Gaining value from software in China

Size: px
Start display at page:

Download "Gaining value from software in China"


1 INFORMATION, COMMUNICATIONS & ENTERTAINMENT Gaining value from software in China


3 Contents Introduction 3 1. IT licensing and compliance in China 4 Case study China Software Alliance: Working both sides The case for genuine software: Security 12 Case study ChinaSoft: Navigating the middle ground Pricing and simplicity 16 Case study Microsoft: A wider approach to compliance Conclusion 22 Contact us 25

4 It is time to reconsider some of the assumptions associated with software and intellectual property (IP) in China.

5 Introduction Danny Le Partner and ASPAC Head IT Advisory KPMG China Ning Wright Partner in Charge Technology, Media and Telecommunication (TMT) KPMG China Among software developers, vendors and enterprise users there is an increasingly widespread understanding of the cost and value of IP. This understanding is evident in the behaviour of both government and business. The former has put forward a steady stream of policies and encouraged more effective enforcement. These include guidelines on IP protection promulgated by the State Council in The latter has set out to create and acquire valuable and profitable intellectual properties. The government s increasing support and enforcement of IP demonstrates that the recognition of IP right is not only valuable proposition for commercial enterprises but also to China as it endeavours to move up the manufacturing value chain and foster a viable high technology industry. The increasingly sophisticated approaches of software developers in China combined with constant publicity have had a visible effect on the enterprise users, which represent the largest portion of revenues. Pronouncements on the widespread lack of compliance have got developers only so far in improving the situation and boosting revenues. Other approaches are rapidly needed. One reason to support improved compliance is safety and security. Illegitimate software poses many risks to organisations. Whether through neglect, ignorance or willfulness, many organisations still ignore these risks. Another challenge to overcome is communication within an enterprise. Research shows that in many enterprises there is a communication gap between executives and IT implementers. Unless strong corporate governance frameworks are in place, this lack of communication may lead to or exacerbate compliance issues. This is a challenge that many large enterprises face and is by no means unique to the China market. A third issue is the relatively undeveloped state of software asset management (SAM) practices. SAM can help companies along the road to better compliance. Enhanced compliance through SAM can result in a reduction in total cost of ownership with more reliable performance and lower legal and corporate governance risks. The enhanced compliance practice will result in cost savings in the software s total cost of ownership, more reliable performance, and reduce the risk of legal and corporate governance compliance liabilities. Practical approaches to address these problems such as developing stronger SAM frameworks, crafting licensing programmes that are easier to understand and apply, and working to bridge the information gap between executives and implementers, are all important ways of addressing noncompliance. It is also important to tailor business approaches to the realities of the domestic market by pursuing models that allow for more flexible pricing while limiting opportunities for non-compliance, including through the use of cloud computing and software-as-a-service (SaaS). This is more advanced in China than many people realise. All these factors deserve consideration as developers and vendors generate and implement new and more effective strategies to expand legitimate customer bases and revenues in China. Gaining value from software in China 3

6 4 Gaining value from software in China IT licensing and compliance in China

7 Ongoing efforts by software developers to encourage licensing compliance among vendors and enterprise customers in China have helped to increase awareness of the value of software as intellectual property (IP). The result is that software compliance is now more common, but not yet a routine part of the IT and business information strategy for many executives. There are many reasons for the presence of unlicensed software among enterprise users in China. The most common are efforts to save money, a lack of distinction between legitimate and pirated products bundled with hardware and difficult or time-consuming procurement procedures. 1 Further common reasons include licensing agreements negotiated by different parts of a company, the deployment of demos as production software, complex licensing agreements and weak software asset management (SAM) practices. At times, enterprise management simply overlooks the issue of software compliance. Government and industry bodies are increasingly recognising this. In July 2008, Yan Xiaohong of the National Copyright Administration pointed out at a consultation meeting that IP is an increasingly important national and strategic resource and a major factor in China s further development. The requirements of heavy investment, counterbalanced by the ease with which copies can be made, makes software a particular challenge in the area of IP protection, he explained. 2 Interviews with users and vendors as well as an analysis of past studies indicate that one of the most significant hurdles yet to be overcome among enterprise users is a lack of perceived value in attaining full compliance. Many remain to be convinced that it makes financial sense to rapidly step up their compliance efforts. This perception is changing. Studies show that companies that use legitimate software actually cut costs and generate higher revenues. Also, as KPMG research shows, there are significant operational and security advantages to using legitimate products. (See The case for genuine software security on page 12.) Our research suggests many executives have yet to include software licensing into their business planning as a matter of course. An expansion strategy may require additional IT capabilities such as extra hardware or more access to servers. However, rarely do executives question whether their agreements with vendors allow for such an expansion, of the cost of giving more users access to a particular software or service, or whether they have the contractual right to install and use software acquired by a subsidiary company or an office in a different jurisdiction. Meanwhile vendors or the developer s in house sales force may be more focused on selling software than on considering the licensing implications for the end user. The resulting infringement of software licenses stems from a focus on speed, unrealistic expectations of lower costs and a lack of communication between the executives who develop strategy and the implementers on the ground. 1 The Impact of Software Piracy and License Misuse On the Channel, a White Paper by IDC, June 推 進 企 业 使 用 正 版 軟 件 專 家 組 会 議 在 京 召 開, China Software Alliance wedsite, 5 August 2008 Gaining value from software in China 5

