Why the Traditional Approach to Software Asset Management is No Longer Enough

In this latest podcast, I sit down with four excellent guests to discuss all things legal and ITAM:

We discuss software audits, contracts, clauses, and how ITAM & legal working together can make everyone’s role that bit easier.

If you want to know more about the legal intricacies of ITAM in a podcast, who better to speak to than some lawyers? Listen in to hear us talk about all that plus real estate, Vegas weddings, and some great takeaway points to round it all out too!

Introduction

Speaker 1:

Welcome to The ITAM Review Podcast: News, reviews and resources for ITAM, SAM and software-licensing professionals.

Rich Gibbons:

Hi everyone, and welcome to this latest ITAM Review Podcast. Now, joining me today, I have got an excellent line up from LicenseFortress. I’ve got Michael Corey and Dean Bolton, and alongside them, from Beeman & Muchmore, I have got Art Beeman and Joel Muchmore.

So, if you would like to do a quick introduction. I’ll start with you first, please, Michael.

Michael Corey:

Sure. I’m Michael Corey. And just a little bit of background. I am a co-founder. My background is I have 38 years of working with Oracle. I’m an Oracle ACE today. I’m a VMware vExpert, a past Microsoft MVP. I’m the original Oracle Press author. And I’ve made my living helping customers be successful in the Oracle arena and also the Microsoft arena.

Rich Gibbons:

Awesome. So you should have one or two things to teach us all in this podcast, no doubt.

And then, over to you, Dean.

Dean Bolton:

Hello, all. My name is Dean Bolton, co-founder and chief architect at LicenseFortress. I’m little bit shy on experience compared to Mike. I’ve only got 23 years in this space, mainly around Oracle. I am also an Oracle ACE, a VMware vExpert. I’m an Oracle Certified Master, Exadata certified. Basically, I think I spend too much time on a keyboard, under some fluorescent lights, but for the past 10 years, I’ve been helping customers around enterprise architecture and software license compliance and optimization.

Rich Gibbons:

Awesome. Quite the Oracle pedigree between Michael and Dean there.

And then, Art, I can hand over to you.

Arthur Beeman:

Sure. Yes. Thank you very much. Hello, everyone. Pleasure to be here. I am Art Beeman, one of the founding partners of Beeman & Muchmore. For almost 40 years, I have been a trial lawyer having taken over 30 cases to jury verdict. My practice has been exclusively in the intellectual property space, and since the formation with Joel Muchmore of Beeman & Muchmore, a little over two years ago, we have dedicated ourselves to the micro specialty of representing licensees who have issues with vendors, including audits in this software space.

Joel, I’ll toss it to you.

Joel Muchmore:

And this is Joel Muchmore. I am the other founding partner of Beeman & Muchmore. I was, prior to founding Beeman & Muchmore, a 20-year corporate litigator from BigLaw. And as Art said, about two years ago, we broke away from BigLaw to set up our boutique shop that is focused almost exclusively on software licensing, auditing, and all ancillary matters. Can’t be in software licensing if you don’t have Oracle at the front and center, although we follow trends and have represented plenty of licensees in skirmishes with all the big vendors and all of the emerging, small second-tier vendors, as well. So being able to focus our practice on that has given us a lot of things to look at and compare.

Rich Gibbons:

Nice. So we have got some heavy hitters on this podcast. We’ve got decades of Oracle experience, decades of legal experience, and I don’t think anyone will be surprised that Oracle and legal experience have kind of gravitated towards each other. I think most people listening will have had, to one degree or another, some experience with Oracle audits, contract negotiations, ULA extractions, et cetera. So I think we’re in for a great podcast today.

ITAM: A Shifting Landscape

Now, to get things started, we’ve got a kind of a question/opinion where I think we can begin. And that is, really, the statement that “The traditional approach to ITAM is no longer good enough.” And of course, everyone’s got a slightly different version of what traditional ITAM is, and everyone’s got a slightly different version of where ITAM is going, but I think everyone can agree on sort of 80% of the core tenets.

So, Michael, I’ll start with you. The statement, “Traditional approach to ITAM is no longer good enough,” do you agree? And if so, can you tell us more about it?

Michael Corey:

Sure. I think it helps to have a baseline. So historically, ITAM, simply, the traditional approach was: You got an audit notice and you scrambled to say, “Oh, my God, I need some help. The vendor’s going to come in and we’ve got to figure out what’s going on here,” and you would reach out, and you would either settle on a lawyer. Many times, these lawyers knew nothing about software license consulting. That’s not really what they focused on. Or you would find somebody who specialized in helping customers through the audit process. These were, typically, people that were trained by the vendors themself, and they recognized an opportunity to make money.

The Evolution of ITAM Audits and Revenue-Generation Tactics

Now, clearly understand that if they were trained by the vendor, they had the vendor’s perspective on the audit. Many times, these licensed consultants were very aligned with the vendors themselves because they came from those vendors. And so they made money off the licenses they sold you, they made money off the advice they gave you. They walked you through the audit process. Hopefully, they kept the bill down. You walked away feeling okay about it. And then they would say to you, “You know what? You need an annual software license compliance audit, so I can come in every year, so the next time you get audited, there’s not this big bill of the surprise happening.” And that’s really how the industry worked. In fact, the audit process was… almost generally, people were respectful.

And then something changed. The vendors realized there was a lot of revenue to be made. And vendors, depending on where you are on the spectrum, Oracle and IBM being on the aggressive side, Microsoft probably being known for doing the most odds of anybody, but not as aggressive, but they recognized that the audit wasn’t about compliance, it was about revenue. And that became a game changer because one thing these vendors are all good about is generating revenue and finding new ways to do that. And I would say that’s the traditional approach to ITAM. And once in a while, the vendor had a SAM tool, which was great, if they were being proactive.

