1 INFORMATION, COMMUNICATIONS & ENTERTAINMENT Gaining value from software in China kpmg.com/cn
3 Contents Introduction 3 1. IT licensing and compliance in China 4 Case study China Software Alliance: Working both sides The case for genuine software: Security 12 Case study ChinaSoft: Navigating the middle ground Pricing and simplicity 16 Case study Microsoft: A wider approach to compliance Conclusion 22 Contact us 25
4 It is time to reconsider some of the assumptions associated with software and intellectual property (IP) in China.
5 Introduction Danny Le Partner and ASPAC Head IT Advisory KPMG China Ning Wright Partner in Charge Technology, Media and Telecommunication (TMT) KPMG China Among software developers, vendors and enterprise users there is an increasingly widespread understanding of the cost and value of IP. This understanding is evident in the behaviour of both government and business. The former has put forward a steady stream of policies and encouraged more effective enforcement. These include guidelines on IP protection promulgated by the State Council in The latter has set out to create and acquire valuable and profitable intellectual properties. The government s increasing support and enforcement of IP demonstrates that the recognition of IP right is not only valuable proposition for commercial enterprises but also to China as it endeavours to move up the manufacturing value chain and foster a viable high technology industry. The increasingly sophisticated approaches of software developers in China combined with constant publicity have had a visible effect on the enterprise users, which represent the largest portion of revenues. Pronouncements on the widespread lack of compliance have got developers only so far in improving the situation and boosting revenues. Other approaches are rapidly needed. One reason to support improved compliance is safety and security. Illegitimate software poses many risks to organisations. Whether through neglect, ignorance or willfulness, many organisations still ignore these risks. Another challenge to overcome is communication within an enterprise. Research shows that in many enterprises there is a communication gap between executives and IT implementers. Unless strong corporate governance frameworks are in place, this lack of communication may lead to or exacerbate compliance issues. This is a challenge that many large enterprises face and is by no means unique to the China market. A third issue is the relatively undeveloped state of software asset management (SAM) practices. SAM can help companies along the road to better compliance. Enhanced compliance through SAM can result in a reduction in total cost of ownership with more reliable performance and lower legal and corporate governance risks. The enhanced compliance practice will result in cost savings in the software s total cost of ownership, more reliable performance, and reduce the risk of legal and corporate governance compliance liabilities. Practical approaches to address these problems such as developing stronger SAM frameworks, crafting licensing programmes that are easier to understand and apply, and working to bridge the information gap between executives and implementers, are all important ways of addressing noncompliance. It is also important to tailor business approaches to the realities of the domestic market by pursuing models that allow for more flexible pricing while limiting opportunities for non-compliance, including through the use of cloud computing and software-as-a-service (SaaS). This is more advanced in China than many people realise. All these factors deserve consideration as developers and vendors generate and implement new and more effective strategies to expand legitimate customer bases and revenues in China. Gaining value from software in China 3
6 4 Gaining value from software in China IT licensing and compliance in China
7 Ongoing efforts by software developers to encourage licensing compliance among vendors and enterprise customers in China have helped to increase awareness of the value of software as intellectual property (IP). The result is that software compliance is now more common, but not yet a routine part of the IT and business information strategy for many executives. There are many reasons for the presence of unlicensed software among enterprise users in China. The most common are efforts to save money, a lack of distinction between legitimate and pirated products bundled with hardware and difficult or time-consuming procurement procedures. 1 Further common reasons include licensing agreements negotiated by different parts of a company, the deployment of demos as production software, complex licensing agreements and weak software asset management (SAM) practices. At times, enterprise management simply overlooks the issue of software compliance. Government and industry bodies are increasingly recognising this. In July 2008, Yan Xiaohong of the National Copyright Administration pointed out at a consultation meeting that IP is an increasingly important national and strategic resource and a major factor in China s further development. The requirements of heavy investment, counterbalanced by the ease with which copies can be made, makes software a particular challenge in the area of IP protection, he explained. 2 Interviews with users and vendors as well as an analysis of past studies indicate that one of the most significant hurdles yet to be overcome among enterprise users is a lack of perceived value in attaining full compliance. Many remain to be convinced that it makes financial sense to rapidly step up their compliance efforts. This perception is changing. Studies show that companies that use legitimate software actually cut costs and generate higher revenues. Also, as KPMG research shows, there are significant operational and security advantages to using legitimate products. (See The case for genuine software security on page 12.) Our research suggests many executives have yet to include software licensing into their business planning as a matter of course. An expansion strategy may require additional IT capabilities such as extra hardware or more access to servers. However, rarely do executives question whether their agreements with vendors allow for such an expansion, of the cost of giving more users access to a particular software or service, or whether they have the contractual right to install and use software acquired by a subsidiary company or an office in a different jurisdiction. Meanwhile vendors or the developer s in house sales force may be more focused on selling software than on considering the licensing implications for the end user. The resulting infringement of software licenses stems from a focus on speed, unrealistic expectations of lower costs and a lack of communication between the executives who develop strategy and the implementers on the ground. 1 The Impact of Software Piracy and License Misuse On the Channel, a White Paper by IDC, June 推 進 企 业 使 用 正 版 軟 件 專 家 組 会 議 在 京 召 開, China Software Alliance wedsite, 5 August 2008 Gaining value from software in China 5
