Gaining value from software in China kpmg.com/cn

Transcription

1 INFORMATION, COMMUNICATIONS & ENTERTAINMENT Gaining value from software in China kpmg.com/cn

2

3 Contents Introduction 3 1. IT licensing and compliance in China 4 Case study China Software Alliance: Working both sides The case for genuine software: Security 12 Case study ChinaSoft: Navigating the middle ground Pricing and simplicity 16 Case study Microsoft: A wider approach to compliance Conclusion 22 Contact us 25

4 It is time to reconsider some of the assumptions associated with software and intellectual property (IP) in China.

5 Introduction Danny Le Partner and ASPAC Head IT Advisory KPMG China Ning Wright Partner in Charge Technology, Media and Telecommunication (TMT) KPMG China Among software developers, vendors and enterprise users there is an increasingly widespread understanding of the cost and value of IP. This understanding is evident in the behaviour of both government and business. The former has put forward a steady stream of policies and encouraged more effective enforcement. These include guidelines on IP protection promulgated by the State Council in The latter has set out to create and acquire valuable and profitable intellectual properties. The government s increasing support and enforcement of IP demonstrates that the recognition of IP right is not only valuable proposition for commercial enterprises but also to China as it endeavours to move up the manufacturing value chain and foster a viable high technology industry. The increasingly sophisticated approaches of software developers in China combined with constant publicity have had a visible effect on the enterprise users, which represent the largest portion of revenues. Pronouncements on the widespread lack of compliance have got developers only so far in improving the situation and boosting revenues. Other approaches are rapidly needed. One reason to support improved compliance is safety and security. Illegitimate software poses many risks to organisations. Whether through neglect, ignorance or willfulness, many organisations still ignore these risks. Another challenge to overcome is communication within an enterprise. Research shows that in many enterprises there is a communication gap between executives and IT implementers. Unless strong corporate governance frameworks are in place, this lack of communication may lead to or exacerbate compliance issues. This is a challenge that many large enterprises face and is by no means unique to the China market. A third issue is the relatively undeveloped state of software asset management (SAM) practices. SAM can help companies along the road to better compliance. Enhanced compliance through SAM can result in a reduction in total cost of ownership with more reliable performance and lower legal and corporate governance risks. The enhanced compliance practice will result in cost savings in the software s total cost of ownership, more reliable performance, and reduce the risk of legal and corporate governance compliance liabilities. Practical approaches to address these problems such as developing stronger SAM frameworks, crafting licensing programmes that are easier to understand and apply, and working to bridge the information gap between executives and implementers, are all important ways of addressing noncompliance. It is also important to tailor business approaches to the realities of the domestic market by pursuing models that allow for more flexible pricing while limiting opportunities for non-compliance, including through the use of cloud computing and software-as-a-service (SaaS). This is more advanced in China than many people realise. All these factors deserve consideration as developers and vendors generate and implement new and more effective strategies to expand legitimate customer bases and revenues in China. Gaining value from software in China 3

6 4 Gaining value from software in China IT licensing and compliance in China

7 Ongoing efforts by software developers to encourage licensing compliance among vendors and enterprise customers in China have helped to increase awareness of the value of software as intellectual property (IP). The result is that software compliance is now more common, but not yet a routine part of the IT and business information strategy for many executives. There are many reasons for the presence of unlicensed software among enterprise users in China. The most common are efforts to save money, a lack of distinction between legitimate and pirated products bundled with hardware and difficult or time-consuming procurement procedures. 1 Further common reasons include licensing agreements negotiated by different parts of a company, the deployment of demos as production software, complex licensing agreements and weak software asset management (SAM) practices. At times, enterprise management simply overlooks the issue of software compliance. Government and industry bodies are increasingly recognising this. In July 2008, Yan Xiaohong of the National Copyright Administration pointed out at a consultation meeting that IP is an increasingly important national and strategic resource and a major factor in China s further development. The requirements of heavy investment, counterbalanced by the ease with which copies can be made, makes software a particular challenge in the area of IP protection, he explained. 2 Interviews with users and vendors as well as an analysis of past studies indicate that one of the most significant hurdles yet to be overcome among enterprise users is a lack of perceived value in attaining full compliance. Many remain to be convinced that it makes financial sense to rapidly step up their compliance efforts. This perception is changing. Studies show that companies that use legitimate software actually cut costs and generate higher revenues. Also, as KPMG research shows, there are significant operational and security advantages to using legitimate products. (See The case for genuine software security on page 12.) Our research suggests many executives have yet to include software licensing into their business planning as a matter of course. An expansion strategy may require additional IT capabilities such as extra hardware or more access to servers. However, rarely do executives question whether their agreements with vendors allow for such an expansion, of the cost of giving more users access to a particular software or service, or whether they have the contractual right to install and use software acquired by a subsidiary company or an office in a different jurisdiction. Meanwhile vendors or the developer s in house sales force may be more focused on selling software than on considering the licensing implications for the end user. The resulting infringement of software licenses stems from a focus on speed, unrealistic expectations of lower costs and a lack of communication between the executives who develop strategy and the implementers on the ground. 1 The Impact of Software Piracy and License Misuse On the Channel, a White Paper by IDC, June 推 進 企 业 使 用 正 版 軟 件 專 家 組 会 議 在 京 召 開, China Software Alliance wedsite, 5 August 2008 Gaining value from software in China 5