Anything anybody wants to add to that?

Arthur Beeman:

Well, Mike, I just think that your point about the identification of audits as being a potential revenue stream for the vendors is critical here because it goes to perspective on an asset. And I think a good comparison is what we saw in the patent world a few decades back, where at one time, a patent was intimately associated and almost exclusively associated with whoever was practicing the invention, and it was tied into their business. And then, someone came along and said, “Wait a minute. We can just make revenue on the paper itself,” and then you had the so-called patent-troll phenomenon, where the patents are collected, curated and asserted, and they really had nothing to do with the original purpose, which, of course, is the protection of innovation, the paper itself. In that instance, the patent became a source of revenue. And here in this space, the paper itself, the contracts, and believe me, that’s easier said than done when you’re talking about the contracts in this space, were identified as a potential source of revenue. And to your point, Mike, it changed everything.

Rich Gibbons:

I think, from my side on that point, I remember during the first year of COVID, so it was some point in 2020, one of the industry analyst companies, I can’t remember which one it was, so I won’t say any names in case I had it wrong, but one of them released a report about the software publishers and how COVID was impacting their revenues, et cetera. And there was a recommendation in there that they increase audits because it was a recognized revenue-generation mechanism. You already had your customer base. It wasn’t very expensive to do. And you were highly likely to get almost free money out of those engagements. So that was probably the most public I’ve seen that spoken about. I don’t know if it should have been, but I think that was kind of proof of what you’ve both said there, that it’s a great way for them to earn some extra cash.

Michael Corey:

By the way, using a term that Dean would say, in the decade that we’ve been helping customers, we’ve yet to find a customer a hundred percent software compliant. And now we’re going into a recession, where customers are going to be really watching their spending and the companies are going to have a dilemma, right? A company like Oracle doesn’t have organic growth, so it’s acquiring companies as a way to grow, but even that is going, “Oh, can only take them so far.” Or a company like Microsoft, and they’re going to do this math, and they’re going to say, “Oh, if I increase my software auditing, I’m going to generate more revenue.” And in fact, you’re seeing companies go to third-party companies being authorized to do audits. So it’s just going to accelerate this trend even more. And in fact, the survey that we recently did, that we haven’t published yet, is showing that during COVID, audits went up even higher, and we expect that trend to continue even more.

The Increasing Prevalence of Audits During Financial Downturns

Rich Gibbons:

Wow. So audits increased during COVID. I mean, we’ve seen at The ITAM Review, when we do our conferences and things, many more of the smaller, tier-2, even tier-3 vendors that have never been on the radar before, it seems to be trickling down as a way of… if you’ve not sold so well and you need to inject some new revenue, audits seem to have become the best way to do it.

I speak to some people who say, “The audits are on the way out. No one needs to worry about audits anymore,” and then I think they’ll talk about cloud, they’ll talk about digital transformation, trusted advisors, et cetera, “And that’s why end users, they can forget about audits.” I don’t believe that, and I think already I’m getting the sense that neither do you.

So, for organizations who are maybe being told that by certain organizations, maybe internally the leadership are coming to believe the audits are on the way out, what would you recommend that the IT asset manager does to combat that internally?

The Shift in Audit Tactics with Digital Transformation

Dean Bolton:

I think what I would start with is: if anybody’s under the illusion that vendors are going to give up revenue, they are, sadly, mistaken. Now, how they protect it is changing, but the end goal for that is to keep the revenue increasing. And especially with the public vendors who have quarterly reports, they have to keep hitting those numbers, they will be coming up with ways to do that. What we’ve seen though is correct: The traditional audit sometimes is changing with these digital transformations. All that is though is the rules of engagement have changed.

So oftentimes, I can think of one example very easily where a customer had moved their on-premise to a SaaS offering. They felt very good about it. They thought it was very well defined. Well, two problems came up for them after they made that move. One was: Apparently, as they grew, they went past a threshold that they weren’t aware of. And so their costs went up over that threshold. Second part of it was: The metrics were changed on them. And so what they had purchased, they thought it covered all of these different things, and then the vendor decided after a couple of years that one of the metrics was different, and that put them into a new tier, as well. And so it wasn’t an official audit in that way, but the customer still had to deal with the same issues, that the contracts were very important, the legal terms were there. And then they also had the problem of being locked in: it wasn’t a very easy thing to extricate themselves from SaaS, even if they wanted to.

So, the transformation is there, there are different options there, the audit might be a little different, but I think that’s more of a change in name than in practice.

Arthur Beeman:

[inaudible 00:14:12]-

Joel Muchmore:

[inaudible 00:14:12] throw in-

Arthur Beeman:

Go ahead, Joel, please.

Joel Muchmore:

Go ahead.

Arthur Beeman:

No, please.

Audits as a Powerful Vendor Tool

Joel Muchmore:

I was just going to throw in that the audit platform is just too convenient and too easy for any vendors to give up on. It’s written into the contracts, there are contractual obligations to cooperate with it, there are termination provisions, and it is such a well-oiled machine that can knock licensees into paying attention.

What might not work outside of the audit context, Oracle and other vendors have gotten so good at leveraging in that context, that it is difficult for me to believe that they would let that very useful tool go. And by “useful,” I mean useful tool in getting their attention, and coercing them into compliance and into getting that whole fear and uncertainty embedded inside of the licensee so that they can then go forward, whether it’s for additional revenue or for putting in place new terms, or whatever it is that they want to get out of the client, it is just too good of a tool for them to give up on.