8 6 Gaining value from software in China The importance of Software Asset Management Interestingly, an enterprise may not need to acquire more licenses to tackle compliance issues. Costs can be managed by better identifying who has access to specific software products. Knowing the actual technology needs of a specific enterprise is an important first step. SAM is a business practice designed to lower IT costs that is emerging globally but has yet to become part of corporate culture. Among Chinese enterprises, SAM is still a nascent practice. SAM needs to become an integral part of IT governance best practices which many of the Chinese enterprises, are pursuing. SAM is itself a recognised ISO best practice (ISO 19770), and can easily be adopted by an organisation in tandem with other best practices as ITIL and ISO/IEC SAM helps an enterprise determine its software assets, where they are located, how they are configured, how they are used and who uses them. SAM helps enterprises systematically track licensing agreements, updates and developments. Enterprises are still prone to loading every piece of software onto every computer. Perhaps IT simply set up desktop and laptop computers from a master disk but not every employee needs every piece of software used across an enterprise. A typical SAM model would include the mapping out of IT throughout an organisation, creating and verifying an inventory of hardware and software, creating a record of license entitlements and ensuring periodic internal audits. It could also help to determine how various enterprise functions use software and hardware, mapping out the acquisition, deployment and retirement of IT assets. 3 For organisations in China, managing these issues in a context of dramatic economic growth can be key in helping make the right decisions and the right purchases. Moving towards higher compliance Economic growth and the emergence of more sophisticated enterprises with global operations could transform China into the largest software market as licensing compliance becomes commonplace. As it is, China is already the second largest PC market in the world and accounts for 18 percent of all global shipments, according to IDC, the market research company. Hardware expenditures are growing at about double the rate of developed markets. The growth of PC market and computing users engendered the rise of a number of domestic software developers. These developers have managed to adapt to the market, with some experiencing double digit growth, by adopting various business models outside of the traditional software licensing revenue models. Large multi-national software developers, however, have not fare as well. Licensing revenue growth, the mainstream revenue model of large multi-national software developers, has trailed far behind China s economic growth and the growth of computing user population. The rapidly growing market for hardware and software services is well illustrated by Internet usage statistics. At the end of 2009, there were 384 million Internet users in China 4, the highest number in the world. Internet penetration hit 28.9 percent. This is in line with the average globally, but below many developed markets, suggesting opportunities for further growth. 3 Software Asset Management: A Key to Infrastructure Optimization a KPMG International survey, Information from the China Internet Network Information Centre.
9 Unfortunately, the rapid growth in technology users has not translated into increased revenue in software licensing. This suggests a potential gap in licensing compliance management. Increasing licensing rates among enterprise users could translate into billions of dollars in income for software developers. Even in a scenario where the number of users remains static, just generating more revenue from existing users would be a significant boon. More widespread use of SAM could go speed up this process. Four approaches that have helped boost compliance around the world have also been somewhat effective in China. These are vendor-driven legalisation programmes and negotiations with hardware suppliers; government-driven education and enforcement; technology shifts and more widespread use of SAM; and new distribution models including shipping hardware with open source software, offering free trial software bundles, the use of cloud computing and sales of software-as-a-service (SaaS). 5 All of these approaches are developing in a positive direction across China. There are many instances of domestic enterprises actively moving to improve their level of compliance. The momentum is evident in declining non-compliance rates. Developers and vendors are also finding better ways of encouraging compliance through carrot-and-stick approaches that combine education and better distribution as the carrot, with more effective enforcement as the stick. The combined impact of these developments is a significantly altered landscape for software IP as entire segments better grasp the benefits of using legitimate software, including better support, reliability, protection and post-sales service. Since 2004, software piracy in China has dropped 10 percent, according to the Business Software Alliance, a think tank that promotes software IP. 6 This success is tempered by the estimated USD 6.67 billion that software companies lost in China in 2008 alone to illegitimate or pirated products. Only in the United States were the losses to piracy larger at USD 9.14 billion. Nevertheless, the rate of compliance is rising. Zou Bian, a professor of computer programming and secretary general of the China Software Alliance, says the market as a whole is moving gradually towards more compliance. Mr. Zou believes more enterprises are willing to work with vendors to improve compliance but they may not to have the capacity to do it in one swift stroke. Another factor worth considering is the rapid emergence of truly Chinese multinationals with significant operations in markets that make IP protection a matter of law or a requirement for issuing and maintaining public listings. These companies operate in a wide range of industries and now have reputational and regulatory reasons to be fully compliant both at home and abroad. The attraction of illegitimate products Critical to rising compliance levels is customer access to legitimate products, says Mr. Zou. At the consumer level, and often at the enterprise level outside of the larger centres, counterfeit and illegal products are easier to acquire and install. A Microsoft study in June 2009 found counterfeit products are more visible during the pre-purchase and purchase phases of the vendor-buyer relationship. Genuine products take 5 08 Piracy Study by the BSA and IDC, Released May Piracy Study by the BSA and IDC, Released May 09 7 Emerging Markets Windows Assessment Qualitative Highlights by Harrison Group, June 2009 Gaining value from software in China 7
