Litigation has become the default method for companies to resolve disagreements, force accountability, and establish recourse for everything from breach-related failures to contractual disagreements. A recent lawsuit filed by VMware (now owned by Broadcom) against its customer, Siemens’ US operations, for alleged use of unlicensed software is not unique and should serve as a stark reminder that poorly governed software licenses and assets come with a risk to both sides and will impact the technologies we depend on.

The Siemens-Broadcom Saga: He Said/She Said

Broadcom is accusing Siemens of using multiple VMware products without proper licenses. This “aha!” discovery that thousands of software licenses were illegally downloaded was only brought to VMware’s attention, however, after Siemens provided a list of installed software that it insisted was “eligible for the one-year extension of Support Services,” even though some of those installs could not be associated with an active software license. Siemens had threatened legal action if it did not receive those extensions, and VMware countered with the observation of the license violations. Both sides hold responsibility for guarding legal license use, so it’s an oopsie on both sides.

The result is a legal battle certain to cost both companies millions in attorney fees and litigation costs, along with a legal discovery process that could unearth more licensing violations — not to mention potentially compromise Siemens’ ability to get support services for the duration of the lawsuit.

Pay Attention To The Details, As Mistakes Have Consequences

“True-ups” are often negotiating tools for vendors. They can start with a request for a software audit but often then lead to finding unlicensed software that the business either needs to pay for or discontinue use of. The intersection of infrastructure software, virtualization, and massive operational scale can mean large areas of unaccounted expense from true-ups where a business has no choice but to pay or disrupt the business. For example:

  • IBM raked in millions from WebSphere licensing when businesses started virtualizing its WebSphere servers because the licensing was based on the software’s access to all the physical CPUs in the virtualized cluster. Until customers set up subcapacity licensing and the software agents to track it, they were on the hook for the additional licensing costs.
  • Oracle customers have run into similar issues when running Oracle Database on HCI clusters due to Oracle’s licensing parameters. Efforts to get better utilization through virtualization while also avoiding these licensing issues have driven many organizations to adopt disaggregated HCI or even to create targeted smaller clusters for Oracle use.
  • VMware’s licensing changes are affecting many, as the piecemeal licensing that businesses were used to is converted to a bundled platform license where they then incur the charge for platform components that they haven’t used in the past, often duplicating the functionality of existing infrastructure investments.

These are just a few examples. Pick a large software vendor and you can find similar stories. Finding license violations is a common tactic for vendors to identify what they see as unrealized income and can mean hundreds of thousands to millions of dollars in license costs for an enterprise customer. License changes, product bundling changes, and major infrastructure paradigm shifts can introduce a mismatch between what someone has paid for and what they should have paid for. Additionally, automated deployment, especially if the software is a key component of your tech stack, can lead to overuse at scale and create a big licensing risk for your company. Accurate tracking is a must to manage that risk, but be careful with vendor-supplied license management tools. Those tools can be a way for a vendor to see the license overuse before you do. Assume that your license use is part of a negotiation; treat it that way, and manage that negotiating resource appropriately.

Lessons For Software Vendors And Their Consumers

As your ecosystem of software and services becomes larger and more complex, it’s time to revisit the basics of how you can prevent disruption to business operations and avoid the negative optics of a similar situation at your company. Focus on effective vendor management and licensing best practices.

To do this, consumers of software must:

  • Conduct regular license audits. Regularly review and audit software licenses to ensure compliance and avoid unlicensed usage. Audits should not be your crutch, however. For automated deployments, use valid license checks before deploying rather than just auditing the environment after the fact. Even better, create deployed license thresholds so that when you are close to reaching the limits of what you have already purchased, an alert can be sent to procurement or a tech leader to address the situation before it slows down your operations.
  • Use tech to manage software licenses. It’s your responsibility to know how many software licenses are deployed in your environment. Implement tooling to track and manage your software licenses efficiently, check that the numbers match up with what you have contracted and paid for, and educate employees about the importance of software licensing and compliance to prevent inadvertent violations. In addition to the idea of adding license checks to deployment automation, you can also automate new license provisioning and hopefully retirement if your vendor provides a mechanism for it.
  • Rethink procurement and contracting processes. Software is constantly changing, and your procurement practices need to keep up with new trends in bundling and packaging. Develop and enforce clear policies for software procurement, encourage procurement to ask hard questions around inadvertent violations, and ensure that contract language protects your company’s position if noncompliance is unintentional.

Software vendors must:

  • Set thresholds for noncompliance. Not all software licensing violations are by an egregious amount or a result of flagrant disregard of the contractual agreement. Understand what leeway you’re willing to provide and make it clear in the contract that overage can’t exceed a certain percentage or number of licenses. Provide a time frame for violations to be resolved, such as a 30- or 60-day period after notice is given.
  • Don’t ignore contract governance. Most companies spend their time and effort on contract negotiations to ensure that their interests are protected. Contract governance (the steps to ensure that agreed-upon terms and outcomes are fulfilled by both parties) is often forgotten or ignored. What’s the point of spending all that time and legal hours negotiating if you’re not going to track and monitor that the customer is meeting their end of the agreement?
  • Understand that legal recourse is costly. In the game of litigation, there are no winners — except for the lawyers, who charge by the hour. Legal action is expensive, time-consuming, reputation-harming, and a distraction from strategy and operations. It should always be a last resort. Instead, include contingency plans in the contract that can be triggered in a similar event.

Manage Software Licensing For The Health Of Your Business

Managing software licensing in the past might have been more of an annoyance, but it is evolving into an area of real business-resilience concern. If your technology use violates vendor licensing, you open up the organization to extreme bills for truing up licensing, operational disruptions, prolonged legal battles, and a loss of customer confidence in your ability to manage your tech stack. While many times these issues are addressed as part of governance controls, it is important to operationalize those controls in your technology resilience strategy using automated tooling and enforceable guardrails and processes. And if you think moving to the cloud or SaaS solves your problem, think again: The issue flips from proactive license management to usage governance so that you aren’t hit with unexpected bills for things like data egress, API usage, idle cloud instances, and more.

If you want to learn more, schedule a guidance session on how to keep your technology running.