they said, 'No more.'"
Vendors' legal threats in this area aren't likely to stand up in court, but few companies have been willing to take the chance, Jones said.
So what's an enterprise to do?
"Companies need to take their software licensing seriously," Guarente said.
Guarente's firm asks clients to think hard about three things: "What do you own, what are you using, and what's the difference?"
Small companies can get by tracking their license compliance manually, but "if you have more than a handful of software agreements, it’s probably money well spent to invest in some sort of software asset management system," Scavo said.
It can also make sense to have a third party come in periodically to audit your compliance, especially if you are planning to defect from a vendor, he said.
Vendors tend to have the "home field advantage" through their intimate familiarity with contract terms, so customers need to learn how to refocus the conversation on the long-term relationship, Forrester's Jones said.
"If customers collectively stand up to software companies," he added, "they may have a stronger position than they imagine."
Oracle, SAP and IBM could not immediately be reached for comment.