8 6 Gaining value from software in China The importance of Software Asset Management Interestingly, an enterprise may not need to acquire more licenses to tackle compliance issues. Costs can be managed by better identifying who has access to specific software products. Knowing the actual technology needs of a specific enterprise is an important first step. SAM is a business practice designed to lower IT costs that is emerging globally but has yet to become part of corporate culture. Among Chinese enterprises, SAM is still a nascent practice. SAM needs to become an integral part of IT governance best practices which many of the Chinese enterprises, are pursuing. SAM is itself a recognised ISO best practice (ISO 19770), and can easily be adopted by an organisation in tandem with other best practices as ITIL and ISO/IEC SAM helps an enterprise determine its software assets, where they are located, how they are configured, how they are used and who uses them. SAM helps enterprises systematically track licensing agreements, updates and developments. Enterprises are still prone to loading every piece of software onto every computer. Perhaps IT simply set up desktop and laptop computers from a master disk but not every employee needs every piece of software used across an enterprise. A typical SAM model would include the mapping out of IT throughout an organisation, creating and verifying an inventory of hardware and software, creating a record of license entitlements and ensuring periodic internal audits. It could also help to determine how various enterprise functions use software and hardware, mapping out the acquisition, deployment and retirement of IT assets. 3 For organisations in China, managing these issues in a context of dramatic economic growth can be key in helping make the right decisions and the right purchases. Moving towards higher compliance Economic growth and the emergence of more sophisticated enterprises with global operations could transform China into the largest software market as licensing compliance becomes commonplace. As it is, China is already the second largest PC market in the world and accounts for 18 percent of all global shipments, according to IDC, the market research company. Hardware expenditures are growing at about double the rate of developed markets. The growth of PC market and computing users engendered the rise of a number of domestic software developers. These developers have managed to adapt to the market, with some experiencing double digit growth, by adopting various business models outside of the traditional software licensing revenue models. Large multi-national software developers, however, have not fare as well. Licensing revenue growth, the mainstream revenue model of large multi-national software developers, has trailed far behind China s economic growth and the growth of computing user population. The rapidly growing market for hardware and software services is well illustrated by Internet usage statistics. At the end of 2009, there were 384 million Internet users in China 4, the highest number in the world. Internet penetration hit 28.9 percent. This is in line with the average globally, but below many developed markets, suggesting opportunities for further growth. 3 Software Asset Management: A Key to Infrastructure Optimization a KPMG International survey, Information from the China Internet Network Information Centre.

9 Unfortunately, the rapid growth in technology users has not translated into increased revenue in software licensing. This suggests a potential gap in licensing compliance management. Increasing licensing rates among enterprise users could translate into billions of dollars in income for software developers. Even in a scenario where the number of users remains static, just generating more revenue from existing users would be a significant boon. More widespread use of SAM could go speed up this process. Four approaches that have helped boost compliance around the world have also been somewhat effective in China. These are vendor-driven legalisation programmes and negotiations with hardware suppliers; government-driven education and enforcement; technology shifts and more widespread use of SAM; and new distribution models including shipping hardware with open source software, offering free trial software bundles, the use of cloud computing and sales of software-as-a-service (SaaS). 5 All of these approaches are developing in a positive direction across China. There are many instances of domestic enterprises actively moving to improve their level of compliance. The momentum is evident in declining non-compliance rates. Developers and vendors are also finding better ways of encouraging compliance through carrot-and-stick approaches that combine education and better distribution as the carrot, with more effective enforcement as the stick. The combined impact of these developments is a significantly altered landscape for software IP as entire segments better grasp the benefits of using legitimate software, including better support, reliability, protection and post-sales service. Since 2004, software piracy in China has dropped 10 percent, according to the Business Software Alliance, a think tank that promotes software IP. 6 This success is tempered by the estimated USD 6.67 billion that software companies lost in China in 2008 alone to illegitimate or pirated products. Only in the United States were the losses to piracy larger at USD 9.14 billion. Nevertheless, the rate of compliance is rising. Zou Bian, a professor of computer programming and secretary general of the China Software Alliance, says the market as a whole is moving gradually towards more compliance. Mr. Zou believes more enterprises are willing to work with vendors to improve compliance but they may not to have the capacity to do it in one swift stroke. Another factor worth considering is the rapid emergence of truly Chinese multinationals with significant operations in markets that make IP protection a matter of law or a requirement for issuing and maintaining public listings. These companies operate in a wide range of industries and now have reputational and regulatory reasons to be fully compliant both at home and abroad. The attraction of illegitimate products Critical to rising compliance levels is customer access to legitimate products, says Mr. Zou. At the consumer level, and often at the enterprise level outside of the larger centres, counterfeit and illegal products are easier to acquire and install. A Microsoft study in June 2009 found counterfeit products are more visible during the pre-purchase and purchase phases of the vendor-buyer relationship. Genuine products take 5 08 Piracy Study by the BSA and IDC, Released May Piracy Study by the BSA and IDC, Released May 09 7 Emerging Markets Windows Assessment Qualitative Highlights by Harrison Group, June 2009 Gaining value from software in China 7

