Software license management – the risk of indirect use | KPMG | AU

Software license management – the risk of indirect use

Software license management – the risk of indirect use

Companies are more interconnected and digitally positioned than ever, however the process of digital transformation is putting them increasingly to the test. A paradigm shift and technology trends, such as Industry 4.0 and the Internet of Things (IoT), present opportunities as well as risks – in particular the challenge of software license management.

1000

Also on KPMG.com

Two people at computer pointing pen to screen

When it comes to software license management, new developments or strategic repositioning towards converged infrastructures bring challenges. The close interconnection of applications, such as in the SAP environment, entails a series of risks. In addition, customised software, the monitoring of indirect use and fragmented license histories create complexity.

These risks need to be quantified and qualified, with a strategic approach to license risk management implemented. A transparent approach is essential, along with cooperation between customers and software manufacturers.

An unsettled end-user community

The recent judgment where a global licensing software company won a multimillion dollar non-compliance fee concerning indirect usage has rattled the global SAP community. As an outcome, transparency on the entire SAP infrastructure is becoming a high priority.

Many organisations using SAP will have large distribution channels and legacy applications interfacing into SAP and products such as Salesforce, which may give them similar issues. They will need to assess their likely exposure and potential options to mitigate this.

What are the key challenges clients should be considering?

Indirect use does not just pose major challenges and risks for SAP customers. In the course of software license audits, other software manufacturers are also determining potential scenarios of indirect use by identifying external access.

Owing to indirect use, the license risk is also increased for support software deployed. For instance, in the case of the purchase of Oracle databases as part of a SAP license purchase, indirect use leads also to the requirement to purchase Oracle full use licenses.

SAP offers various license models to license indirect use. If users access SAP only via separate SAP partners or in-house software, SAP platform licenses for users can be deployed in certain circumstances to address the risk associated with SAP indirect use. In other cases, full user and package licenses are necessary as well as licenses to cover access via the non-SAP tool.

The 'NetWeaver Foundation for 3rd Party Application' license can be purchased in the core and named user metrics. Metrics selection is generally only possible prior to the first order. If the customer has an incomplete view of the third-party applications connected to SAP and/or an incomplete view of the number of access users, there is a risk that the assessment of the most cost-efficient licensing is not adequately carried out. As a result of this, the customer can opt, in the worst case, for a wrong license model and/or an inaccurate number of licenses.

In summary, SAP licensing poses for many clients fundamental challenges on account of the complexity, and diversity of products and metrics. The correct and cost-effective choice of suitable licenses to cover indirect use is not exempt from this.

Opportunities for businesses

Even if the identification of scenarios of indirect use appears less than appealing at the outset, it nevertheless offers businesses the opportunity to create transparency. The aim should be to express an assessment of the separate potential scenarios and, in cases of clear indirect use, to initiate suitable measures. These measures can range from the reorganisation of the technical infrastructure through to the purchase of necessary licenses.

The challenges facing business in such situations – in particular in the case of structures that have expanded over the course of decades – is to identify which third party and in-house software exist and how access to SAP technology takes place. If infrastructure diagrams already exist, it is easier for businesses as they can save resources in respect of identification and can spring forward directly to the assessment. In this way the matching licenses and quantities of licenses can be identified for each scenario and, where applicable, purchased without damaging the customer-supplier relationship (in the best case) at discounted prices from SAP.

For all other businesses, the first step is to determine access and to identify matching license models in the second step. By proactively determining and purchasing licenses, the customer also generally has the option to negotiate a discount with SAP and/or to use the existing discount scale and thus to add licenses more cost effectively.

On the other hand, if a license shortfall is identified in the course of auditing indirect use, the granting of discounted prices by SAP (and by other software manufacturers) needs to be understood, in the best case, as optional.

New circumstances require new thinking

Indirect use presents companies with major challenges. Identification of indirect use not only entails risks in this regard, it can also present opportunities for businesses. The most relevant opportunity in the business context is the generation of transparency in respect of licenses as this – particularly in the area of indirect use – represents an indispensable prerequisite for successful cooperation between customer and software manufacturer. In addition, it renders the company able to support strategic IT considerations through its own infrastructure knowledge.

Furthermore, indirect use particularly in the SAP environment invariably conceals the risk of unbudgeted multi-million dollar investment in new software licenses and, in the absence of transparency, also the danger of not being able to keep pace with the speed of innovation advancement.

In summary, it can be observed that license management needs to adjust optimally to new circumstances and future task areas in order to be able to continue to manage existing benefits.

Managing regulatory compliance change

A deep dive into how organisations can manage fast-paced, complex and global regulatory obligations and avoid costly breaches.

 
Read more

Contract Compliance Advisory

Contract Compliance Advisory

KPMG can help organisations better manage their software, channel and vendor-based contracts.

Risk Consulting

Risk Consulting

Risk management should be embedded within the culture of the organisation so that everyone is focused on managing and optimising risk.

Connect with us

 

Request for proposal

 

Submit