10 8 Gaining value from software in China Legislators and law enforcement play a role The Chinese government has been calling for more respect for IP for decades. In April 2008, the State Council led by Premier Wen Jiabao approved a series of proposals known as the Guidelines for the National Intellectual Property Rights Strategy, developed by the State Intellectual Property Office in tandem with other government departments. The government has also put rules in place that require all original equipment manufacturers (OEMs) to ship hardware installed with legitimate software. A new IP law passed in late 2009 has also played a positive role and incorporates many of the provisions of similar legislation in the European Union. In April 2010, Microsoft won a significant victory in Shanghai. After almost a year at trial, Microsoft won its first copyright infringement lawsuit against a Shanghai-based insurance company. It was the second significant court victory for Microsoft, following its successful prosecution of a popular pirated software distribution website. The Business Software Alliance hailed it as a milestone in the fight against software piracy. In another case in July 2007, the Intermediate People s Court of Shenzhen issued a civil penalty against a product manufacturer for pirating product lifecycle management software. Interestingly, the case was not initiated by the the company concerned, but by the local Intellectual Property Office of Shenzhen, following a license review. Municipal governments have also stepped up. In early 2009, the city of Chongqing said it would protect (IP rights) throughout China for those companies which decide to locate in the city. The city of Hangzhou had made similar commitments to step up enforcement as part of an investment deal with Microsoft. 8 The steps above are only part of the numerous policy initiatives that have emerged from various levels of government. Other examples specific to the software industry include: A joint notice ( 關 于 推 進 企 业 使 用 正 版 軟 件 工 作 的 实 施 方 案 ) from the nine ministry level agencies and the State Copyright Office promoting the installation and use of genuine software across the agencies IT infrastructure. The notice was adopted by the China Securities Regulatory Commission (CSRC), which requires domestically listed companies to disclose liabilities and potential litigation associated with the use of pirated software. A State Owned Assets Supervision and Administration Commission (SASAC) announcement and notice on encouraging better SAM and use of genuine software across the state enterprises under its supervision. A new China Banking Regulatory Commission (CBRC) guideline on information system risk management ( 银 行 业 金 融 机 构 信 息 系 统 风 险 管 理 指 引 ) which requires banks to implement policies and procedures to protect software IP rights, ensure the purchases of legitimate software and prevent the use of pirated software. In addition, the CBRC incorporated a software legalisation disclosure requirement in banks annual filings. These laws and regulations provide more comprehensive legal protection that have been backed by stronger enforcement and more predictable court decisions. The overall result is a growing list of precedent-setting cases. In 2009, courts across China issued more than 30,000 decisions on cases involving IP. 9 Many of these lawsuits are between domestic companies with some involving multinational software developers. There have been several high profile legal cases against large enterprise software piracy. These headlinegrabbing cases have demonstrated the increasing willingness of the government to prosecute software IP infringement on various fronts, not only the suppliers but also enterprise users. Increased enforcement cases and legislation are also evidence of the government s recognition of the importance of software IPR in nurturing and developing the domestic software industry. This should bode well for local software developers in encouraging the development of more enterprise level software solutions that are competitive in the international market, thereby helping software developers ramp up to a scale comparable with their multinational peers. 8 Black, Aaron; Microsoft Tries Carrot to Fight China Piracy ; Wall Street Journal, 16 May Zhang, Gary; An, Xiang; Lu, Jinhua; Zhang, Guangliang; China s IP system comes of age ; Managing Intellectual Property magazine, 2010
11 up a larger portion of consumer awareness later, when they seek updates and support. 7 The study found that most vendors sell mostly naked systems while system builders (often working with the vendors) generally use pirated software. Consumers may also perceive other benefits from using counterfeit products including simplicity (in purchase and installation), price, access to service (for example where technicians also use counterfeit products) and localisation. Scenario 1: Communication challenges in a period of growth Many Chief Information Officers (CIO), the executives most often in charge of developing the information systems that represent the backbone of most businesses, have yet to fully incorporate licensing requirements into their planning. One common scenario involves a discussion of business expansion among the top management of a company and a decision to, for example, move into new geographical areas. The obvious result is new facilities that require new computers with access to the company s servers, databases and IT infrastructure. The CIO would typically entrust IT people whether in house or outsourced to a vendor the job of installing the new hardware. One frequent occurrence is that neither the CIO nor the IT team consider whether the company has licenses for the new terminals or whether the server architecture allows for the new users. Decision-making executives may know that software comes at a cost, but this knowledge is not always transferred to the company s operations. The result is a disconnect between more widespread awareness of the value of IP and the willingness to take significant steps to ensure compliance at the enterprise level. These questions, which would fall under an effective SAM programme, are the ones that software developers seek to address and represent the next logical target in the ongoing efforts to secure more widespread compliance and higher revenues. Finding users is not the problem, but convincing those users to pay for the software on a regular basis may be. We don t need to create usage demand but we must create buying demand, explains the license compliance manager of one leading software brand in China. Gaining value from software in China 9
12 10 Gaining value from software in China The conclusion is that while genuine products are considered more stable, secure and reliable, by itself this may not be enough motivation to sway every buyer. Channel development is the most important area of focus to increase the use of genuine products. Heading in the right direction Ultimately, in China, the numbers speak for themselves. The use of pirated and illegitimate software has dropped while revenues for both domestic and multinational companies have generally increased (with the exception of 2009, when many companies were hit by the global economic downturn). Software developers are selling more licenses now than they did a decade ago in nominal terms. By this measure, they have been successful. However, in real terms, software licensing revenue trails far behind the growth rate of GDP. Growth is constrained by developers ability or willingness to constantly police, push and prod customers and severely hampered by the challenges in managing communication between executive decision makers, IT implementation actors, vendors and governments at various levels. This breakdown stalls many of the efforts to improve licensing compliance that are focused on spreading awareness or pursuing legal remedies. It means decision-makers may be aware of licensing considerations during the planning process but don t necessarily make this awareness explicit to the implementers or include this knowledge into business plans. Bridging this gap in communication is the next necessary step as software developers work to expand their presence in China.