Arthur Beeman:

And if I may, I obviously endorse everything said by Dean and Joel here, but I would just like to add that if you could almost view it as high stakes poker and the table is just loaded with chips, and the vendors aren’t going to walk away from that sort of opportunity, because if you view it as poker and then the risk associated with that, the typical vendor going right into the audit process, and Joel and I, along with Mike and Dean, have seen this in spades over the years, they’re immediately on their heels, it seems, for at least one if not all of four different reasons.

One is that the audit is invoked and the licensee needs to figure out, “What’s my contract?” That seems like a very threshold issue. But I think, well over half of our engagements, the licensee client is scrambling to figure out, “What constitutes my contract?” All right? That’s uncertainty, and you pay to get rid of that kind of uncertainty, and that very much puts a licensee on their heels.

Contractual Uncertainty in Audits

Then, even if the contract is founded… I should say, is identified and found, there’s the issue, “Well, what do the terms mean?” The meaning of terms is not something that necessarily is established by plain and ordinary reading of the contract. All sorts of legal issues can be triggered as to what the meaning of salient terms in a contract can be.

Then, there’s the issue of enforceability. Sometimes, what a vendor is trying to do is just not allowed under public policy. Those sorts of issues also need to be identified. And certainly, we have seen them front and center, depending on how aggressive a vendor may be.

And then finally, the biggest issue of all at the table is termination because it just is under the surface of all of the negotiations and discussions in and around an audit. It’s capital punishment. The vendor can just simply say, “You have no more rights and you’re off.” Well, that just triggers a panoply of legal issues.

So, those four uncertainties going into just anything related to an audit and a potential dispute immediately puts a licensee on its heels.

Michael Corey:

I just wanted to add one thing. When we, Dean and I, entered the business, we realized very early on that legal is such an important aspect of this business. And one of the things that I find frustrating is I see software license consultants that act like they’re practicing law. They’re not lawyers. They don’t understand the subtleties of these contracts. They’re way over their head. In fact, we felt that legal was such an important aspect that we pre-baked it through our relationship with you in every engagement. And as that relationship has gotten stronger, what we’ve seen vendors like Oracle, Microsoft ever, they use ambiguity in the contracts as a leverage to get more money from their customers, or they close an audit out, and all of a sudden, there’s a boomerang audit to catch the client because a client didn’t realize they didn’t thoroughly close the audit correctly.

So to us, I find it interesting. You’d be a fool to go into an audit without strong legal counsel early on. It’s frankly going to save you money, and more important, it’s going to save you aggravation and surprises in the end.

Oracle’s Extra-Contractual Policies and the Challenge of Virtualization

Rich Gibbons:

I completely agree with that. I think it’s very important. And the fact that we’ve got both sides here on the podcast, I think, represents that.

So, Joel, have you got any thoughts on what Michael was saying?

Joel Muchmore:

Look no further than Oracle’s extra contractual policy statements. They throw up a partitioning policy, they throw up a cloud policy, they say on their face that “For educational purposes only,” that they’re not to be integrated into a contract. Yet, when you start interfacing with Oracle, they brandish those as if they were binding. They can’t help themselves. They say it over and over again, and that itself is a quagmire. And oftentimes, we’re interfacing with a licensee who say, “Well, what about this policy? What does it mean about virtualization? How does this impact our VMware?”

And sometimes, you have to… you just keep beating the horse. “It’s not part of your contract. It’s not part of your contract. Your contract is the four corners of your master agreement, your ordering documents, and anything else ancillary to that.” And that’s a place where I think Oracle likes the uncertainty, I think Oracle thrives in it. And it really takes a particular kind of a discipline to beat it into both Oracle and to the licensee about what their real obligations are, and then what is just a lot of static and a lot of noise.

Rich Gibbons:

On that point, because the Oracle virtualization rules are a big issue that everyone listening will be familiar with, what do you think is the reason that Oracle don’t bake that into the contracts? If those are the rules and that’s what they say, why don’t they just make it a contractual document? Any thoughts on why they do it this way?

Arthur Beeman:

Well, my-

Joel Muchmore:

The simplest…

Oh, go ahead.

Arthur Beeman:

I’m sorry.

I’m sure there are diverse perspectives on it, but my initial thought is: They have so much already at stake, based on the existing contracts and the arguments that they’re making as to virtualization, which we disagree with. But nonetheless, that virtualization is, somehow or other, captured under the current contracts. Their risk is that if they take the next generation of contracts, and try to specify and then incorporate their legal position explicitly into a contract today, it puts at risk the contracts which don’t reference virtualization. And that very conduct by Oracle could be viewed, in the event of a dispute, as an admission that when the contract doesn’t say anything regarding virtualization, that their contentions that “Somehow or other, it’s implied” is all wet. And that’s why they had to change the contracts going forward. So I think by design, they’re trying to stay away from that to preserve the argument with extant contracts and the revenue stream from them.

Michael Corey:

By the way, it brings up an important point, which is conflicts of interest, because a vendor or a licensed consultant that’s aligned with the vendor is going to be under pressure from the vendor to see those policies as binding. If they were trained by the vendor, they were trained that they’re binding, even though they’re not, but once again, they’re not lawyers. And one of the things I like about the legal profession is the fact that they’ve done a good job of making sure that there are no conflicts of interest, or that it’s well documented.

