Licensing the Cloud: Software Distribution and Use in a Remote Access World
Whether we like it or not, and whether we agree or not – software developers have a right to decide how and where their licensed products are run. There have always been arguments in this area, where software license purchasers take the position that they should be able to do what they want with their licenses, and where commercial software developers believe they have the rights to dictate authorized usage. Truly, when it comes down to the legalities of it all, the software companies will win because they have the legal footing to fall back on – the EULA containing use rights and terms which licensed users have agreed to.
The problem has been ongoing, with software developers constantly and consistently seeking methods to reduce unauthorized software distribution and unsupported use, and users spending amazing amounts of time and resources finding ways to break the rule. Copy protection, “phone home” license validation models and all sorts of approaches have been developed to prevent software theft and unauthorized distribution. But it happens anyway – a lot – and the cloud is turning into a great facilitator. Surprisingly, it’s an “in your face” approach, too, where the previous iteration of web-enabled software theft (unauthorized digital downloads and license cracking) was fairly quiet and tried to be secretive to stay out of the gun sights of the developer. Today’s “flavor” is right out there, being marketed to any and all who care to view the ads.
With businesses more frequently turning to “cloud” server providers to run business applications, it is no wonder that the IaaS and PaaS companies would want to make their services easier and more valuable to acquire than the next guy’s. Aside from a groovy control panel and great networking and VM pricing, the added value from these providers is in the applications they are able to service. More frequently, hosting service providers are marketing their solutions in the context of the applications customers run on the service (which makes sense, because the application’s what really matters). Leveraging the brand value and recognition of popular commercial software products makes sense, as it improves overall visibility and increases the potential of the “right” kind of prospect engaging and becoming a customer.
The problem arises when these service providers sell hosting services for, or which support, applications they are not authorized or licensed to deliver, and this is where the argument comes full circle. The hosting provider wants to host applications customers use, customers have licenses for those applications, but not a right to have them hosted. The host deploys the application anyway, because that’s what the customer wants. “What’s the risk?” they ask… “the customer has the software license”.
The risk is, unfortunately, greater for the service provider than for the customer. Even if the customer has a license for the software product, that license may not actually be eligible to run on a hosted server. “Businesses lease computer equipment all the time, and they can run the software on those systems” is the next argument generally offered by the service provider. But, in the eyes of the software developer, there may be a big difference between leased equipment run in-house versus subscribed platform services deployed via a commercial hosting provider. Even Microsoft recognizes the benefit and value of providing “mobility” of application licensing, and has specific licensing models to allow commercial hosts to deploy customer-owned licenses. While many service providers understand and recognize the requirements to ensure that customer applications are properly licensed for hosted delivery, there are a great many who think the rules simply do not apply to them. These folks are introducing a great deal of risk into their hosting businesses, even if they are not willing to recognize it.
When a customer runs their software in an unauthorized manner, they risk losing the rights and benefits associated with their software license. When a commercial hosting company runs software on their servers that they have no right to install and run… they are potentially guilty of unauthorized software distribution and copyright theft.
Actions against facilitators of unauthorized content distribution – you can equate “software” with “content” – have received much press in past months, yet much of the discussion centers on music and video content (as in the Megaupload story). Actions involving commercial software products tend to be somewhat less visible, probably due to reluctance by commercial developers to have what could be perceived as negative press flowing through social media venues. It’s popular to protect music and videos, but hosting providers aren’t seeing the wisdom of preserving the integrity of a commercial software product license. Instead, they’re relying on the customer to indemnify them (the customer has a license, remember?). But the customer can’t protect the host; the host must protect the host – it’s the prudent business approach.
Infrastructure providers, platform providers and businesses operating as application hosting companies should pay close attention to the content living on their servers. Taking a position that the customer has the right to do whatever they want with the system is not a viable position; the precedent has been set that the hosting provider is responsible for the content on their systems. In the case of hosts offering service for small business applications like Microsoft Office and Intuit QuickBooks, for example, it is essential that a service model which conforms to and supports proper license usage be in place, and that any required authorizations are, too.
Software is just another form of content, and the cloud makes distribution of and access to content a lot easier, even when it shouldn’t be.