13 China Software Alliance: Working both sides Case study Almost exclusive reliance on the local market has long forced domestic software developers to be more proactive and creative in tackling software compliance. Multinational developers may be able to emulate some of their efforts as they seek to raise compliance levels among enterprise users in China, says the China Software Alliance (CSA). The CSA, a part of the China Software Industry Association founded in 1995, comprises large domestic developers and IT players. The CSA s primary role is to help both the government and software firms raise awareness of compliance issues, fostering a healthy software industry. A secondary mission is to work with enterprise users to legitimise their software. The CSA has been helped in its efforts by two separate developments. The first is a series of progressive government initiatives that started in 2002 that have required central government departments, then provincial government departments and finally enterprises to use legitimate software. The second is a long stream of education campaigns by government, vendors and intermediaries on the need for software compliance. On any given year, the CSA will work with dozens of domestic companies to legitimise the software they use. Progress has not always been easy but domestic enterprise users are increasingly eager to be compliant, says Sun Yan, a lawyer and the CSA s secretary general. The move towards compliance has been helped along by the efforts of domestic developers to put out products better suited to the domestic market. It is this ability that multinational developers would do well to emulate, whether in their offerings, flexible pricing structure or in simpler licensing contracts. Zou Bian, a director at the CSA, says the global footprint of many multinational developers often means that they would only feel a limited impact from IP infringements in China. Domestic developers, on the other hand, may rely for their very survival on raising compliance in the local market. Nevertheless, notes Mr. Zou, cost is not an excuse to be non-compliant. Mr. Zou says there are enough alternative products that enterprises generally have the option of bypassing an expensive offering by a multinational developer in favour of a lower cost alternative developed locally. Software is a tool for manufacturing or production. It is like machinery. It helps enterprises make money and make profits, says Mr. Sun. Morally, enterprises need to pay for it. It has to be acquired in accordance to the law. Gaining value from software in China 11
14 12 Gaining value from software in China The case for genuine software: Security
15 A very compelling but little-heard argument for using legitimate software lies in the enormous potential risks to Information, Communication and Telecom (ICT) infrastructure associated with pirated or illegitimate products. Availability, lower prices, ease of acquisition and apparent effectiveness make illegitimate software attractive. 10 However, recent research by KPMG China shows illegitimate software poses very significant security risks. Software downloaded from the Internet can be particularly dangerous to ICT. The potential risks include data theft, more frequent malware attacks, extortion and unwitting information disclosure. Companies using non-genuine software are 73 percent more likely to lose confidential data and 28 percent more likely to lose customer information, according to one study. 11 More than a quarter of websites around the world that distribute pirated software also distribute malware. The BSA says there is significant evidence to link software piracy with the frequency of malware attacks. 12 KPMG China examined software from more than 100 websites that offered free downloads to determine if it included malware or presented other dangers to enterprises ICT. Our examination included some of the most commonly used enterprise and consumer software products. The findings from the KPMG examination were quite revealing. Virtually all of the pirated products tested, which includes some of the more popular operating system, database, antivirus and office software, are embedded with some kind of backdoors, viruses and malwares. Back-tracing these modifications revealed that many originated in China. Dangerous contamination Although some level of contamination was inevitable, the results were alarming. Much of the downloaded software was accompanied by Trojan horses, viruses, adware, annoying pop-ups and a variation of builtin back doors that create multiple vulnerabilities. Many of these add-ons are designed to change the security settings in the computers where the software was installed and allow the computers to be controlled remotely or download and propagate viruses. Some changes are only intended to generate commissions. The legitimate software is only altered to allow for toolbars or pop-up advertisements which, in turn, may earn the hacker revenues when they are used. Other changes are more insidious, allowing remote access, the download of information and even the enslavement of a terminal or network in a cyberattack. For hackers, the opportunity lies in achieving scale. For example, modified versions of Windows XP were downloaded more than 100 million times from a popular pirated software distribution website before the site was shut down by authorities in 2008 in the largest piracy case in the world that year. The site also included products developed by other wellknown software brands. 10 An Inconvenient Reality: The unintended consequences of non-genuine software usage, KPMG India, Impact of the use of unlicensed software in mid market companies, white paper by Harrison Group, Internet Piracy Report by the Business Software Alliance released October 2009 Gaining value from software in China 13