10 8 Gaining value from software in China Legislators and law enforcement play a role The Chinese government has been calling for more respect for IP for decades. In April 2008, the State Council led by Premier Wen Jiabao approved a series of proposals known as the Guidelines for the National Intellectual Property Rights Strategy, developed by the State Intellectual Property Office in tandem with other government departments. The government has also put rules in place that require all original equipment manufacturers (OEMs) to ship hardware installed with legitimate software. A new IP law passed in late 2009 has also played a positive role and incorporates many of the provisions of similar legislation in the European Union. In April 2010, Microsoft won a significant victory in Shanghai. After almost a year at trial, Microsoft won its first copyright infringement lawsuit against a Shanghai-based insurance company. It was the second significant court victory for Microsoft, following its successful prosecution of a popular pirated software distribution website. The Business Software Alliance hailed it as a milestone in the fight against software piracy. In another case in July 2007, the Intermediate People s Court of Shenzhen issued a civil penalty against a product manufacturer for pirating product lifecycle management software. Interestingly, the case was not initiated by the the company concerned, but by the local Intellectual Property Office of Shenzhen, following a license review. Municipal governments have also stepped up. In early 2009, the city of Chongqing said it would protect (IP rights) throughout China for those companies which decide to locate in the city. The city of Hangzhou had made similar commitments to step up enforcement as part of an investment deal with Microsoft. 8 The steps above are only part of the numerous policy initiatives that have emerged from various levels of government. Other examples specific to the software industry include: A joint notice ( 關 于 推 進 企 业 使 用 正 版 軟 件 工 作 的 实 施 方 案 ) from the nine ministry level agencies and the State Copyright Office promoting the installation and use of genuine software across the agencies IT infrastructure. The notice was adopted by the China Securities Regulatory Commission (CSRC), which requires domestically listed companies to disclose liabilities and potential litigation associated with the use of pirated software. A State Owned Assets Supervision and Administration Commission (SASAC) announcement and notice on encouraging better SAM and use of genuine software across the state enterprises under its supervision. A new China Banking Regulatory Commission (CBRC) guideline on information system risk management ( 银 行 业 金 融 机 构 信 息 系 统 风 险 管 理 指 引 ) which requires banks to implement policies and procedures to protect software IP rights, ensure the purchases of legitimate software and prevent the use of pirated software. In addition, the CBRC incorporated a software legalisation disclosure requirement in banks annual filings. These laws and regulations provide more comprehensive legal protection that have been backed by stronger enforcement and more predictable court decisions. The overall result is a growing list of precedent-setting cases. In 2009, courts across China issued more than 30,000 decisions on cases involving IP. 9 Many of these lawsuits are between domestic companies with some involving multinational software developers. There have been several high profile legal cases against large enterprise software piracy. These headlinegrabbing cases have demonstrated the increasing willingness of the government to prosecute software IP infringement on various fronts, not only the suppliers but also enterprise users. Increased enforcement cases and legislation are also evidence of the government s recognition of the importance of software IPR in nurturing and developing the domestic software industry. This should bode well for local software developers in encouraging the development of more enterprise level software solutions that are competitive in the international market, thereby helping software developers ramp up to a scale comparable with their multinational peers. 8 Black, Aaron; Microsoft Tries Carrot to Fight China Piracy ; Wall Street Journal, 16 May Zhang, Gary; An, Xiang; Lu, Jinhua; Zhang, Guangliang; China s IP system comes of age ; Managing Intellectual Property magazine, 2010

11 up a larger portion of consumer awareness later, when they seek updates and support. 7 The study found that most vendors sell mostly naked systems while system builders (often working with the vendors) generally use pirated software. Consumers may also perceive other benefits from using counterfeit products including simplicity (in purchase and installation), price, access to service (for example where technicians also use counterfeit products) and localisation. Scenario 1: Communication challenges in a period of growth Many Chief Information Officers (CIO), the executives most often in charge of developing the information systems that represent the backbone of most businesses, have yet to fully incorporate licensing requirements into their planning. One common scenario involves a discussion of business expansion among the top management of a company and a decision to, for example, move into new geographical areas. The obvious result is new facilities that require new computers with access to the company s servers, databases and IT infrastructure. The CIO would typically entrust IT people whether in house or outsourced to a vendor the job of installing the new hardware. One frequent occurrence is that neither the CIO nor the IT team consider whether the company has licenses for the new terminals or whether the server architecture allows for the new users. Decision-making executives may know that software comes at a cost, but this knowledge is not always transferred to the company s operations. The result is a disconnect between more widespread awareness of the value of IP and the willingness to take significant steps to ensure compliance at the enterprise level. These questions, which would fall under an effective SAM programme, are the ones that software developers seek to address and represent the next logical target in the ongoing efforts to secure more widespread compliance and higher revenues. Finding users is not the problem, but convincing those users to pay for the software on a regular basis may be. We don t need to create usage demand but we must create buying demand, explains the license compliance manager of one leading software brand in China. Gaining value from software in China 9

12 10 Gaining value from software in China The conclusion is that while genuine products are considered more stable, secure and reliable, by itself this may not be enough motivation to sway every buyer. Channel development is the most important area of focus to increase the use of genuine products. Heading in the right direction Ultimately, in China, the numbers speak for themselves. The use of pirated and illegitimate software has dropped while revenues for both domestic and multinational companies have generally increased (with the exception of 2009, when many companies were hit by the global economic downturn). Software developers are selling more licenses now than they did a decade ago in nominal terms. By this measure, they have been successful. However, in real terms, software licensing revenue trails far behind the growth rate of GDP. Growth is constrained by developers ability or willingness to constantly police, push and prod customers and severely hampered by the challenges in managing communication between executive decision makers, IT implementation actors, vendors and governments at various levels. This breakdown stalls many of the efforts to improve licensing compliance that are focused on spreading awareness or pursuing legal remedies. It means decision-makers may be aware of licensing considerations during the planning process but don t necessarily make this awareness explicit to the implementers or include this knowledge into business plans. Bridging this gap in communication is the next necessary step as software developers work to expand their presence in China.

