2023 Software compliance – A new destination

A look at software compliance by Appstrato founder Steven Davison.

The great majority of end users and software management specialists are approaching software compliance incorrectly. Terms and services such as ‘audit defence’ are commonly used. The industry needs to look at IP (intellectual property) or software value to a business rather than focus on reactive processes. Whilst the majority of us accept that software compliance is not as front and centre as it used to be, it is still used as a complex play for many software publishers. Ignore the changes at your peril.

In the ever-shifting landscape of technology, the past two decades have witnessed a transformative journey in the realm of software license compliance, propelled by the meteoric rise of cloud computing. As organisations increasingly migrate their operations to the cloud, the traditional paradigms of software licensing have been upended, giving rise to a complex and dynamic landscape that demands a nuanced understanding and set of remedies.

The advent of cloud computing has redefined the way software is delivered, accessed, and managed. In this blog, we’ll take a look at the evolution of software license compliance, tracing the pivotal moments and shifts that have shaped the contemporary software ecosystem. We’ll also take a quick look at some promising alternative methods to managing software compliance.

Twenty years ago, software licensing primarily revolved around on-premises installations, with organisations grappling with complex agreements and onerous audits. One side truth was that although software audits could prove expensive, it was always the software publisher that had to chase the end user. This game of ‘cat and mouse’ although lucrative for software publishers was also fairly expensive to police and execute on.

From my early start at the Federation Against Software Theft (FAST) in what was then known as the ‘licence compliance’ industry I worked alongside ex CID and policemen (bottles of whiskey in drawers was an actual thing…). Although there was a corporate feel to our work with Microsoft there was very much a focus on counterfeit. Coming into the offices in Slough, UK on a Monday morning I would often see black bin liners of  counterfeit software. This in the early days was licence compliance. Or should I say IP (intellectual property) protection. As FAST grew there was a shift into the corporate world, especially as Microsoft and the desktop exploded.

Fast forward to the present day, and the cloud has emerged as a game-changer, offering unparalleled scalability and flexibility. However, this transition has ushered in a new era of challenges for software license compliance. The decentralised nature of cloud deployments, coupled with the rapid pace of technological innovation, has given rise to intricate licensing models and heightened compliance risks. As a side bar, software overspend is now just a given that many companies are trying to address. Common perception would imply that compliance has been left to the big vendors; possibly, for now at least but it won’t be long before ‘gotcha’s’ are set up by the smaller SaaS vendors copying the larger publishers. Watch out for multidirectional data flows supported by free API’s that facilitate ‘business value’ but also fast track compliance traps…. SAP started it years ago.


In the fiercely competitive arena of software development, safeguarding intellectual property (IP) has become paramount for publishers seeking to maximise their returns on innovation. One of the key strategies employed by software publishers to protect their IP and adapt to evolving market dynamics, is the strategic modification of licensing terms and conditions. This tactical manoeuvre not only fortifies the legal foundation of their products but also allows publishers to align with the rapidly changing landscape of technology.

Unfortunately, what the software publishers have become very good at, is IP optimisation; squeezing every last bit of value out of the software code. For the end users this very often looks like daylight robbery; but in many senses it’s no different to the hotel that changes its rates to reflect the flex in demand. It’s not fair, we don’t like it but it’s not illegal and we all have the choice to choose another hotel or software application.

Major software publishers have consistently demonstrated the agility to adjust licensing terms discreetly, often as a response to emerging industry trends or to address evolving business models. Microsoft  transitioned from perpetual software licenses to subscription-based models with products like Microsoft 365. This shift not only ensured a steady revenue stream but also enabled continuous feature updates and enhanced security measures for end-users.

Adobe, renowned for its creative software suite, underwent a noteworthy transformation by transitioning from perpetual licenses to a subscription-based model with Adobe Creative Cloud. This change not only curtailed software piracy but also provided users with a more affordable entry point, fostering broader accessibility to their suite of creative tools.

Autodesk, a leader in 3D design and engineering software, similarly adapted to market dynamics by moving from perpetual licenses to a subscription-based model. The subscription model not only offered users the latest updates but also facilitated more predictable revenue for the company.

