Infrastructure as a service attracts many customers interested in cost savings and convenience. Costs may be lower but the chances for an audit may be higher. How best can you protect yourself and your customers?
“We recommend our MSPs license as much as possible in their customer’s name,” says Charles Weaver, president of Chico, Calif.-based MSPAlliance. “Lawyers tell you to move liability to the other parties in every contract. Unfortunately, those other parties [including IaaS vendors] also have lawyers.” Some vendors, like Microsoft, routinely refuse to negotiate their contracts.
The companies most likely to conduct license audits on-premises are also the most active in IaaS situations. The “big five” auditors are Microsoft, Adobe, Autodesk, Oracle, and SAP, according to industry reports.
“Oracle audits maybe 20 to 30 percent of their customers each year,” says Dao Jensen, CEO of Kaizen Technology Partners, a San Francisco-based firm that helps its clients lower costs from their IT service providers. “Companies like Microsoft take hard looks at your licensing, and that hasn’t changed with cloud services,” she says.
Weaver agrees, saying vendors have gotten more aggressive about audits. His advice? “First, have good contracts with your partners and your customers. Spread the risk reasonably across all parties—make sure you don’t take all the risk. Second, get insurance. Cover intentional and unintentional errors and incidents,” he says. “Finally, MSPs need to get audited themselves.” And that’s not just for their software licensing, Weaver explains; MSPs also need to have a full IT audit to make sure they aren’t taking on unnecessary risk.
Interestingly, it’s the little-noticed software that often causes the most problems. When you set up a cluster for a client, for example, who is responsible for the Microsoft server licenses? You, the customer, or the IaaS provider? And if the customer uses Microsoft Remote Desktop to access the IaaS provider, does that customer have the correct number of licenses?
Jensen also looks at acquisitions and mergers. “If your company buys another, do you have enough licenses in total?” She adds, "Sometimes your license agreements are more important than the service pricing." For example, it may be worth paying for services from Microsoft Azure versus a second-tier provider that can't, or won't, guarantee its licenses are properly managed. Audits and fines are always more expensive than a few more cents per stored gigabyte. You may need an outside consultant to guide you through the licensing swamp.
Weaver suggests looking at your clients to verify there are no shadow IT projects that could cause licensing and support surprises. In addition, don’t take on unnecessary licensing obligations in a mistaken attempt to shield your customers. If something happens to you, all your customers may be exposed.
Fines are based on each single licensed item. So 20 extra Remote Desktop users won’t be one fine against your RD license but 20 individual fines.