SAP – Indirect Usage
It was recently confirmed that SAP has commenced an arbitration against Anheuser-Busch Companies pursuant to the Commercial Arbitration Rules of the American Arbitration Association. SAP claims that their customer has used SAP directly and indirectly without appropriate licenses and is seeking in excess of USD 600 million.
That figure serves as a stark warning for all SAP ERP customers, no matter how big or small. Defining users that have direct access can prove difficult for many organizations, but finding out if SAP software is being accessed indirectly may prove an almost impossible task. With no simple methodology available, and with few SAP-authored documents on the subject, how can organizations hope to tackle and resolve the potential issue before SAP come knocking?
SAP as a software vendor has been around for a long time, so why is this the first many organizations have heard about indirect usage? In truth, it’s been an issue for a long time but penalties and fines for misuse are usually kept between the customer and SAP. It’s taken a court case for the issue to be brought to the public’s attention. It hasn’t been helped by the lack of clarity from SAP – that it is not implicitly stated when signing contracts or renewals.
In addition, there’s the argument that technological innovation has advanced beyond SAP’s almost static pricing model. With integrated workflows, automation, and greater consumer involvement in business processes (for example, customers placing orders directly, rather than through a call center), it’s no longer a simple case of licensing each person that directly access the SAP software.
It could also be argued that SAP’s willingness to take this to court is a clear sign of the way in which they’ve chosen to go: that is, instead of making it clear in renewals and contract negotiations, they’ve decided to bring it to the public’s attention through the courts and huge fines. It’s letting organizations know that they’re under no obligations to modernize their pricing model, properly defining and pricing indirect user access.
Don’t become SAP’s next target for indirect usage
It must be the priority of all organizations that use SAP software to assess the risk involved, not just with indirect but all aspects of usage. Customers don’t feel as though they can contact SAP directly so are left to investigate themselves. At a high-level, questions need to be asked about which systems can access SAP software. All parts of the workflow need to be investigated to determine if there’s a possibility that users could be indirectly accessing it. This is easier said than done and requires a lot of investigation.
Aside from the complex nature of the license review, you may, like Anheuser-Busch before, not believe that the level of access to SAP requires a licence. It may be that only a minor part of the SAP software is being used. Perhaps you believe it’s only being accessed in read-only mode via multiple systems. Maybe you missed the part of the workflow that requires it. Whatever the case, after that initial high-level view, unless you’re 100% certain, you will need expertise to assess the position.
There are vendors out there that have tools capable of discovering indirect usage but it almost always requires human-intervention. It requires people that are knowledgeable about SAP licensing as well as people that are familiar with how your SAP software is being used. An internal review performed by experts can also highlight spare ‘direct use’ licenses that could be utilised should indirect access be found.
What’s clear is that now is the time to conduct an internal audit. Everyone urgently needs to look at their own IT infrastructure to assess where indirect use could be an issue.