13 China Software Alliance: Working both sides Case study Almost exclusive reliance on the local market has long forced domestic software developers to be more proactive and creative in tackling software compliance. Multinational developers may be able to emulate some of their efforts as they seek to raise compliance levels among enterprise users in China, says the China Software Alliance (CSA). The CSA, a part of the China Software Industry Association founded in 1995, comprises large domestic developers and IT players. The CSA s primary role is to help both the government and software firms raise awareness of compliance issues, fostering a healthy software industry. A secondary mission is to work with enterprise users to legitimise their software. The CSA has been helped in its efforts by two separate developments. The first is a series of progressive government initiatives that started in 2002 that have required central government departments, then provincial government departments and finally enterprises to use legitimate software. The second is a long stream of education campaigns by government, vendors and intermediaries on the need for software compliance. On any given year, the CSA will work with dozens of domestic companies to legitimise the software they use. Progress has not always been easy but domestic enterprise users are increasingly eager to be compliant, says Sun Yan, a lawyer and the CSA s secretary general. The move towards compliance has been helped along by the efforts of domestic developers to put out products better suited to the domestic market. It is this ability that multinational developers would do well to emulate, whether in their offerings, flexible pricing structure or in simpler licensing contracts. Zou Bian, a director at the CSA, says the global footprint of many multinational developers often means that they would only feel a limited impact from IP infringements in China. Domestic developers, on the other hand, may rely for their very survival on raising compliance in the local market. Nevertheless, notes Mr. Zou, cost is not an excuse to be non-compliant. Mr. Zou says there are enough alternative products that enterprises generally have the option of bypassing an expensive offering by a multinational developer in favour of a lower cost alternative developed locally. Software is a tool for manufacturing or production. It is like machinery. It helps enterprises make money and make profits, says Mr. Sun. Morally, enterprises need to pay for it. It has to be acquired in accordance to the law. Gaining value from software in China 11

14 12 Gaining value from software in China The case for genuine software: Security

15 A very compelling but little-heard argument for using legitimate software lies in the enormous potential risks to Information, Communication and Telecom (ICT) infrastructure associated with pirated or illegitimate products. Availability, lower prices, ease of acquisition and apparent effectiveness make illegitimate software attractive. 10 However, recent research by KPMG China shows illegitimate software poses very significant security risks. Software downloaded from the Internet can be particularly dangerous to ICT. The potential risks include data theft, more frequent malware attacks, extortion and unwitting information disclosure. Companies using non-genuine software are 73 percent more likely to lose confidential data and 28 percent more likely to lose customer information, according to one study. 11 More than a quarter of websites around the world that distribute pirated software also distribute malware. The BSA says there is significant evidence to link software piracy with the frequency of malware attacks. 12 KPMG China examined software from more than 100 websites that offered free downloads to determine if it included malware or presented other dangers to enterprises ICT. Our examination included some of the most commonly used enterprise and consumer software products. The findings from the KPMG examination were quite revealing. Virtually all of the pirated products tested, which includes some of the more popular operating system, database, antivirus and office software, are embedded with some kind of backdoors, viruses and malwares. Back-tracing these modifications revealed that many originated in China. Dangerous contamination Although some level of contamination was inevitable, the results were alarming. Much of the downloaded software was accompanied by Trojan horses, viruses, adware, annoying pop-ups and a variation of builtin back doors that create multiple vulnerabilities. Many of these add-ons are designed to change the security settings in the computers where the software was installed and allow the computers to be controlled remotely or download and propagate viruses. Some changes are only intended to generate commissions. The legitimate software is only altered to allow for toolbars or pop-up advertisements which, in turn, may earn the hacker revenues when they are used. Other changes are more insidious, allowing remote access, the download of information and even the enslavement of a terminal or network in a cyberattack. For hackers, the opportunity lies in achieving scale. For example, modified versions of Windows XP were downloaded more than 100 million times from a popular pirated software distribution website before the site was shut down by authorities in 2008 in the largest piracy case in the world that year. The site also included products developed by other wellknown software brands. 10 An Inconvenient Reality: The unintended consequences of non-genuine software usage, KPMG India, Impact of the use of unlicensed software in mid market companies, white paper by Harrison Group, Internet Piracy Report by the Business Software Alliance released October 2009 Gaining value from software in China 13