16 14 Gaining value from software in China The more frequent dangers include: Trojan horses: These are programs hidden inside other software that give hackers access to PCs, networks or both. One vicious example is Gray Pigeon ( Huigezi ) originally developed as a legitimate remote administration tool. Huigezi, can spread within a network. Another, MSSCKETS can spread through anetwork and secretly download files from the Internet. Adware: Adware may include pop-up ads or toolbars that may be only an annoyance for the user but generate commissions for the hacker, vendor or both. Malware for phishing: Some software includes potentially dangerous malware that may lead users to websites disguised as legitimate but are used to steal information. Viruses: Viruses are present in a wide range of downloaded software. One example is Virus.ALS.Bursted, which poses little threat itself but is able to communicate with a remote server to download other malware. This sampling of illegitimate software and the modifications described may only represent the tip of the iceberg. There is a very wide scope for illegitimate software to be downloaded, copied from grey-market vendors or acquired from distributors without a real link to the original developer to include dangerous modifications. Illegitimate software, system failures and data loss The safety concerns outlined above represent one of two potentially expensive technical dangers created by illegitimate software. The other is system failures which may result in a lower productivity and potentially expensive data losses. Companies that include SAM into their strategic planning as well as a comprehensive IT plan are less likely to use unlicensed software and more likely to benefit from the long-term cost savings of using more stable and reliable products. According to a 2008 study by The Harrison Group, companies using fully licensed software actually spent less of their revenue on IT (about 0.5 percent) compared to those using unlicensed software (0.7 percent). 13 Careful and detailed software planning, one of the key components of SAM, is an important avenue to limit IT costs and the risks associated with unlicensed software. 13 Impact of Unlicensed Software on Mid-Market Companies, White Paper for Microsoft by The Harrison Group, 2008.
17 ChinaSoft: Navigating the middle ground Case study ChinaSoft International is an IT outsourcer and software developer that creates customised enterprise solutions focused on China. ChinaSoft is listed in Hong Kong, works across the country and has many international customers. As a large and growing domestic software developer it understands the value of IP, the importance of compliance and the challenges domestic enterprises face in ensuring all their software is legitimate. As far as its own IP is concerned, ChinaSoft has fewer challenges than other software developers. The company uses its ResourceOne middleware (a piece of software that links multiple applications and services) that is specially designed for the Chinese market. With ResourceOne, ChinaSoft develops large business solutions that allow enterprises to better manage every aspect of their operations. Customers pay for a ResourceOne license but they don t actually use ResourceOne directly, and couldn t use it even if they wanted to. Even if it gets stolen, enterprises still don t have the application-level software, explains Senior Vice President Fanny Chan. Our model gives us a lot of immunity to the kinds of licensing challenges that other companies face because ResourceOne is virtually useless on its own. The company also takes internal compliance seriously. The issue is particularly important for ChinaSoft because of its size and public profile. The company does bi-annual audits, which Ms. Chan says are important to running a secure business. We purchase a lot of Microsoft products for our own use. Can we copy those products? Technically, sure we can. But of course our priority lies in supporting the business of our strategic partners, says Ms. Chan. ChinaSoft s history of growth alongside China s software development industry also give the company a unique understanding of the pressure other smaller companies face in staying on top of licensing issues. Software products sold by multinational developers are often too expensive, Ms. Chan explains. A lot of people want or need to use the software but may not be able to afford it, she says. Do software developers really understand this market? Ms. Chan suggests developers consider much lower prices and creative business models that rely on software-as-a-service (SaaS) approaches, cloud computing or to follow the success of mobile phones and sell software only to manufacturers and not directly to the consumers. Putting more emphasis on pay-byservice models might change the whole issue for the consumer, she says. Not every approach will work for every developer, but bringing more enterprise users up to full compliance will require a pragmatic approach and understanding that most enterprises actually care about being compliant. And the reality is that there has been progress. Do large enterprises want to run the risk and use illegal software? Do they really want to run that risk and put their reputation in jeopardy? Probably not, says Ms. Chan. They don t need to. They can afford legitimate software. Using illegal software is just not worth it, particularly if they are a large listed company. Gaining value from software in China 15
18 16 Gaining value from software in China Pricing and simplicity
19 Over the past decade, software developers have watched economic growth across China trigger the formation of new companies and entirely new industries. Often these developers have found it a challenge to boost their own revenues from enterprise users at the same rate. In interviews with industry executives, conducted for this report, two main sticking points regularly emerge that software companies should consider when formulating their strategy. The first, price, is already the subject of much debate. Enterprise users in China say the cost of products developed by multinational developers is typically far higher than the cost of domestically developed alternatives and illegitimate options. The relatively higher cost of legitimate software may be easier to justify if it can help support wider cost, growth and risk management strategies. The second point, one that bears more regular consideration, is the complexity of licensing agreements and a level of discomfort among enterprise users in dealing with contractual arrangements. Particularly for the more complex enterprise solutions, licensing agreements can appear dauntingly complicated. Enterprises (or at least those IT implementers who set up computers, servers and networks) can often have difficulty understanding the nuances of licensing clauses. A piece of software on a server may be licensed for 400 users but have the technical capacity for 10,000 users. Just by making a choice on a control panel, an IT technician may make a company liable for millions in licensing fees. Moreover, that technician may have no authority over budgets, procurement or the company s expansion strategy. SAM practices are a critical means of improving the situation, but they are still evolving and need to be accompanied by thorough risk management. The China Software Alliance (CSA) says many of its members believe software from multinational developers is unreasonably expensive. They say there are domestic alternatives at much lower prices, even if those alternatives lack some of the functionalities of the more branded products. Domestic enterprises cannot afford to pay what developers want, particularly if they have to pay millions just to be compliant on the software currently installed. For their part, overseas-based head offices of software developers have been often reluctant to adjust pricing structures to fit the domestic market, but it has gradually happened and in many cases today the China version of a software product is sold at a lower price than the version marketed in certain other markets. Different companies have taken different approaches, but a common theme among multinational vendors is a more concerted effort to engage and gather feedback from China-based users (see case studies). The reluctance to lower prices is understandable. China has yet to produce many examples of software developers achieving substantial and consistent revenue growth from licensing over a number or years. On the other hand, China-based Gaining value from software in China 17