So, one of the things I always say to people is: “At least if you’re doing business with a vendor, a firm like LicenseFortress or Beeman & Muchmore, because of our relationship with you, there can be no divided loyalties. Period.” But you really have to understand these conflicts of interest because they’re going to cost you a lot of money if you don’t.

Rich Gibbons:

I agree. I think-

The Hidden Risks in Vendor Contracts

Joel Muchmore:

And then, just to follow up on Art’s absolutely true point about how that would be a bad look for Oracle to bake in the virtualization, I also think that they like catching their licensees flatfooted. It’s the past due fees, past due service fees and everything else that is part of the hammer that they bring down in the audit in order to try to course new licenses, new everything. And so they don’t get necessarily the same $100,000,000 shock-and-awe bill if it’s baked in and people know what to look for and are taking care of it on the front end. I think it benefits Oracle for the licensee to wander into the audit, and then get shocked by a bill, and then have to negotiate from that point. And if they put it in front and center, they’ll lose that at least with a large number of their licensees.

Rich Gibbons:

That’s interesting. So they’re playing up almost to the style they’ve got. I think some people assume that Oracle and other vendors would rather be perceived in a nicer fashion and try and do things in a more friendly way, but it sounds like actually, I suppose, once you’ve gone a certain way down this road, you might as well commit to it and carry on to the final destination of it.

So, with Oracle, and we’re talking about the traditional ITAM, obviously IT is changing with cloud in particular, and something I saw a couple of weeks ago with Oracle Cloud Infrastructure, they’ve added a new feature, which is a License Manager for Oracle Cloud Infrastructure, which will track and identify all your Bring-Your-Own-License software that you use in the Oracle Cloud, and it will take care of all that for you, which, on the face of it, seems very nice: tracking BYOL software can be difficult, and who better to understand Oracle licensing on Oracle Cloud than Oracle?

Does anyone have any thoughts? If you’re an IT asset manager and you think, “Oh, do you know what? That will make my life a bit easier,” do we think it actually will?

The Risks of Vendor-Supplied License Management Tools

Dean Bolton:

I think in some sense, yes, it will, because since it’s developed by the vendor, the integration with the other vendor products is quite good. We’ve had some customers who have explored that and used that, and it does a good job of integrating with the rest of Oracle Cloud for tracking purposes. But I think our point is: you have to be a little bit wary of who your trusted advisors are, in this sense. And as Mike mentioned earlier, if you’re using a vendor’s tool like that, look at what the perspective that’s baked into that tool.

And so, a lot of the things that we’ve seen out of that tool are that it’s obviously very favorable to Oracle in there. The interpretations are the way Oracle interprets them. And I think our point would be that some of those interpretations are non-contractual, based on policy. Some of those that are contractual have a very favorable interpretation from Oracle that might be more than what you get from an independent assessment in there. So it does have some benefits, especially around the integration side of things, but I think that could often be outweighed by some of those interpretation problems and cause some customers to spend more than what they really need to.

Arthur Beeman:

Maybe if I may just emphasize what Mike and Dean have identified regarding the conflict of interest potential for provided loyalties, and then legal arguments. Legal arguments can be rather subtle in terms of what’s part of a contract, what’s not part, what does a particular term mean. That meaning can actually change. It’s why God created lawyers: to sort through that sort of thing. Well, if you’ve got someone with divided loyalties, and the issue that comes up is one of legal construction, it’s very easy for someone to just fall into a trap, you might say, of their own making, where they go, “Well, you know, as to the meaning of virtualization.” And again, we’re talking about a divided loyalty situation.

Oracle’s really kind of got a point there in terms of how they’re construing that. You just shift a little bit and you’re providing legal counseling where you shouldn’t be, and you also have divided loyalties. And then all of a sudden, to Dean’s and Mike’s point, you have a licensee truly at a disadvantage to the vendor because you have the vendor asserting its rights pursuant to whatever its lawyers are telling them to assert. And that’s okay, that’s fair play. But then you have the proverbial knife being brought to the gun fight on the part of the licensee. They’re just sitting back and they’re thinking, “Well, my own people are telling me there’s merit to a legal argument that Oracle is asserting.” Well, lawyers don’t let legal arguments just stand there from the other side and say, “Well, got me on that one.” Lawyers parse the language, lawyers look at the rights and obligations pursuant to the contracts, and they defend the licensee. And that’s what the licensee needs. And that’s why the point that Dean and Mike are making about divided loyalty, it’s just so, so major, so significant.

Michael Corey:

And then you even have to think beyond that. You’ve got this legal aspect to the contracts, but you’ve also got the technology side, right? Oracle wants you to use more Oracle software, where if you take somebody who understands licensing is backed by the lawyers, and then understands how technologies change and maps that to your business requirements, we can find ways to save you money that the vendor frankly would never make you aware of. For example, if you use Data Guard, it’s wonderful technology, but you are using twice as many licenses than perhaps if you used a Pure Storage array to do your backups on. And so, you really have to also then understand the technology and the business requirements, and map the two together, because maybe there’s a more cost effective way to get you the end results your business needs, and that’s not going to come from just somebody who was trained by the vendor to be an auditor for licensing.

Rich Gibbons:

Yeah. There’s making sure you’re not doing it wrong, and then there’s making sure that you are doing it as well as possible, and there’s always a gap between the two. I mean, I used to be a reseller years ago and I know your customers have a similar thing there, as well. If someone is making money from selling new licenses, will they always tell you, “Actually, if you do it this way, you only need to buy 7 instead of 412,” whatever it might be? And I think it seems to be kind of times 10 when it comes to the publishers.