16 14 Gaining value from software in China The more frequent dangers include: Trojan horses: These are programs hidden inside other software that give hackers access to PCs, networks or both. One vicious example is Gray Pigeon ( Huigezi ) originally developed as a legitimate remote administration tool. Huigezi, can spread within a network. Another, MSSCKETS can spread through anetwork and secretly download files from the Internet. Adware: Adware may include pop-up ads or toolbars that may be only an annoyance for the user but generate commissions for the hacker, vendor or both. Malware for phishing: Some software includes potentially dangerous malware that may lead users to websites disguised as legitimate but are used to steal information. Viruses: Viruses are present in a wide range of downloaded software. One example is Virus.ALS.Bursted, which poses little threat itself but is able to communicate with a remote server to download other malware. This sampling of illegitimate software and the modifications described may only represent the tip of the iceberg. There is a very wide scope for illegitimate software to be downloaded, copied from grey-market vendors or acquired from distributors without a real link to the original developer to include dangerous modifications. Illegitimate software, system failures and data loss The safety concerns outlined above represent one of two potentially expensive technical dangers created by illegitimate software. The other is system failures which may result in a lower productivity and potentially expensive data losses. Companies that include SAM into their strategic planning as well as a comprehensive IT plan are less likely to use unlicensed software and more likely to benefit from the long-term cost savings of using more stable and reliable products. According to a 2008 study by The Harrison Group, companies using fully licensed software actually spent less of their revenue on IT (about 0.5 percent) compared to those using unlicensed software (0.7 percent). 13 Careful and detailed software planning, one of the key components of SAM, is an important avenue to limit IT costs and the risks associated with unlicensed software. 13 Impact of Unlicensed Software on Mid-Market Companies, White Paper for Microsoft by The Harrison Group, 2008.

17 ChinaSoft: Navigating the middle ground Case study ChinaSoft International is an IT outsourcer and software developer that creates customised enterprise solutions focused on China. ChinaSoft is listed in Hong Kong, works across the country and has many international customers. As a large and growing domestic software developer it understands the value of IP, the importance of compliance and the challenges domestic enterprises face in ensuring all their software is legitimate. As far as its own IP is concerned, ChinaSoft has fewer challenges than other software developers. The company uses its ResourceOne middleware (a piece of software that links multiple applications and services) that is specially designed for the Chinese market. With ResourceOne, ChinaSoft develops large business solutions that allow enterprises to better manage every aspect of their operations. Customers pay for a ResourceOne license but they don t actually use ResourceOne directly, and couldn t use it even if they wanted to. Even if it gets stolen, enterprises still don t have the application-level software, explains Senior Vice President Fanny Chan. Our model gives us a lot of immunity to the kinds of licensing challenges that other companies face because ResourceOne is virtually useless on its own. The company also takes internal compliance seriously. The issue is particularly important for ChinaSoft because of its size and public profile. The company does bi-annual audits, which Ms. Chan says are important to running a secure business. We purchase a lot of Microsoft products for our own use. Can we copy those products? Technically, sure we can. But of course our priority lies in supporting the business of our strategic partners, says Ms. Chan. ChinaSoft s history of growth alongside China s software development industry also give the company a unique understanding of the pressure other smaller companies face in staying on top of licensing issues. Software products sold by multinational developers are often too expensive, Ms. Chan explains. A lot of people want or need to use the software but may not be able to afford it, she says. Do software developers really understand this market? Ms. Chan suggests developers consider much lower prices and creative business models that rely on software-as-a-service (SaaS) approaches, cloud computing or to follow the success of mobile phones and sell software only to manufacturers and not directly to the consumers. Putting more emphasis on pay-byservice models might change the whole issue for the consumer, she says. Not every approach will work for every developer, but bringing more enterprise users up to full compliance will require a pragmatic approach and understanding that most enterprises actually care about being compliant. And the reality is that there has been progress. Do large enterprises want to run the risk and use illegal software? Do they really want to run that risk and put their reputation in jeopardy? Probably not, says Ms. Chan. They don t need to. They can afford legitimate software. Using illegal software is just not worth it, particularly if they are a large listed company. Gaining value from software in China 15

18 16 Gaining value from software in China Pricing and simplicity

19 Over the past decade, software developers have watched economic growth across China trigger the formation of new companies and entirely new industries. Often these developers have found it a challenge to boost their own revenues from enterprise users at the same rate. In interviews with industry executives, conducted for this report, two main sticking points regularly emerge that software companies should consider when formulating their strategy. The first, price, is already the subject of much debate. Enterprise users in China say the cost of products developed by multinational developers is typically far higher than the cost of domestically developed alternatives and illegitimate options. The relatively higher cost of legitimate software may be easier to justify if it can help support wider cost, growth and risk management strategies. The second point, one that bears more regular consideration, is the complexity of licensing agreements and a level of discomfort among enterprise users in dealing with contractual arrangements. Particularly for the more complex enterprise solutions, licensing agreements can appear dauntingly complicated. Enterprises (or at least those IT implementers who set up computers, servers and networks) can often have difficulty understanding the nuances of licensing clauses. A piece of software on a server may be licensed for 400 users but have the technical capacity for 10,000 users. Just by making a choice on a control panel, an IT technician may make a company liable for millions in licensing fees. Moreover, that technician may have no authority over budgets, procurement or the company s expansion strategy. SAM practices are a critical means of improving the situation, but they are still evolving and need to be accompanied by thorough risk management. The China Software Alliance (CSA) says many of its members believe software from multinational developers is unreasonably expensive. They say there are domestic alternatives at much lower prices, even if those alternatives lack some of the functionalities of the more branded products. Domestic enterprises cannot afford to pay what developers want, particularly if they have to pay millions just to be compliant on the software currently installed. For their part, overseas-based head offices of software developers have been often reluctant to adjust pricing structures to fit the domestic market, but it has gradually happened and in many cases today the China version of a software product is sold at a lower price than the version marketed in certain other markets. Different companies have taken different approaches, but a common theme among multinational vendors is a more concerted effort to engage and gather feedback from China-based users (see case studies). The reluctance to lower prices is understandable. China has yet to produce many examples of software developers achieving substantial and consistent revenue growth from licensing over a number or years. On the other hand, China-based Gaining value from software in China 17