20 18 Gaining value from software in China executives say it is difficult to convince users both enterprise and individual to buy products they see as too expensive. The resulting pull and push on pricing is a chicken-and-egg dilemma in which one side believes discounting prices lowers value and brand image and the other argues that lower prices will lead to higher revenues. The license compliance manager of one international software company explained to KPMG that his company has had to deal with that very dilemma. He believes China is already home to millions of users that could Scenario 2: Understanding agreements Often neither managers nor IT implementers fully understand the complexities of licensing agreements. They may not fully understand how the price of a license is affected by the number of users, the number of processors involved in a server, how the software will be used or how it is configured. The difficulty may be exacerbated by the decision-making structure in a particular company and who has the overall responsibility over budgets and procurement decisions. The IT manager may simply not have the authority to enter into a contractual agreement on behalf of the company, but may easily have the ability to alter server settings in a way that has cost implications. Another potential scenario involves a CIO outsourcing software installation to a vendor. It is not uncommon for vendors to take software that was meant as a sample or supposed to be used in a single terminal and spread installation around the company. In a number of KPMG SAM review cases, it was noted that the company IT personnel was unaware that software installed on servers required additional licenses. Worse still, a lot of the software may not be used by the company, but was initially installed by a vendor for testing purposes and never removed. Alternatively, the software was part of a packaged solution and the vendor never informed the company of additional license requirements. The liabilities for these installations are often not known to an enterprise until the software developer conducts a license review - by which time the vendor is long gone and the company is left holding the bag. be a source of globally significant revenues. However, the promise has not yet materialised as China accounts for only 3 percent of the company s worldwide revenue. Enterprises that understand their software asset needs and how these align them to their strategy are beginning to realise the benefits of compliance. However, users still have to take into account local needs when selecting software vendors. More sophisticated users may have to resolve internal considerations to strike a balance between the need for the best products and a reluctance to pay fees on an ongoing and long term basis or be stuck dealing with a single product. Enterprise users have to decide between the higher up-front costs of legitimate software and the risks of sticking with cheaper unlicensed products. In the past, the risks associated with using non-legitimate products were considered minimal, but the balance is shifting and the apparent savings are a mirage if unlicensed software actually leads to higher IT costs, more system failures, loss of productivity and the risk of serious data losses. 14 Domestic approach Domestic software companies are developing an increasingly sophisticated range of products and are very aware of the need to leverage their IP advantage to secure revenues. In some respects, they have been more flexible than their multinational counterparts in their approach to the local market and have found ways to make their products pay, even if their margins are smaller. Some companies have found ways to leverage widespread Internet use into successful revenue models. 14 Impact of Unlicensed Software on Mid-Market Companies completed by Harrison Group in 2008
Managing Security Risks in Modern IT Networks White Paper Table of Contents Executive summary... 3 Introduction: networks under siege... 3 How great is the problem?... 3 Spyware: a growing issue... 3 Feeling
Six Steps to Completing a Software Audit and Ensuring Compliance While Saving Money A Guide to Assessing Vulnerabilities and Ensuring Ongoing Software License Compliance 200 West Mercer Street Suite E300
White Paper Are SaaS and Cloud Computing Your Best Bets? Understanding SaaS and Cloud Computing and Service Delivery Options for Real Estate Technology Solutions Joseph Valeri, MBA, MS President, Lucernex
Empirical Analysis of Software Usage to Drive Policy Recommendations May 19, 2015 USCD Jared W. Ragland BSA The Software Alliance Outline Introduction to BSA Global Studies and their Methodology 2014 BSA
Cyber Security and the Impact on Banks in China Regulatory Policy Development and Updates March 015 kpmg.com/cn Executive Summary The China Banking Regulatory Commission (CBRC) issued two circulars (Circulars
Getting a head start in Software Asset Management Managing software for improved cost control, better security and reduced risk A guide from Centennial Software September 2007 Abstract Software Asset Management
Quantifying ROI: Building the Business Case for IT and Software Asset Management Benefits of IT and Software Asset Management In today s increasingly competitive business environment, companies are realizing
CRM Expert Advisor White Paper Getting Your Head In The Cloud Businesses today hold more data than ever before. As a result, one of the biggest decisions any company small or large has to face is where
EGM on Enabling Environment for the Development of Arabic e-services Beirut, 8-9 March 2011 Software Piracy in the Arab Region Status, Impact and the Way Ahead Mansour Farah Consultant on ICT for Development
Strategic Guide Instant Messaging and Security Businesses recognise that instant messaging can help to improve employee productivity, but are often reluctant to sanction its use due to concerns about security.
