Following the Rules: Users and Licensing for Hosted QuickBooks
I have said many times before that the licensing for QuickBooks desktop editions appears to be a bit complicated, and a lot of that may have to do with the fact that so many people use QuickBooks in so many different ways. With a solution like QuickBooks (or Microsoft Office or other really popular and widely used software products) there is a tendency for folks to want the flexibility of accessing their software regardless of what computer they are using. Also, especially in businesses, there is the habit of installing software on a computer and then allowing anyone sitting at the computer to use the software. In some cases these approaches are okay with the software vendors, but in most cases they’re not. Yet too often, the small business owner doesn’t find out what the actual rules of using the product are until they try to deploy the software with a hosting service provider (because nobody ever actually reads the EULA, do they?). If the provider has any credibility at all, they will enforce the licensing rules of the software, but that doesn’t always sit well with the customer.
This situation rears its ugly head quite frequently in the QuickBooks hosting world. Perhaps it is because there are a lot of possible working models involving QuickBooks users, or maybe it’s simply a matter of people not seeing the value of paying for what they want to accomplish. Either way, service providers find themselves being challenged every day in trying to explain to a customer why they need to have more than one license for QuickBooks and more than one service account if they want more than one person to access the hosted solution.
Different people at different times: The Concurrent User approach
One of the arguments people make for not having licenses for all of their users is that they don’t actually need everyone in the system at the same time. The belief is that there should be licenses enough only for the number of concurrent, or simultaneous, users that will access the system, yet each individual human being/user should have a login to the system with the software available (for convenience, of course). A QuickBooks 3-user license, they believe, should be able to be used by any number of business users as long as no more than 3 of them are in QuickBooks at any given time.
While the customer may be making a reasonable argument, it all falls down when you consider the license agreement for QuickBooks. Each user of the product is supposed to have a specific license. A business with a 3-user license (or 3 single-user licenses) for QuickBooks has the rights to allow 3 people (unique human beings) to use the software, not any combination of people as long as they number no more than 3 at a time. There is to be no sharing of licenses, and there is no “concurrent” licensing model: each person/user/human being is supposed to have their own license for the product no matter how often they access it.
Look but don’t touch: The Read-Only User approach
Another of the arguments people make for not licensing all of their users is that there is somehow a belief that if you don’t actually enter information, then you aren’t really using the software. This often comes up in situations where an accounting professional works with their client, or when business owners want to occasionally see what’s going on in the company. The approach centers on the concept of what a “user” is and suggests that users are the people entering or changing the data, and people only viewing that information aren’t really “users” at all. When the bookkeeper opens QuickBooks and enters an invoice, the bookkeeper is recognized to be a user. But when the business owner opens QuickBooks to view the financial statement or see the bank account balance, isn’t the business owner also a user? Yup, they sure are. Any person that actually opens the program on the computer is a user, regardless of what they do when the program is open. Just looking around at the data still requires that the program be open, and opening the program requires a license.
Two Fer: But the other hosting company lets me…
Just because you can do something doesn’t mean that you should. So, just because a different hosting provider might let you get away with things that aren’t right (but perhaps are convenient or cost saving in the short-term) doesn’t mean you should expect a different host to allow the same thing. If your current host says things like “as long as you don’t tell us…”, you should be concerned. This often comes up in a hosting scenario where there is an outside accounting or outsourced back-office professional working with a hosted client business. The outsourcer will want to access the client books, so they will want to have a login and access to QuickBooks software on the host system.
The trouble starts when the outsource professional doesn’t want to have to pay for their own service or licensing, yet they want to be able to login to the system and run QB just like the client does. Falling sometimes under that attempt to leverage a concurrent user approach (see above), these outsourcers just aren’t realizing that the benefits of accessing their client information and working in real-time with that data is often valuable enough to support the cost of a hosted account and license. Instead, they want their access to be free of charge and not be bound by silly rules of licensing, often because their client won’t want to pay for the accountant service in addition to their own.
This is when the “if you don’t tell us” stuff comes in – where the service provider may suggest to the accountant or outsourcer that they can simply login as the client and nobody would be the wiser. I’ll fess up and say I have even entertained this idea with clients a few times but always shy away from discussing it in-depth. While it is basically true that the service provider doesn’t generally know which exact human being is sitting at the other end of that remote desktop connection, that doesn’t mean that it is okay to leverage it into an abuse of services or licensing.
Two or more people sharing a single login just isn’t good ju ju, and it’s usually against a whole bunch of licensing rules and rights of use. The funny thing is that many customers who initially leverage their service in this manner end up finding it was a really bad idea. I saw a scenario a few years ago where a business allowed their outside auditors to share the logins of regular employees in the finance department. When an employee tried to login to their remote desktop, they opened the session the auditor had open – exposing the employee to a lot of data that was not theirs to see but which the auditor user in QB had access to. The company called it a security breach and it was on their part – and it was allowed to happen because they shared their remote desktops with the auditors rather than giving the auditors their own accounts with their own security profiles. What seemed like a good, cheap approach on one day rapidly turned into a big issue the next, and the service provider had no power to prevent it from happening.
The moral of this story is simply that following the rules is the right thing to do and most reputable hosting service providers will try, even if they don’t end up doing it really well. There are always going to be those who figure that the risks don’t measure up to the potential rewards, so they will do what they choose to do. I’m always left wondering about those guys; if they have no problems breaking these rules, I wonder what other rules (or confidences) they are willing to break. Hmmm.