So, something someone asked me the other day actually was: In this newer world, if you are using a vendor’s cloud and you are using their inbuilt tools to manage it, and this could be Oracle, it could be Microsoft, it could be Amazon, et cetera, and you are found to be non-compliant, does that give you any additional safety net or recourse to be able to say, “Well, it’s your software on your clouds. I was using your tools to manage it. It’s much less my fault that I got it wrong than if it was all on premises.” Is there any weight to that argument at all?

The Vendor Tools Dilemma: Compliance Risks in the Cloud

Dean Bolton:

Well, I think it’s a little bit both ways. In one sense, yes. If you can point back to that in a negotiation, that’s a point in your favor, and that can be used as a negotiation tool. But we’ve seen that from previous times, before clouds were prevalent in there, where you were using a vendor’s product and you might have had the vendors consultants come in to help you implement the product, and they put you in a compliance scenario. And so you can use that as an argument. But I think the problem with it, what we’ve seen is that the vendors are acutely aware of how they’re phrasing the non-compliance.

And what we see more of is that issue is brought up where the vendor says, “Oh, that’s right. Our tool says it, but you’re using it for a different purpose than what you’re allowed for.” And they make a different point in that that kind of negates the tool being incorrect. Because you’re using something outside of the tool, and that’s what the vendor is bringing up as a compliance issue. And so we’ve seen that be quite prevalent, especially around clouds and the licensing compliance within those clouds. And so that becomes a problem in there that kind of negates the advantage you might have from the vendor’s tool being in use.

Rich Gibbons:

So one perhaps needs to be even more careful in those scenarios than previously. I think what you’re saying about using the vendor’s consultants and things. I remember, so when was it, tail end of last year, the Oracle versus Envisage case where they were using it on Amazon incorrectly. And I remember seeing in there that there was a “Oh, well, we asked Amazon if it was okay, and they said yes, so we did it,” but of course, clause 10.1, I think it was in the Amazon Ts&Cs, tells you that you can.

Do you see / do you think that with all the technology changes that’s going on, customers and organizations, perhaps, are less familiar with the new technologies and things, and is that maybe putting them at more risk of making these mistakes where they trust people and they go along with things and maybe don’t do the same due diligence that they would’ve done five years ago for a big on-premises purchase?

The Growing Complexity of Cloud Licensing and Due Diligence

Dean Bolton:

Yeah. I think that’s probably very much the case. And then, you add into the fact that a lot of these contractual requirements are incorporated by URL or buried in these 100-page end-user license agreements, in their click-throughs, what have not, it becomes very complex for customers to navigate in there. And a lot of times with these vendors, because of the business-critical nature of the applications, as Art mentioned, termination is a very real concern at the outcome of these with the nature of these applications and the dollar figures involved. I do think it requires a lot of care, extra care that is kind of the opposite of how easy it is to use some of these newer applications and methods of procurement.

Arthur Beeman:

There’s a certain folly, almost, built into the notion, and unfortunately, it’s the state of the market. And what certainly LicenseFortress and Beeman & Muchmore are trying to do is level the playing field. But too often, before we’re engaged and we’re looking at the communications, just as we enter a matter, we see the licensee client asking the vendor, “Well, what does this mean in the contract,” and “Hey, we’re out in the cloud now. What are our rights and obligations?” Well, if you want to adopt a sports metaphor here, and if we were playing a football game, it’d be like: you’re on offense, and you go to the defense, you say, “So, tell me, what play do you think we should run here?” I mean, at the end of the day, you have to appreciate the intrinsic adversarial nature to an audit.

I’m not saying it’s all out war, and it doesn’t need to be necessarily antagonistic, but it’s adversarial. They have their own set of interest. We can guarantee you they have lawyers weighing in on legal issues, even if those lawyers are not interfacing with the licensee. And then you have the licensee typically on a playing field that’s imbalanced. And all we’re trying to do here by identifying the technical expertise, which is essential, especially with evolving technologies, and then the ability to curate the documents and advise accordingly, which is what lawyers do, we’re not trying to trick anyone. We’re certainly not trying to get away with something as to the vendors. We’re just trying to level the playing field. They have legal arguments. We want to make sure our clients have legal arguments. Now, whether ultimately those legal arguments go to war in front of an arbitration panel or a court of law remains to be seen, but you have to have countervailing legal arguments in order to level that playing field.

Rich Gibbons:

Do you think that the relationship between ITAM and legal within customers should be better than it is?

If we’re talking about the traditional approach, I think I would wage the traditional approach tends to be “Try not to talk to the lawyers until you really, really have to.” And then when you think you really have to, it’s already too late.

If we’re trying to advocate for a new way of doing things, do you think an earlier relationship, a closer relationship between them would be beneficial for everyone?

Michael Corey:

It’s ironic that if you have an employee issue, the first thing you do is you run to the lawyers. Yet, your exposure in a software licensing issue is far larger than the typical employment issue. It just blows my mind, given the dollars that can be involved with the cost of software, they should be attached to the lawyers at the hip. It’s why, at LicenseFortress, we attach ourself to Beeman & Muchmore in every engagement. We feel it’s that critical. It was one of the first investments we made in our business. So yes, I think ITAM has to start rethinking this, saying, “My God. If I get this wrong, I’m going to be going to my CFO saying to write a check for tens of millions of dollars. I’m going to be unemployed if I don’t adapt myself to the lawyers.” So yes, I strongly feel like that’s… And in fact, we put our money where our mouth is because we made sure that was part of every engagement we do.