20 18 Gaining value from software in China executives say it is difficult to convince users both enterprise and individual to buy products they see as too expensive. The resulting pull and push on pricing is a chicken-and-egg dilemma in which one side believes discounting prices lowers value and brand image and the other argues that lower prices will lead to higher revenues. The license compliance manager of one international software company explained to KPMG that his company has had to deal with that very dilemma. He believes China is already home to millions of users that could Scenario 2: Understanding agreements Often neither managers nor IT implementers fully understand the complexities of licensing agreements. They may not fully understand how the price of a license is affected by the number of users, the number of processors involved in a server, how the software will be used or how it is configured. The difficulty may be exacerbated by the decision-making structure in a particular company and who has the overall responsibility over budgets and procurement decisions. The IT manager may simply not have the authority to enter into a contractual agreement on behalf of the company, but may easily have the ability to alter server settings in a way that has cost implications. Another potential scenario involves a CIO outsourcing software installation to a vendor. It is not uncommon for vendors to take software that was meant as a sample or supposed to be used in a single terminal and spread installation around the company. In a number of KPMG SAM review cases, it was noted that the company IT personnel was unaware that software installed on servers required additional licenses. Worse still, a lot of the software may not be used by the company, but was initially installed by a vendor for testing purposes and never removed. Alternatively, the software was part of a packaged solution and the vendor never informed the company of additional license requirements. The liabilities for these installations are often not known to an enterprise until the software developer conducts a license review - by which time the vendor is long gone and the company is left holding the bag. be a source of globally significant revenues. However, the promise has not yet materialised as China accounts for only 3 percent of the company s worldwide revenue. Enterprises that understand their software asset needs and how these align them to their strategy are beginning to realise the benefits of compliance. However, users still have to take into account local needs when selecting software vendors. More sophisticated users may have to resolve internal considerations to strike a balance between the need for the best products and a reluctance to pay fees on an ongoing and long term basis or be stuck dealing with a single product. Enterprise users have to decide between the higher up-front costs of legitimate software and the risks of sticking with cheaper unlicensed products. In the past, the risks associated with using non-legitimate products were considered minimal, but the balance is shifting and the apparent savings are a mirage if unlicensed software actually leads to higher IT costs, more system failures, loss of productivity and the risk of serious data losses. 14 Domestic approach Domestic software companies are developing an increasingly sophisticated range of products and are very aware of the need to leverage their IP advantage to secure revenues. In some respects, they have been more flexible than their multinational counterparts in their approach to the local market and have found ways to make their products pay, even if their margins are smaller. Some companies have found ways to leverage widespread Internet use into successful revenue models. 14 Impact of Unlicensed Software on Mid-Market Companies completed by Harrison Group in 2008

21 Companies like Sogou, Kingsoft, Rising, Maxthon, Kuwo and icafe, as well as web security company 360, have all thrived in China. In June, these companies were part of a group of ten that set up an association to selfregulate online software offerings. Kingsoft, for example, saw its applications software business grow 14 percent in the first quarter of 2010 to record revenues of RMB 82.2 million. 15 A small but growing portion of that came from monthly subscriptions to the company s internet security program. In March 2010, the company launched a free internet security product called Kingsoft Defender. The company has also launched Kingsoft Internet Security 2011, China s leading cloud anti-virus software. Perhaps the most successful example of how companies can monetise cloud computing has more to do with entertainment than with business. Revenues generated by business applications often pale in comparison to revenues generated by games. Kingsoft makes more than twothirds of its annual revenue from its entertainment products. The most successful games rely on pay-as-you-go models that allow players to participate without actually buying the software. Companies like Kingsoft, Shanda and Tencent have made hundreds of millions through their game offerings. Even if the user copies the game, he or she cannot participate in the communal experience without buying credits. In 2009, amid reports of the popularity of computer games that replicate farming operations. Reports found that Happy Farm, developed by Shanghaibased developer Five Minutes to run on Tencent s platform, had some 228 million users. Brand developer FutureBrand says domestic media developers like Tencent have been able to make their offerings more relevant. 16 In its annual report for 2009, Tencent noted that the sector is poised for further growth. One particularly successful area has been Tencent s Internet Value Added Services (IVAS), including online games and online services that do not rely on licensed software downloads. In the world of pay-as-you go multiplayer online games, the basic software is free but the players pay for every minute of play. Licensing models that see pieces of software installed on servers accessible to all employees, rather than installed on every terminal, may offer a roadway to compliance that has not been fully explored. A similar method can be used in the business world, offering software services online using pay-as-yougo models. The users operate the software in a virtual cloud and the actual software is housed in company servers rather than on any user s computers. This approach of software-as-a-service (SaaS) is rapidly gaining traction. Users benefit by lowering their costs. Developers benefit by attracting more users. Research firm Gartner believes that that by end of this year, 75 percent of organisations in Asia Pacific will increase their investments in SaaS. 17 In China, about half of respondents to the survey have been using SaaS for at least four years. IT research firm Springboard Research says the market for SaaS in China will top USD 170 million before the end of this year with demand growing at 56 percent Kingsoft s financial report for the three months ending 31 March China Brand Round-Up a report by FutureBrand released March Q&A: Top 10 Things You Need to Know About SaaS in Asia/Pacific, an interview with Gartner analysts, July Software-as-a-Service in China: 2009/2010, 18 November 2009 published by Springboard Research Gaining value from software in China 19