While these transitions often happen seamlessly for end-users, they are strategic moves by software publishers to maintain relevance, combat piracy, and sustain profitability. The subtle nature of these shifts underscores the publishers’ need to balance user satisfaction with the imperative of safeguarding their intellectual property. For the end user, if they struggled to manage their software when it was on premise; now with cloud, the negative payload is double and in some cases triple. The compound growth of software coupled with poor software management practices results in anything from 20% to 36% overspend in software. Of course, the publisher collects their money every month without issue. So now the publishers are well versed in IP optimisation and by moving their software to the cloud they are being paid, regardless of an end users’ actual use of the software.

So, what does this mean for the average organisation in 2023; well for starters the landscape has had some major shifts. Historically a software publisher got to play judge, jury and policy maker, but had to sell their software on a trust basis and perform physical audits either using a reseller or a big four accountancy firm. Often proving to be expensive, time consuming and always having a negative impact on the relationship. Cloud moves this relationship to one where there is zero trust required from the publisher and the balance of impact sits squarely with the end user on a monthly basis (invoice time) rather than when they get caught.

Of course, for the large publishers that have a portfolio of on premise software there is still a requirement to move those customers to the cloud. The tactics are less about a ‘focussed compliance’ and more about ‘this approach would be financially beneficial for you Mr End User’. We are also starting to see some compliance conversations return, whereby publishers employ cloud tactics so that they can automatically track installation numbers and usage. This is certainly an area to watch out for. In many respects this is the worst situation for an end user; whereby they can waste money very easily, the publisher can track everything that is being used and change the terms of usage to create a ‘compliance’ issue immediately. Ultimately the end user has zero defence.

For many companies there is still a focus on audit defence; many software management consultants or contractors will offer ‘audit defence’ services. The harsh and commercial truth is that if you have been approached by a publisher it’s too late, for a number of reasons.

So, what is the solution? The solution is tied to all of the key foundational work that a company would do around software management. The only difference is that there are some additional steps that need to be taken.

The obvious activities are having a central unit of people that manage all compliance and licensing communications with publishers, maybe even a compliance manager. Some  processes around looking out for term changes from publishers. Understanding the attitudes and cultures of the various regions that a publisher operates in, maybe even their quarterly sales revenues. If you want to be super cynical, keep an eye on your own publisher account teams’ sales targets (not so easy). It should be noted by any budding software manager that at a very basic level a licence term change is a very good way to open up a dialogue with a large commercial enterprise who is keeping their software strategy close to their chest. Almost like a ‘distraction’ to get into a building if you like and start talking to the business.

The biggest defence is actively questioning and challenging a software publishers own IP (intellectual property) management process and the value of the software in the business. This really boils down to creating an audit methodology and then testing with the software publisher constantly. The value element is about understanding as a business how the software is used in the organisation. Do we really need every feature, who uses this software and for how long. This is where the software management team take on a slightly different role. It’s more about understanding the business and how software is helping an organisation with its business goals. We are seeing this method in the cloud space via FinOps, it’s not about cutting cloud costs but understanding the value of the software  ie does it help the bottom line.

By taking the ‘challenger’ approach with a publisher you are demonstrating your capability to manage the software and associated licensing. Yes, it takes some bravery, yes there are some risks associated, but the rewards are tenfold. Equally, by asking difficult questions around value and business alignment, you can change your company’s mindset towards how they use and pay for software.

What does this approach look like in the real world?  Well, it does not include an army of licence consultants, it does not require a large upfront technology investment. Instead, it requires a strong contextual understanding of an organisations’ use of a piece of software, a blockchain platform and some licensing expertise. Once set up, it is self-sufficient and can be managed internally.

The future of compliance is changing, it has changed already; in many respects it is a new problem that requires new remedies. Those organisations that understand the new landscape and the associated risks will be the first ones to adjust their practices to counter the new challenges they are faced with. The organisations that are not able to see the new landscape will continue to have Procurement led drawn out compliance projects, and will pay over the top prices for ‘all you can eat’ and ‘non audit’ clause contracts.

As we move into a digital first world where every company depends on software for its competitive edge and, at a very basic level, survival, companies are now starting to understand that there are too many costs and negative impacts on a business to not put the right level of management on software. It’s no longer effective to solely have a purchase or fulfilment team with some audit software to manage your whole software estate. Neither is it effective to have a fully managed outsourced service that purely focusses on a very rigid compliance or cost reporting schedule. Instead a fit for purpose, target operating model needs to be built from the ground up and then bespoke governance and resource applied to suit the business.