Tim Varma

shutterstock_107120729.jpg

In an age where even the most rudimentary applications are being delivered via a SaaS based model, you are not free from being audited on all your software usage. Take it from someone that has been audited (successfully), if there is one guarantee in the cloud, you will be audited for all your software usage! 

When moving your internal systems into the cloud, you must make sure that your Operating Systems, Application Servers, Databases, Mail Servers, etc..  are all licensable in the cloud. What does that mean? You must investigate what licenses ‘can’ be moved to the cloud with your software vendors. Many software vendors have not embraced “subscription licenses” and want to protect their Enterprise Agreement Licenses (ELA’s) = $$$. Several of these vendors have strict rules on moving licenses (extra charges) & many do not allow moving them to the cloud at all.  For instance, Microsoft allows some of their software products to be moved to the cloud, IF you had purchased Software Assurance with your ELA agreements initially. Even in this case, your service provider is required to obtain proof of your licenses and you’ll have to sign a verification form.

Once you figure out what licensing you can move to the cloud, you’re work isn’t done yet. Make sure you investigate how your licensing is affected in each of the following scenarios:

  • Cloud Trials – When you trial a server in the cloud, do you get free licensing? If so, how long? Do you get Not for Resale (NFR) keys, how and when do they expire? These questions will dictate your trial project plans, as free periods will sneak up on you! During the trial, are you allowed to test the entire stack and what are the charges for the Hypervisor, OS, App, and Database?
  • Test / Dev – Does your Software vendor charge for test and/or dev environments? You cannot assume that you can use the same licenses across all your environments. Software vendors have a different understanding of what ‘production’ means!
  • Production – Clearly you will be charged licensing for production, but even production isn’t always so simple. For instance, how are you charged for software in the cloud: by virtual machine, by memory usage, by vcpu, etc..?
  • High Availability – When you deploy highly available systems that are active/active or active/passive, you must understand how the software vendors license these scenarios. Again, each vendor treats these differently so you must do your diligence before deployment.
  • Disaster Recovery (DR) – DR opens up an entirely new can of worms. If you have DR in place, you need to fully understand what DR means to each of your software vendors. If your DR site is idle and is never touched, do you need to pay for the software? When you test your DR Failover, do you need to pay for the Software?

These are a few of the areas you need to research as you move or have moved to the cloud. Even cloud companies don’t fully understand the licenses they allow or resell. Don’t assume that the Cloud companies are on the hook to protect you, they are not. With the growth of the cloud, software vendors are targeting cloud companies for audits.

If your cloud company gets audited, chances are your phone will ring.

Secure Cloud Solutions for SMBs | Whoa.com