Software licensing: the 'trust but verify' approach

Successful business relationships depend on trust between buyers and sellers. However, the software industry has historically struggled with trust as it relates to the exchange of fair value. Many companies find themselves with unintentional overuse despite their desires and best intentions to avoid it.

Application producers provide the customer with an application based on an understanding of how the customer will be entitled to use that product across the organisation. Application producers typically enforce how the product will be used with a licensing model that protects and monetises their intellectual property. Over time and depending on the markets and segments the producer serves, the producer may adapt a different licensing model based on changing customer needs or they may choose to adopt multiple licensing models. These dynamics make getting compliance management right very difficult. Those companies that get compliance management right are able to optimise revenues while delivering an even better experience to their customers. And those that don’t risk losing revenue and alienating their customers in the process.

Pros and cons of traditional compliance management approaches

Compliance management approaches vary greatly from producer to producer and, frequently, from product to product within the same producer. While the industry has gravitated to some common approaches, there are diverse options available.

Strict enforcement - Some companies have implemented a licensing approach of strict enforcement. Under this approach, entitlements are enforced by licensing mechanisms that may either completely disallow access to software when usage exceeds licences or only allow some limited amount of ‘overdraft’ leeway.

Software audit only - Another common compliance approach is the software audit. The software audit only approach (an approach where the producer has chosen not to use any enforcement mechanisms in their products) removes the barriers to software use by making it easy for customers to broadly use the software throughout their business.

Enterprise (‘all-you-can-eat’) licence agreement - Many large companies have long preferred enterprise (all-you-can-eat) licence agreements. Under this approach, the producer provides software to the customer without stipulating specific restrictions on use (may include very limited or no enforced licensing) - although certain limits and conditions may be incorporated into the contract to protect the producer from contingencies such as mergers or acquisitions.

The increasing complexity of software licensing

As producers adapt to embrace new technologies, support new software deployment models and offer their customers new licensing options, they and their customers face growing complexity. For most producers, all of these changes represent additions, not replacements, to the number of licensing models they support as they must continue to support old models for their existing customers.

Software contracts can include a wide range of terms and conditions. The first challenge in engineering the exchange of fair value in a software sale is, therefore, to define use. This is no small matter. In fact, use of software can be defined in many ways including:

Licensing model	Definition of use
Named users	Entitles the customer to have a given number of specified individual employees who use the software.
Concurrent use	Puts no restrictions on who is entitled to use the software, as long as the customer’s total number of simultaneous sessions does not exceed a specified number at any time.
Node locked	Entitles the customer to only use the software on a specified set of end-user desktops.
Server and/or CPU based	Restricts the customer’s entitlement to a specific number of physical servers and/or a specific number of CPUs within those servers.
Transaction based	Entitles the customer the right to execute a specified number of transactions (which must also be appropriately defined) with the software (similar to usage based).
Usage based	Entitles the customer the right to use the application freely then captures usage and shares that usage with the customer. Types of usage data that could be captured include: # of compilations # of pictures sent # of characters translated # of campaigns managed # of drawings rendered # of email messages sent # of CPU minutes # of gigabytes stores # of data converted.
Environmental limitations	The producer bases pricing on entitlement for a particular type of use - ie, in the production environment, in a development environment, or in a disaster recovery environment.

Each of these approaches may be appropriate based on the products sold, the markets served and corporate culture. Producers and customers who enter into these types of contracts in good faith must clearly have some means of capturing usage and ensuring compliance with these various complex models of compliance or use. If they don’t have such a mechanism in place, there won’t be any way to ensure that the terms of the contract are being honoured and that a fair exchange of value is actually taking place. The clear definition of customer entitlements, therefore, only has real meaning when it is accompanied by an effective means of managing and capturing use in the context of those entitlements.

The growing trend towards a trust but verify compliance management approach

Competitive pressures, increasing enterprise interest in subscription models and a desire to improve producer/customer relationships is driving growing interest in a trust but verify compliance approach. Adopting a trust but verify approach is a particularly attractive alternative for application producers seeking to ensure the exchange of fair value in an atmosphere of trust. With this usage-based model, application producers and customers have access to actual customer application usage information that can be reconciled against the customer’s contracted entitlements. The ability to get to a single source of truth regarding entitlements and actual usage is the foundation of a successful trust but verify approach.

Implementing a trust but verify approach automates the entire compliance process. It requires the producer to instrument their products with a usage-based licensing model. Producers who adopt a trust but verify approach benefit from the visibility and transparency of usage data that is accessible by both the customer and the producer. This single source of truth makes it easy for customers and producers to answer the most important compliance-related questions, such as:

• Has use of the software exceeded the terms of the producer agreement? If so, by how much?
• How often has excess use occurred? Is excess use continuous? Is it occurring during specific times of the day, month or quarter? Has it only occurred during infrequent periods of peak business activity?
• Is excess use restricted to specific modules, locations, departments or users?
• What do these current utilisation trends imply about future needs?

With this usage data in hand, application producers and customers can engage in fact-based trust but verify conversations to arrive at mutually agreeable decisions about value received and corresponding fair compensation.

For producers that do not have the internal expertise and resources to develop and support their own usage-based trust but verify software licensing models, they can easily implement automated solutions that provide the necessary licensing infrastructure and mechanisms. Regardless of approach, application producers must have the flexibility to implement a broad spectrum of licensing models within a single product - from strict enforcement to a more open trust but verify approach - to maximise revenues and ensure compliance.

*Tom Canning is VP Asia Pacific, Flexera Software.