Could Micro Focus be about to raise its audit game. Again?
Throughout its history, Micro Focus has acquired many technologies that support legacy systems, allowing IT organizations to avoid the headache of migrating to newer technologies. It has also acquired many technologies with a ‘locked-in’ customer base (customers that are either reluctant or unable to migrate to competitive solutions). Micro Focus has also been known as one of the more aggressive auditors of its users, and it has been more willing than many other vendors to resort to litigation in the event of a dispute.
What was expected from the Micro Focus/HPE Merger?
Market response to the merger was mixed, with financial analysts focusing on the ownership split and the size of the deal, and the scale of the challenge ahead with Micro Focus moving from gradual growth through small acquisitions to trebling its workforce and potentially doubling revenues. At the time, Kevin Loosemore (Micro Focus executive chairman) told the Financial Times that the HP product set was a good fit because there was more margin to be made from looking after existing customers than inventing the next big thing.
This may well have reinforced reservations as to whether Micro Focus, traditionally focused on supporting legacy applications, would have the appetite or ability to drive development for the growth products it was acquiring. There were also concerns about the extension of audit activity to the HPE software portfolio (HPE had traditionally carried out very little audit activity and most of that had been focused on the quality management and testing products).
How much revenue comes from audits?
Although I’m often asked what proportion of a vendor’s revenues are made up from audit income rather than from new software sales or support and maintenance revenues, this isn’t something that businesses are typically required to account for. All sales resulting from software audits usually fall under either ‘new license sales’ or ‘support & maintenance’ as they can be legitimately claimed to be one or the other. While there is less room for leverage, and contract terms relating to license non-compliance mean that contractual discounts do not apply, audit settlements are indeed new license purchases because they are either back-maintenance payments or payments in advance for an agreed period (usually somewhere between 12 and 36 months).
Since the acquisition of The Attachmate Group in 2014 there has been an increase in customers seeking help with audits across the Micro Focus product set, and during this time, several license compliance roles at Micro Focus were advertised, primarily in the UK and Europe. A quick check of the Micro Focus website on Monday resulted in nine such vacancies, with one in the Philippines, one in Germany and the rest in the United States, which reflects the industry-wide change in audit focus from Europe to North America over the past 5-10 years. Recruitment at this level does, however, suggest continued growth in compliance activity in the foreseeable future.
Common compliance issues
The most common compliance issues identified by Micro Focus customers going through audits include:
- Poor entitlement documentation, often on both sides – as with any vendor audit, their data may not be more accurate than yours, particularly if purchases have been via resellers or system integrators. The software publisher may have partial or no record of your purchases.
- Over-deployment. A particular issue with terminal emulation software, where at one point the software may have been licensed more broadly and deployed across large parts of the business. Often such products end up being included in builds without any checks on the licensing, and therefore proliferate as the organization grows or builds are standardized.
- Misunderstanding of license terms. For Novell and some NetIQ products, customers are sometimes unaware that ALL accounts must be paid for, whether live or retired, resulting in significant under-licensing in organizations that do not delete user accounts either due to data retention requirements or through poor system management.
- Wrong editions of the product. Again, particularly problematic with terminal emulation products where the product names are often confusingly similar. Time and again audit results indicated that the products licensed and the products deployed were completely different – if the correct products had been deployed many organizations would have had enough licenses to ensure compliance
- Wrong versions of the products. As other software (particularly operating systems) were upgraded, new versions of the software may have been deployed without any check as to what version the organization is licensed for or whether maintenance has been paid for the upgrade.
Longstanding reputation for effective revenue-generation through audits
Micro Focus’s reputation as an aggressive auditor is longstanding and the acquisition of The Attachmate Group in 2014 only reinforced that, as Attachmate itself had a record of effective and aggressive auditing. As many of the products owned by the group are legacy products, with very little either in the way of growth within its existing customer base (often the user-base is decreasing as new systems are introduced) or need for its products from new customers, audit has been an effective way to maintain income for these products. It appears that Attachmate’s audit activity broadened following its acquisition by Micro Focus to include NetIQ and SUSE both of which were growth products whose customers do not generally expect to experience audits, rather than confining them to the terminal emulation software and Novell product set as had previously been the case.
tactical vendor-focused SAM leaves organisations vulnerable
For many organizations such legacy products are often an area of vulnerability, with Software Asset Management (SAM) activities focused on vendors with whom there is regular interaction (purchases, maintenance payments) or whose software is widely and actively used. When software is only visible to a small audience, no new purchases are being made and maintenance is no longer being paid, it is easy for organizations who are managing their software assets in a tactical fashion (focusing on a vendor-by-vendor approach) to miss risk indicators relating to legacy software and systems.
Recommended actions
Those organizations who manage software on a vendor-by-vendor basis should take urgent action to include all Micro Focus owned products in their SAM programs and make plans for dealing with any issues with identified in a proactive fashion. If necessary, seek advice from a licensing specialist to clarify any potential issues.
By contrast, those who take a process-based approach may well be aware of the potential issues. Where prioritization is managed by applying a weighting to the known licensing deltas, IT Asset Managers, software asset managers, compliance managers, risk managers or others with responsibility for assessing licensing risk should consider increasing the weighting for all products in the Micro Focus portfolio given today’s news.
It’s possible that Micro Focus could play to their strengths, and a focus on audit is the most obvious way for it to minimize the impact of its decline in revenue and increase license sales.