Nike’s Weak SAM Processes Could Be Costly
Quest Software seems to be keener than ever to protect their Intellectual Property. Lately the world has heard news about the software company’s recent court proceedings against Nike, in an attempt to punish the sportswear company for breach of software license agreements, copyright infringement and violation of the Digital Millennium Copyright Act (“DMCA”). The tech company is also looking to expand their Software License Compliance team within their Legal Department, which seems to indicate an increased interest in performing new software audits.
In the court complaint document Quest alleges that Nike has breached the previously signed license agreements by installing the software on an increased number of devices than allowed in the signed SLA and of permitting more devices (than the numbers agreed in the SLAs) to access and use the software. To make matters worse, Quest claims that it has discovered unauthorised (pirated) software license keys installed on Nike owned computers.
Is weak SAM to blame?
If we can attribute the first two complaints to negligence and poor control over the software environment the last accusation implies not just weak SAM policies but also a conscious breach of the IP laws. On many of their software products Quest uses a built-in security system that requires customers to enter specific keys to access and unlock the features of their software, of which Quest keeps a record of all authorised license keys issued over time, along with the name of the company for which the key was released. Due to this, they have the possibility of immediately identifying any unauthorised license keys installed, once these have been collected from the environment. Without Quest’s authorisation certain issued keys have been “cracked”, pirated and distributed online for illegal download and it is Quest’s belief that whoever looks to use such unauthorised software has to “affirmatively seek out and obtain them from sites known to traffic in counterfeit or illegal downloaded intellectual property.”
Arguing the extent of non-compliance
At the start of June Nike has filed a counter-lawsuit, admitting to owing Quest $349,000 for unlicensed software, which is a very small amount compared to the figure that Quest has calculated for Nike’s unlicensed software usage – $15.6 million. So why this huge difference?
First of all, any software vendor can seek recompense on what they deem fair. In this case we’re not just talking about someone being short of licenses. Essentially Nike is accused of copyright infringement and illegal use of Intellectual property. In reality, most vendors present the RRP (Recommended Retail Price) with support costs on top (with back-support maintenance from the year the software was released or installed plus interest to current date) and a multiplier for using the pirated keys. Secondly, the retrieval and consolidation of Quest license keys is a very laborious process and old versions of products installed do not always present complete license key information as to what edition and add-ons they have in use.
In an audit scenario, Quest can apply extrapolation methods and, in the case that a key file was not found or where the key file was not reporting an edition and add-ons installed it will seek to extrapolate all such keys to the highest product key found on the estate or the highest product key found in the customer’s entitlement records. It is then up to the audited company to try and provide extra proof that those higher editions of products (which, obviously are more expensive) are not actually in use. All this translates to increased costs due to time and resources spent in the audit process.
Typically, what we see with vendor audits is a reasonable attempt to negotiate. Frequently, that means the customer agreeing to the fact there is a deficit and working with the vendor to reach a settlement that’s realistic. In the case above the two parties could not yet reach a settlement position and the dispute has moved to the courts.
Software Asset Management advice from the experts
In order to mitigate such a compliance risk License Dashboard advises all its customers to perform internal audits, verify all devices that have Quest/Dell products installed and correctly identify all devices that would have the possibility to access and use the products (i.e devices with the possibility of accessing the software remotely, from a central location). This data would then have to be compared against license records in order to correctly identify the potential exposure. License Dashboard can assist with verifying the software footprint (ARP and EXE data) and with the scanning and retrieval of the license key files installed. As for the license records owned, License Dashboard can only rely on the information provided by the customers, which is why it is paramount that clients keep complete and up to date records of all their Quest/Dell license purchases.