22 20 Gaining value from software in China The most sought-after applications are for security and compliance. Other popular applications provided web conferencing services, CRM and . The last three, says Springboard, generated the majority of the revenue in China. One of the main benefits of SaaS is to eliminate large segments of the supply chain and ensure payment. Companies can charge users on a pay-as-you-go model or grant access for a specific period of time. The very nature of cloud computing allows cloud service providers (CSPs) to plan ahead. several large domestic companies are working on how to expand the use of cloud computing. Few have as yet developed this more deeply into their business model but we have no doubt that will occur over time, he explains. One of the most significant benefits for software developers is that they retain control of the software and who has access to it. Licensing becomes a null point. The users benefit from lower costs and not having to acquire, maintain and upgrade software. Edwin Fung, Partner in Charge of Information, Communications and Entertainment at KPMG China says A big picture argument There is another, little talked about, macroeconomic side benefit to using legitimate software. Every dollar spent on a legitimate product generates significant spinoffs all along the supply chain. In other words, for every dollar spent in a legitimate products, dozens of other business from small design shops to trucking companies benefit. According to the BSA, which published a study looking at the spinoffs generated by expenditures on Microsoft software around the legitimate software translates into world, every dollar spent on the higher economic growth. company s software in Asia Pacific creates USD 6.84 in revenue for According to the IDC, a research other companies that have some kind firm, a 10-point reduction in piracy in of link to that software such as the China could directly result in some retail outlet or distributor that sells 355,000 new jobs and USD 20 billion it, an IT consultant that installs it or in economic growth. 19 a contracted developer that worked on it. The Asia Pacific number is higher than the USD 5.50 in spinoff benefits generated in the US but the argument is the same. The use of 19 The Economic Benefits of Lowering PC Software Piracy a White Paper by IDC, January 2008

23 Case study Microsoft: A wider approach to compliance When Microsoft first entered China in 1992, it wanted to encourage use of its software. Nowadays, its focus has shifted slightly to encourage paid usage. The company remains a proponent of working with enterprise users to legitimise their software or, at the very least, to begin using legitimate software as a matter of corporate policy. An enterprise uses software to make its people more productive. They use genuine software to prevent bad things from happening, says Alec Cooper, general manager for China of Microsoft s Genuine Software Initiative. Mr. Cooper believes illegitimate software significantly increases risks in terms of reputation, corporate governance, malfeasance, and security. The logistics of getting illegitimate software on enterprise computers and the changing legal environment in China make the last two risk areas malfeasance and security particularly significant. Most hardware vendors in China sell their computer with opensource operating systems. System integrators, typically small companies contracted to provide that service, often replace those operating systems with versions of Windows. Just as often, they don t pay much attention to licensing requirements. In the end, the enterprise is left with possibly thousands of computers full of illegitimate software. Most executives on the business side of an enterprise may not be aware of whether the software in their computers is legitimate or not, but lack of awareness may no longer satisfy enforcers. A significant turning point was reached in Shanghai in April 2010, when the Shanghai Pudong People s Court ordered a leading insurance company to pay RMB 2.17 million (USD 320,000) in damages to Microsoft. The second significant risk is the security of an enterprise. Most illegitimate software downloaded from the Internet is tampered with in one way or another and often includes back doors that give hackers access to specific computers or entire networks. Given that the system integrators are willfully breaking the law by using products they don t have licenses for it makes little sense to trust them with the often-sensitive systems an enterprise may rely on for their operations. Mr. Cooper wonders: These system integrators are willing to break the law, so what are they not willing to do? Are enterprises willing to trust their reputation and security to them? Gaining value from software in China 21

24 22 Gaining value from software in China Conclusion

25 For many companies, China signifies a massive but not yet fully-realised customer base. New strategies that address the practical realities of enterprises, rather than the traditional lecturing on the virtues of intellectual property protection, may help to transform this potential into some significant revenues. Multinational software companies are expanding their operations and already have hundreds of millions of users, particularly for the more common enterprise solutions. The challenge now is to grow revenues at a rate that is proportional to the size of the market. Domestic software providers are also expanding, often from a smaller base but with a better understanding of the market and with offerings more suited to local needs and tastes. Domestic developers have been generally better at developing products that take away the potential for non-compliance with an emphasis on software-as-aservice (SaaS) or advertisement based offerings. For both segments, however, expanding the legitimate user base is integral to growth and continued expansion in China. A significant portion of this expansion may rely on more education, not about IP considerations or even compliance, but about business methods that create more efficient links between decision makers and implementers. This push towards a wider and deeper base of legitimate customers is picking up momentum thanks to a combination of long-standing education programmes, regulatory and legislative developments, growing security concerns and a better understanding of the importance of effective SAM. Developers and vendors may further encourage this momentum with a three-prong approach. The first prong is underscoring the safety and ultimate cost savings generated by legitimate software. Enterprise users in China are certainly aware of the security threats their companies face but do not necessarily address them. The use of illegitimate software increases the dangers to enterprises ICT infrastructure. The risks are wide-ranging, from system failures to security breaches and the potential for company computers to be used as botnets. As KPMG research found, most examples of illegitimate software are tainted in some way. At first glance, compliance may result in higher immediate costs for enterprises that have to pay higher prices for legitimate software. On closer look, however, software compliance results in significant costs savings and a much safer ICT infrastructure across an enterprise. The second prong is addressing a communication gap between strategic decision makers and more hands-on IT implementers. It is not uncommon to find Chief Information Officers issuing directives that require an expansion of software use, without addressing the need for licenses or licenses with wider scope with the implementers. It is often there that communication breaks down. Chief Information Officers might be aware of licensing issues, but not make this awareness explicit in the execution plans. More stringent corporate governance across a wide range of industries is helping. The ongoing foreign expansion of thousands of medium and large Gaining value from software in China 23