Partner Sales Enablement Guide Grow your business with financing from Cisco Capital Providing your customers with a financing option at the beginning of every purchase conversation can help you to meet
COMESA Guidelines on Free and Open Source Software (FOSS) Introduction The COMESA Guidelines on Free and Open Source Software are a follow-up to the COMESA Regional FOSS Framework of 2009 whose main objective
Gold study sponsor: Is cyber security now too hard for enterprises? Cyber security trends in the UK Executive Summary Core statements I. Cyber security is now too hard for enterprises The threat is increasing
Software as a Service Offers Broadening Appeal for Small and Medium-Sized Discrete Manufacturers WHITE PAPER Sponsored by: SAP Simon Ellis November 2010 IDC MANUFACTURING INSIGHTS OPINION Software as a
IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
Mitigating Risk through IT Asset Management Uncovering meaningful information to manage infrastructure assets throughout their lifecycle and minimize business risks White Paper Table of Contents Executive
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
Corporate Incident Response Why You Can t Afford to Ignore It Whether your company needs to comply with new legislation, defend against financial loss, protect its corporate reputation or a combination
Student Research Projects/Outputs No.040 The credit card industry in China The rise of a national champion and challenges for the future Javier L Santomá Vilaclara MBA 2009 China Europe International Business
Global Transaction Banking Survey 2012 Global Transaction Banking Survey 2012 A report from About this survey Executive summary This is the third survey Misys has conducted with Finextra evaluating the
Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs
ISO/IEC 27018 Safeguarding Personal Information in the Cloud Whitepaper Summary The protection of private information has never been a higher priority. Many national and international bodies, including
INTRODUCING isheriff CLOUD SECURITY isheriff s cloud-based, multi-layered, threat protection service is the simplest and most cost effective way to protect your organization s data and devices from cyber-threats.
Intellectual Property Rights In China Intellectual Property Office is an operating name of the Patent Office Contents Intellectual Property Rights In China What Are Intellectual Property Rights? International
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
SEVEN REASONS TO CONSIDER ERP IN THE CLOUD SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND CONTENTS INTRODUCTION 3 TRY BEFORE YOU BUY 4 TAKE ADVANTAGE OF THE MOST ADVANCED TECHNOLOGY 6 GENERATE MEASURABLE
assafras oftware Box 150, Hanover, NH 03755 (603) 643-3351 http://www.sassafras.com email@example.com How to Survive a Software Audit through Effective Software Management By John Tomeny, Sassafras Software
Justifying projects in software license compliance The role of software license compliance within an organization White paper Introduction... 2 Software license compliance the risk... 2 Sources of software
Data loss prevention and endpoint security Survey findings Table of Contents Overview 3 Executive summary 4 Half of companies have lost confidential information through removable media 5 Intellectual property
Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer
Response to the European Commission consultation on European Data Protection Legal Framework A submission by Acxiom (ID number 02737212854-67) Correspondence Address: Martin-Behaim-Straße 12, 63263 Neu-Isenburg,
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
Technology Evaluation Centers Executive Summary To date, manufacturers have been slow to embrace cloud computing. But the proven success of cloud-based solutions, coupled with the promise of a less expensive
Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,
6 June 2012 "Bring Your Own Device" Brings its Own Challenges By Susan McLean and Alistair Maughan The consumerisation of IT is the growing trend for information technology to emerge first in the consumer
Cloud Computing A Small Business Guide. Whilst more and more small businesses are adopting Cloud Computing services, it is fair to say that most small businesses are still unsure of what Cloud Computing
Adoption, Approaches & Attitudes The Future of Cloud Computing in the Public and Private Sectors A Global Cloud Computing Study Sponsored by JUNE 2011 TABLE OF CONTENTS Executive Summary... 1 Methodology
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber
The Computerworld Honors Program Summary developed the first comprehensive penetration testing product for accurately identifying and exploiting specific network vulnerabilities. Until recently, organizations
Practical guide for secure Christmas shopping Navid 1 CONTENTS 1. Introduction 3 2. Internet risks: Threats to secure transactions 3 3. What criteria should a secure e-commerce page meet?...4 4. What security
CASE STUDY: IIS GIVES A GLOBAL BEAUTY AND FASHION COMPANY AN IT MAKE-OVER MISSION ACCOMPLISHED IIS GIVES A GLOBAL BEAUTY AND FASHION COMPANY AN IT MAKE-OVER IIS is a long-time trusted resource to one of
Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
Making business simple... Introduction 2 Contents Every business needs a Marketing Plan. This guide has been created to assist you in putting your Marketing Plan together. This guide will help you to indicate
9 01 Outlook overcast and bright: How the cloud is transforming IT for SMBs Cloud computing ranks near the top of the most floated buzz phrases in the world of IT and telecoms. While the concept has certainly
January 2012 Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document
W H I T E P A P E R IT and Software Asset Management: A Key to Reducing Costs Introduction While most businesses understand the importance of managing physical and financial assets and are experts at maximizing
10 Critical Requirements for Cloud Applications: How to Recognise Cloud Providers and Applications that Deliver Real Value 10 Critical Requirements for Cloud Applications: How to Recognise Cloud Providers
The Internet Security Alliance Securing the Supply Chain for Electronic Equipment: A Strategy and Framework by Scott Borg Background on This Project This short paper is based on sixteen months of meetings,
Bring Your Own Device and Expense Management A Telesoft Whitepaper Table of Contents About this Whitepaper... 3 Essential Elements for BYOD Policy... 4 Capabilities Needed to Manage BYOD and Expense Management...
Building The Business Case For Launching an App Store Why Telcos and ISPs are perfectly positioned to become the SaaS channel for their SMB customers This paper is intended to help ISPs and Telcos realize
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
Software as a Service (SaaS) by Saeed Akbani In today s world businesses use software to perform simple tasks such as word processing and email communication to complex tasks of designing new products,
20 TOP QUESTIONS ABOUT MICROSOFT AUDITS 1745 Broadway, 17th Floor, New York, NY 10019, USA Tel. 646 475 2103 The word audit scares many people, but if your company licenses software, you will be audited
Analysis of Survey Results 调 查 结 果 分 析 The American Chamber of Commerce in Shanghai 上 海 美 国 商 会 -2011 China business report Analysis of survey results Survey Overview This year s survey was conducted online
Whitepaper: Cloud Computing for Credit Unions A new twist on an old strategy MYCU SERVICES December 29, 2011 Authored by: Lingle, Linda Table of Contents Introduction... 2 Cloud Providers... 3 Cloud Components...
Business Software Certification Programme (23 October 2006 15 March 2007) Background Intellectual Property Department (IPD) joins hand-in-hand with Business Software Alliance (BSA) to launch the Business
Benefits and risks of cloud computing Stephen Turner Known-Quantity.com and Holy Family University ABSTRACT Cloud computing vendors maintain data away from the facilities of their customers. This is compelling
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
Call us today 1300 724 599 Managed IT Services Proactive, flexible and affordable We believe technology is at its best when it s invisible. When you can focus on the task you are achieving, not the technology
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
IT Outsourcing in the Small and Medium Businesses There is a Light at the End of the Tunnel By Ross Tisnovsky, Vice President Everest Research Institute 2006 Everest Research Institute. All Rights Reserved.
2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2015 2015 Network Security & Cyber Risk Management: The FOURTH
zoomlens January 2012 Why General Counsel should care about Software Asset Management An organization s ability to maintain compliance with its contractual obligations and manage costs depends on whether
The Corporate Counsel s Guide to Open Source Software Policy Implementation How to Protect the Enterprise from Risk while Helping Your Company More Efficiently Develop and Maintain Applications Black Duck
Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au Cyber attack is one of the biggest threats to Australian businesses, however many Chief Executive Officers (CEOs) admit a lack
New Needs, New Models: How growth and innovation are changing the way Asia Pacific organisations acquire technology Industry Insight Paper Content Executive Summary... 3 Competing in Today s Economy....
ADVANTAGES OF CLOUD AN ULTRA COMMUNICATIONS WHITEPAPER ULTRA COMMUNICATIONS CLOUD CONTACT CENTRE SOLUTIONS www.ultraasp.net +44 (0) 207 965 0207 WHAT IS A CLOUD CONTACT CENTRE? Ever since the world s first
CP3043 Social, Legal and Professional Aspects of Computing Mr Graham Brown Assessment 2 Colin Hopson 0482647 Wednesday 16 th April 2008 i Contents 1 Introduction... 1 1.1 The Bridgeway Building Society...
UBS Telecoms Enterprise Day 2014 Trends in enterprise ICT 28 March 2014 Robert Schumann 2 Contents About Analysys Mason Sizing African SME ICT markets Case studies from Developed Markets Challenges and
MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS 3 THE USE OF BUSINESS SOFTWARE AND SPORTS ARE DEFINITELY QUITE SIMILAR; IF YOU WANT TO PLAY (USE THE SOFTWARE), YOU HAVE TO ACCEPT THE RULES. THIS INCLUDES
FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans