Carrot Vs. Stick: Making the case for data-driven software licence compliance

Carrot Vs. Stick: Making the case for data-driven software licence compliance

No one likes to be audited, but should software vendors use it as a threat?

Published on 7th January 2020

On its own, the word “audit” implies wrongdoing or, at the least, carelessness. Opening the books particularly stings when the subject of an audit believes that every obligation has been met in good faith. An audit suggests the reviewing party sees only an act of bad faith.

But for software vendors, an audit has often been the traditional path to confirm whether a customer is complying with its software license agreement. In such a scenario, a vendor likely has a legitimate suspicion of misuse — regardless of whether the misuse was intentional or not. Perhaps a customer’s number of employees has ballooned beyond the number of licenses they should need, or maybe signs suggest that the company is using a pirated version. A software vendor is well within its contractual rights to perform an audit if it suspects usage and payment do not align, but that doesn’t mean the customer is going to be happy about it.

While no one likes to be audited, most software vendors can be reluctant to conduct them. They consume time and resources and put the vendor in the position of looking like an adversary in what should instead be a mutually beneficial relationship based on collaboration and trust.

There are better ways to ensure license compliance for vendors and customers alike, including software asset management (SAM) programs, piracy education and software usage analytics.

SAM Programs

SAM programs enable customers to proactively monitor and measure their software licenses, although complexities can arise with software deployed through virtual machines or across multiple geographies. Customers can use SAM software or processes to collect deployment data and compare it to their entitlements, giving them a better sense of where they stand and providing documentation to remediate situations before an audit is necessary.

Piracy Education

In a Q&A with MarkMonitor, Richard Atkinson, Adobe’s global director of piracy conversion, estimated “that about 70 percent of the people who have nongenuine product actually paid for it. They just didn’t pay us.” It’s usually a case of employees unwittingly downloading an unauthorized version that looked reasonably priced on a seemingly legitimate e-commerce site. Strong piracy education programs and internal policies can help to ensure that software is procured directly from the vendor or authorized channels.

Software Usage Analytics

Nearly 38% of software is “wasted,” amounting to $34 billion for 149 different organizations surveyed by software life cycle automation vendor 1E in its “Software Usage and Waste Report 2016” (via ZDNet). While some vendors viewed exposing underuse or “shelfware” to customers as a risk to recurring revenue, some two-thirds of respondents did not.

Sharing usage data helps customers achieve software license compliance and avoid audit failure by keeping conversations proactive and productive for all parties. Customers know when usage data is being collected and should ask for access to aggregate data and insights if their vendors aren’t sharing it. Long before having to even mention the word “audit,” vendors can reach out to the customer with the confidence that a resolution and an enhanced relationship is within reach.

With a deeper view of the company’s usage patterns across its subsidiaries and advice on how to maximize its total cost of ownership, usage data puts the vendor in a position to strengthen those connections. In the case of pirated use, the vendor can also alert customers to malware risks that BSA estimates “can cost a company $2.4 million on average and can take up to 50 days to resolve.”


It’s hard to argue with data — especially when it is shared transparently with the goal of mutually beneficial outcomes. In addition to license misuse, the data might also point to underuse (or inefficient workflows), which might otherwise lead a customer not to renew. With data in hand, vendors can be proactive and work with those customers — along with providing training and educational opportunities — to get the most out of their deployments and preempt difficult conversations at renewal time.

I believe “audit” doesn’t have to be used as a threat — implied or explicit. Instead of using audits to increase revenue at the expense of long-term customer value, software vendors can take a data-driven, consultative approach that maximizes both.


The latest updates straight to your inbox

We just need a few details to get you subscribed

Health Checks

Inventory & Compliance

Cloud Readiness & Optimisation

Agreement & Audit Support


Looking for something specific?

Let's see what we can find - just type in what you're after

Wait! Before you go

Have you signed up to our newsletter yet?

It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!

Cookie Notice

Our website uses cookies to ensure you have the best experience while you're here.