26 24 Gaining value from software in China Chinese enterprises should also help, especially as companies expand into regions where compliance is a listing requirement (as in Hong Kong) or where liabilities for non-compliance are much higher (as in the US or Europe). The communication gap and associated risks can be mitigated by improving the SAM competency which, at its core, is designed to bring transparency and visibility to the enterprise s software usage and requirements. The third prong is a promoting better software asset management (SAM) practice among enterprises. While many enterprises, particularly those of large state-owned entities, have already pursuit or implemented rigorous world class IT governance practices, the focus has been mostly on improving IT infrastructure processes, system security and development and hardware. Software has received lesser focus despite its increasing share of the IT budget, the pervasive use across the organization, and increasing legal liabilities. However, according to a KPMG study, a better SAM practice significantly increases the transparency into organizations software usage and enable IT management in controlling such deployment to where it is needed. It is therefore an integral part of the organization s IT governance pursuit of improving processes and controls, operational efficiencies, cost effectiveness and reduction of potential legal liabilities. Likewise, software vendor should strive for a better understanding of domestic needs and tailoring products and licenses to better meet those needs. This does not necessarily mean developing new products or product lines, but finding ways to simplify existing offerings to match the level of sophistication among existing enterprise users. More straightforward offerings could help in getting more users to step up their compliance. Enterprise users say licensing agreements can be too complicated, while IT implementers may not be aware of how decisions on server access or expansion of terminals affect licensing requirements. More targeted education in this area may go a long way towards boosting compliance. The original cost, likely small in relation to an enterprise s overall spending, is more than offset by savings as a result of improved performance, higher efficiency and less downtime due to technical failures. The very significant improvements in terms of enterprise security and the elimination of legal and corporate governance liabilities are other significant benefits. To date, these benefits have not become an important part of enterprises decision-making process. Enterprises that quickly grasp these benefits and eliminate the risks are likely to have a significant advantage. Software compliance is already a legal and a governance requirement in China and enforcement is rising. China is striving to reach a level of compliance that puts it among the global leaders in this area. Educating vendors and enterprises on the practical governance, legal and security challenges associated with illegitimate software may speed up the development of a wider legitimate user base, build user loyalty and generate higher revenues in China.

27 Contact us Advisory Danny Le Partner, IT Advisory Beijing Tel: +86 (10) Henry Shek Partner, IT Advisory Hong Kong Tel: Reynold Liu Partner, IT Advisory Shanghai Tel: +86 (21) Technology, Media and Telecommunication (TMT) Ning Wright Partner in Charge, Technology, Media and Telecommunication (TMT), KPMG China Tel: +86 (21) Peter Kan TMT Partner Northern China Tel: +86 (10) Li Fern Woo TMT Partner Eastern and Western China Tel: +86 (21) Wing Fong TMT Partner Southern China Tel: +86 (755) Egidio Zarrella TMT Partner Hong Kong and Southern China Tel: Gaining value from software in China 25

28 Beijing 8th Floor, Tower E2, Oriental Plaza 1 East Chang An Avenue Beijing , China Tel : +86 (10) Fax : +86 (10) Shanghai 50th Floor, Plaza Nanjing West Road Shanghai , China Tel : +86 (21) Fax : +86 (21) Shenyang 27th Floor, Tower E, Fortune Plaza 59 Beizhan Road Shenyang , China Tel : +86 (24) Fax : +86 (24) Nanjing 46th Floor, Zhujiang No.1 Plaza 1 Zhujiang Road Nanjing , China Tel : +86 (25) Fax : +86 (25) Hangzhou 8th Floor, West Tower, Julong Building 9 Hangda Road Hangzhou , China Tel : +86 (571) Fax : +86 (571) Fuzhou 25th Floor, Fujian BOC Building 136 Wu Si Road Fuzhou , China Tel : +86 (591) Fax : +86 (591) Xiamen 12th Floor, International Plaza 8 Lujiang Road Xiamen , China Tel : +86 (592) Fax : +86 (592) Qingdao 4th Floor, Inter Royal Building 15 Donghai West Road Qingdao , China Tel : +86 (532) Fax : +86 (532) Guangzhou 38th Floor, Teem Tower 208 Tianhe Road Guangzhou , China Tel : +86 (20) Fax : +86 (20) Shenzhen 9th Floor, China Resources Building 5001 Shennan East Road Shenzhen , China Tel : +86 (755) Fax : +86 (755) Chengdu 18th Floor, Tower 1, Plaza Central 8 Shuncheng Avenue Chengdu , China Tel : +86 (28) Fax : +86 (28) Hong Kong 8th Floor, Prince s Building 10 Chater Road Central, Hong Kong Tel : Fax : Macau 24th Floor, B&C, Bank of China Building Avenida Doutor Mario Soares Macau Tel : Fax : kpmg.com/cn The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation KPMG, a Hong Kong partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in Hong Kong. KPMG and the KPMG logo are registered trademarks of KPMG International Cooperative ( KPMG International ), a Swiss entity. Publication number: HK-ICE Publication date: November 2010