Joel Muchmore:

Well, look, another way to think about it is that Oracle legal has been involved before your audit notice even started, whether it’s in putting together the contracts, putting together the policy statements or whatever the unwritten audit script is. So matching that isn’t waiting for Oracle to put its lawyers front and center; it is walking into the whole entanglement, again, be it an audit, a ULA certification, or whatever it is, with attorney thinking in order to counteract what Oracle has already put into place with its attorney thinking, attorney trap, that whole minefield needs to be navigated.

Michael Corey:

It’s a great analogy: the minefield. You’re getting the lawyers involved early, so you really don’t need the lawyers at the end when it gets very expensive. You’re getting the lawyers involved early to avoid the minefields, because they’re out there. If you just walk forward, you’re just going to step into one and it’s going to be very costly for your organization.

Arthur Beeman:

Going on to follow up on that, Joel and I spent decades litigating cases, and we can tell you that at the end of the day, whether the case settled or went to jury verdict, we could sit back and look and point our finger to something on the timeline that said, “If only they had talked to a lawyer at that intersection, at that juncture, the entire history of the company would’ve been different.” And these disputes, where we’re specializing now, can be easily up of that import. A lot is on the line, and what we hope we can be part of is a change in the market and the level of awareness that the market should have going into these. We’re not lawsuit-happy. We’re not trying to antagonize things with a vendor. As we’ve been pointing out now throughout this podcast, we’re just trying to level the playing field. If someone is going into a given contentious situation with the support of a legal team, you should have a lawyer, too. That’s almost axiomatic.

Michael Corey:

We think about a click-through contract, how simple it is for a vendor, an unscrupulous vendor to change that and then come back. In fact, wasn’t there an example… you talked about of a vendor that tried to collect millions of dollars after they had made a change to a click-through contract. Why wouldn’t you have a lawyer look at that before you accepted the terms?

Rich Gibbons:

Yeah. Click-through contracts are coming up more and more in conversations that we’re seeing. We had a few conversations about them at our EMEA conference last week. And I think there’s definitely some uncertainty and confusion about how binding they are, and “Do they supersede every contract that you’ve signed before,” and “If your policy is that the CIO has to sign a contract, but a click-through was done by Tony in sales, are they of equal importance,” all this kind of thing. And it is very difficult, I think, for IT asset managers to find the answers to these because 9 times out of 10, the person that you’re talking to about it will be the vendor. And they will tell you that “The click-through EULA is the most important document in the world,” and “Oh, you’ve clicked it. Don’t even bother trying to talk to us about it,” et cetera.

So I think what you are all doing trying to advocate for legal involvement sooner and having that conversation, I guess, so that internally, even if you’re not in an audit, going and talking to your legal team and saying, “Do you know what? I’ve heard about click-through agreements, et cetera. Let’s have this conversation now,” just as you were saying, Michael, about before you get to the minefield, “Let’s understand it. Let’s look through our contracts. And then should something occur, we’ll know where we stand.” I think more of that would surely be beneficial for everyone: IT asset managers, the legal teams, the senior leadership. I suppose the only people, it wouldn’t necessarily help would be the vendors.

Arthur Beeman:

Well, to be clear, and I’m not prepared to discuss under American law the legal consequences of a click-through contract. There’s been a fair amount of litigation out there on it. But at the end of the day, a click-through contract is somewhat akin to a Vegas wedding. In that, I’m not saying it’s unenforceable or it doesn’t count, but it’s problematic. And if you have a vendor that’s standing on a click-through contract, my response to that is all the more reason to get really good legal counseling, because there has been litigation on the enforceability of those terms. We had a case a few years back that had a… It wasn’t a click-through contract, but it was click-through consent. And we litigated whether clicking through you had actually provided consent to the disclosure of your private data. We said no, and the court and jury agreed. So those issues are out there. But you hear a click-through, like I said, just think Vegas wedding, you need to sort through a lot there.

Rich Gibbons:

I like that. That’s a really good analogy.

Joel Muchmore:

But the stakes on those click-through agreements are what’s changing so much. Oracle will have the click-throughs, but I’m not aware of any instance where Oracle has attempted to change the operative master agreement going backwards, based on a click-through. And that’s absolutely what Micro Focus and what Quest were doing, and what they actually sued Nike and some other people over, is not just changing terms going forward, and then not just changing for some of the agreements but replacing an existing master agreement with a new and more restrictive one. And that goes back to our whole theme about how are we handling our IT assets. Well, risk management is part of it, and the stakes are going up and up. And I think some of those two-tier vendors are the ones that are really upping those stakes in a way that has to be paid attention to.

Rich Gibbons:

Yeah, I think pretty much everything I’ve been referring to, I’ve been thinking about questioning Micro Focus. So yeah, I completely agree there.

Changing Market Dynamics with Tier-2 Vendors

Joel Muchmore:

Well, and [inaudible 00:46:13] great and they were getting a comeuppance, but I believe it was Micro Focus that just sold. And so they got bought by venture capital. They put in place all of these extremely unpopular and draconian policies, and they quadrupled in value over a five- or six-year period and sold again. So there’s not a lot in the market right now that’s guiding them not to be undertaking these policies.

Dean Bolton:

Joel, I think you’re a hundred percent correct that we haven’t seen the tier-1 vendors take some of these other strategies that are in place, but we have seen them start to leverage little bit of the different tactics. I mean, Oracle with Java is taking a different approach than what we’ve seen previously to them now that they’re actually doing audits in there. But a lot of customers who are using Java, and Java only, only have that click-through contract in there that Oracle’s relying on. So it’s definitely not the same in there, but Oracle’s kind of picking pieces and some of the other tier-1 vendors are seeing, like you said, the revenue growth that can happen because of it. And so they are incorporating some of these other tactics, I think, into their audit process.

New Licensing Challenges with SaaS and Cloud

Joel Muchmore:

Well, and of course, not to mention a lot of damage can be done with pen and paper, as well. I mean, an ordering document can land that introduces an entirely new master agreement, but yet, nonetheless, is signed by somebody somewhat innocuously because they’ve always signed ordering documents. So you don’t have to be on the internet in order to catch somebody flatfooted by sneaking in a new agreement.

Rich Gibbons:

So should end-user organizations… because that’s really good point, should they implement some sort of process, I guess, saying, “Every order document goes through legal…” Some might see that as being too onerous, but should there be some sort of process that says, “If it’s of X value or if it’s X amount of times since we last signed something with this company, so they’re likely to have changed things, under certain conditions, it should go through legal first,” would that solve some problems?

Arthur Beeman:

Well, I can tell you that it would, but I would even take it a step further. I would just say in this space, you could almost view it like real estate. Can you imagine anyone just signing a contract that says, “Hey, guys. We just bought a building in Seattle.” “Did our lawyers look at it?” “No, but I’m in procurement.” I mean, that would be unthinkable. My view is that everything should be channeled through competent counsel. No matter what, you may think you’re just on an ordering document acquiring another $30-40,000 worth of technology, but what you could be doing is acquiring $30 to $40,000 more of technology and giving up some rights, or assuming other obligations that it screams for counseling on the interplay with the master agreement, for instance. So I would just take it a step further and just say, “Hey, if they’re signing anything with these vendors, lawyers need to look at it.”

Dean Bolton:

We get from the IT asset management, the procurement side, why that might seem like overkill. And you’re consolidating renewals, you’re trying to make this easier in terms of your own process, and now you’re going to introduce a hurdle to make it more difficult. I think what we’re trying to emphasize is why it’s important to have that hurdle, but also if you look at the difference between expertise around it, that can come into play, too. If you have to do this internally, and you’re only looking at one contract a year, that’s probably going to take a little bit of time to figure out how all of these things interplay and what you’re supposed to be aware of. If you’re working with experts in this area who look at these contracts on a weekly or daily basis, they know exactly where the changes are, what the pitfalls are, what you need to have changed, they can approve it, probably with very little obstacle introduced into the process. It might be a day turnaround time less.

So, I think our big point is that it’s too important not to have these issues reviewed, but also that getting experts around this and this particular software license compliance arena is crucial, as well.

The Role of Experts in Streamlining License Management

Rich Gibbons:

That’s a really good point about using an expert to be able to do it faster because I think from some of the things I’ve heard, and I’ve spoken to people, that is the problem, that your internal legal team, they’re busy doing other things. They’re not software licensing lawyers, in most cases. So it might take weeks before it comes around and you’re being told, “If it’s not in by month end, you lose the discount,” or “you lose the deal. You can’t wait for them,” and da da da.

So that’s an interesting point that finding a managed service, or whatever it might be, to enable you to do the due diligence at speed, I think that’s probably quite a useful takeaway for a lot of people.

Arthur Beeman:

Well, and it’s a consciousness raising, that we pointed out at the inception of this podcast, that no legal department, no matter how big the corporation, typically can handle the full array of legal issues. They go outside. There’s something in the antitrust space that they seek expertise for the counseling there, or, Mike’s earlier analogy, unemployment. They will go outside. There needs to be that sort of discipline within law departments and IT departments that “Hey, look, there are resources out there where we can get someone who’s utterly familiar with this terrain and the contracts, and they can do in two hours what it would take an unfamiliar technical or legal person in-house maybe days to conquer.” But that’s really no different than any other expertise. People do it all the time. It’s just a matter of raising the level of awareness that “We’re in a space where there is risk to my company, and it can be significant risk.” And you just go outside and you talk to the right people, and then again, you level the playing field.

Dean Bolton:

Just on top of that, we found, for a lot of customers, that a gate in there was actually just a good sanity check. People sometimes get just into the routine process of “Oh, this is the renewal. I know I need it,” go ahead and sign it and go forward. I think we’ve demonstrated why there’s some problems that can happen with that. But just in general, if the vendors are tacking on 3, 4, 5% increases each year, you can very quickly have these prices grow quite a bit. And we’ve seen customers who, by just renewing year after year, that are actually paying more than list price for some of these renewals, despite getting a good discount a decade ago.

So, I think there’s a lot of reasons why it’s beneficial to put a little bit of a pause in there. You obviously don’t want it to be delayed where it impacts business operations, right? If it takes weeks or months, that’s a problem. But having it so it’s not just a formal and automatic process each year can be beneficial for customers, too, in addition to what we’ve talked about around these hidden obstacles and landmines that can be sitting there.

The Hidden Costs in License Renewals

Michael Corey:

And Dean, that’s such an important point. We looked at that renewal and said, “Wait a minute. Why are they paying that much for the software?” The customer looked at it and said, “Oh, I’m getting this great discount.” And by the way, in defense of the procurement officer, they’re really busy. They’re doing lots of different companies. That’s not tip-of-the-tongue knowledge or expertise. We immediately zeroed in on it and said, “Okay, we need to rethink this renewal.”

Rich Gibbons:

Yeah. And again, it goes to what we were saying earlier, that if that’s the only renewal that you see for that product, and you see it every three or four years, you probably don’t know what list prices are, how far above it or below it you are. We’ve mentioned it a few times, leveling the playing field, using people who have the expertise at the right times. And I think maybe that the traditional approach has perhaps been for ITAM to trying to do it all internally and themselves, and then inevitably, things are missed, et cetera. So maybe this idea of the traditional approach no longer being good enough, part of that is knowing when to use relevant third parties, and maybe in a boutique style.

Using Specialized Partners for Licensing

So it’s not a case of bringing in an outsourcer to do everything on a 10-year contract. And that brings with it its own issues. It’s the right “Where are my pinch points, where do I not have the time, where do I not have the skills in identifying people such as yourselves who can come in…” Pinch hitters, almost, they come in, they do that job really well, and then you can move on. I think that is part of the new approach.

Michael Corey:

Well, and even the other thing, when the vendor says, “Hey, let’s make all these licenses coterminous so we only have to do this once a year or once every three years,” making sure they understand: You do gain all your licenses are coterminous, but you also lose a capability when you want to resize your organization and not get penalized by the policy. In Oracle’s case, it’s the Oracle repricing policy. IBM has the equivalent policy designed to prevent you from, obviously, lowering your footprint with the vendor.

Rich Gibbons:

Yeah. That’s always a favorite one now.

I’m conscious we could probably stay here for at least another eight or nine hours. I’ve got loads of other questions that I could ask and points to bring up, but I think we will have to save some of them for the future. So, to put each of you on the spot now, which is always everyone’s favorite way of ending anything, so we’ve come into this with the idea that the traditional approach to ITAM is no longer good enough. Each of you, what would you say is the… if the listeners are going to do one thing after listening to this, what should it be?

So, I will go to Michael first.

Final Thoughts from the Panelists

Michael Corey:

I would tell them that they should be proactive, and really, if they’ve never done it, have some outside expert come in and do an audit of their existing compliance. Because if we can find a software compliancy issue before an official audit, it’s very easy to correct it. So when the audit happens, the vendor doesn’t detect it, and it saves them a lot of money. So getting in compliance is the most important thing you can do proactively.

Rich Gibbons:

Cool. I like that.

And Art?

Arthur Beeman:

I’ll try to be as pithy as possible in light of the very good perspective offered by Mike. And two words: Slow down. Just slow down in these transactions, slow down in terms of all that’s being propounded to you by the vendor, and get your technical and legal house in order. It’s important. What we have seen too often, in especially engagements that come along after the problem has surfaced, is: They just didn’t take the time. Where we’re confident they’re taking the time in other transactions, for whatever reason, it’s not occurring in this space. And to Mike’s point, take the time to deal with the compliance issues, talk with the lawyers and talk with the technical people a little on the front end goes a long ways.

Rich Gibbons:

“Slow down.” Always good advice.

Dean? Oh, I think Dean, we might have lost him.

Michael Corey:

He’s got the California freeze right now.

Arthur Beeman:

There he is. Dean?

Michael Corey:

Oh.

Dean Bolton:

Uh-huh.

Arthur Beeman:

Still there?

Dean Bolton:

Yep.

Rich Gibbons:

There we go. You’re back.

Dean Bolton:

Yeah. Sorry about that. I wouldn’t echo exactly what Mike and Art said; I guess I would just add to it. In addition to slowing down, take a look at the big picture. Look at the forest and not just the trees. There might have been decisions that were made years or decades ago that no longer hold true. And so if you take a step back and take a look at the big picture, there might be legal, technical optimizations that can be had that would be very beneficial for your organization.

Rich Gibbons:

Really good advice. Just getting away from that “Oh, well, we’ve always done it this way. We’ve always renewed this.” And those two things go together. Slowing down should enable you to be able to do that a little bit more easily, I think.

And then last but by no means least, Joel.

Joel Muchmore:

Have an attorney on speed dial, could be external, could be internal. We actually worked with a lot of in-house counsel who know these issues: they’ve been educated, they know the status of the licenses, and they’re good go-tos. If you can find somebody internal and train them, that’s great. If not, find somebody external who is already trained. But having somebody in mind who keeps up with your licenses so that you are not in the process of educating somebody every time you have a small question come up. Have a go-to guy, gal, anybody on speed dial, and that’ll solve a lot of your problems.

Rich Gibbons:

Excellent. I like it. So I think for people, those four points, coupled with everything else that we’ve spoken about, that should hopefully get people in a much better space than they perhaps already are.

And I think for me, I would add: don’t be scared of your internal legal team. Lots of times people are worried about going talking to them because they’re concerned they’ll get in trouble for doing something or not doing something. But I think ultimately, you’re all on the same side and you will help each other by working more closely together.

So, with that, I want to say thank you to the four of you. This has been a thoroughly enjoyable podcast. We’ve touched on all sorts of topics, many of which we could probably spin off into their own Netflix-style series, as well, I think. So we’ll have to see what we can do there. But yeah, thank you to all of you for joining me.

Arthur Beeman:

Thank you.

Michael Corey:

Thank you.

Dean Bolton:

Thank you.

Rich Gibbons:

And thank you to everyone out there listening to this. I hope you found it as interesting and enjoyable as I have. Certainly, any questions that you’ve got about any of this, get in touch with us, ITAM Review, and we can put you in touch with any of the speakers, I’m sure. LinkedIn is always good, as well, for connecting with people. So if it does raise any questions, or concerns, or thoughts, et cetera, let us know.

And with that, yeah, thank you again to those of you joining me, thank you to everyone listening, and I look forward to seeing you all on the next one. So thank you very much.

Arthur Beeman:

Thanks again.