8 6 Gaining value from software in China The importance of Software Asset Management Interestingly, an enterprise may not need to acquire more licenses to tackle compliance issues. Costs can be managed by better identifying who has access to specific software products. Knowing the actual technology needs of a specific enterprise is an important first step. SAM is a business practice designed to lower IT costs that is emerging globally but has yet to become part of corporate culture. Among Chinese enterprises, SAM is still a nascent practice. SAM needs to become an integral part of IT governance best practices which many of the Chinese enterprises, are pursuing. SAM is itself a recognised ISO best practice (ISO 19770), and can easily be adopted by an organisation in tandem with other best practices as ITIL and ISO/IEC SAM helps an enterprise determine its software assets, where they are located, how they are configured, how they are used and who uses them. SAM helps enterprises systematically track licensing agreements, updates and developments. Enterprises are still prone to loading every piece of software onto every computer. Perhaps IT simply set up desktop and laptop computers from a master disk but not every employee needs every piece of software used across an enterprise. A typical SAM model would include the mapping out of IT throughout an organisation, creating and verifying an inventory of hardware and software, creating a record of license entitlements and ensuring periodic internal audits. It could also help to determine how various enterprise functions use software and hardware, mapping out the acquisition, deployment and retirement of IT assets. 3 For organisations in China, managing these issues in a context of dramatic economic growth can be key in helping make the right decisions and the right purchases. Moving towards higher compliance Economic growth and the emergence of more sophisticated enterprises with global operations could transform China into the largest software market as licensing compliance becomes commonplace. As it is, China is already the second largest PC market in the world and accounts for 18 percent of all global shipments, according to IDC, the market research company. Hardware expenditures are growing at about double the rate of developed markets. The growth of PC market and computing users engendered the rise of a number of domestic software developers. These developers have managed to adapt to the market, with some experiencing double digit growth, by adopting various business models outside of the traditional software licensing revenue models. Large multi-national software developers, however, have not fare as well. Licensing revenue growth, the mainstream revenue model of large multi-national software developers, has trailed far behind China s economic growth and the growth of computing user population. The rapidly growing market for hardware and software services is well illustrated by Internet usage statistics. At the end of 2009, there were 384 million Internet users in China 4, the highest number in the world. Internet penetration hit 28.9 percent. This is in line with the average globally, but below many developed markets, suggesting opportunities for further growth. 3 Software Asset Management: A Key to Infrastructure Optimization a KPMG International survey, Information from the China Internet Network Information Centre.

9 Unfortunately, the rapid growth in technology users has not translated into increased revenue in software licensing. This suggests a potential gap in licensing compliance management. Increasing licensing rates among enterprise users could translate into billions of dollars in income for software developers. Even in a scenario where the number of users remains static, just generating more revenue from existing users would be a significant boon. More widespread use of SAM could go speed up this process. Four approaches that have helped boost compliance around the world have also been somewhat effective in China. These are vendor-driven legalisation programmes and negotiations with hardware suppliers; government-driven education and enforcement; technology shifts and more widespread use of SAM; and new distribution models including shipping hardware with open source software, offering free trial software bundles, the use of cloud computing and sales of software-as-a-service (SaaS). 5 All of these approaches are developing in a positive direction across China. There are many instances of domestic enterprises actively moving to improve their level of compliance. The momentum is evident in declining non-compliance rates. Developers and vendors are also finding better ways of encouraging compliance through carrot-and-stick approaches that combine education and better distribution as the carrot, with more effective enforcement as the stick. The combined impact of these developments is a significantly altered landscape for software IP as entire segments better grasp the benefits of using legitimate software, including better support, reliability, protection and post-sales service. Since 2004, software piracy in China has dropped 10 percent, according to the Business Software Alliance, a think tank that promotes software IP. 6 This success is tempered by the estimated USD 6.67 billion that software companies lost in China in 2008 alone to illegitimate or pirated products. Only in the United States were the losses to piracy larger at USD 9.14 billion. Nevertheless, the rate of compliance is rising. Zou Bian, a professor of computer programming and secretary general of the China Software Alliance, says the market as a whole is moving gradually towards more compliance. Mr. Zou believes more enterprises are willing to work with vendors to improve compliance but they may not to have the capacity to do it in one swift stroke. Another factor worth considering is the rapid emergence of truly Chinese multinationals with significant operations in markets that make IP protection a matter of law or a requirement for issuing and maintaining public listings. These companies operate in a wide range of industries and now have reputational and regulatory reasons to be fully compliant both at home and abroad. The attraction of illegitimate products Critical to rising compliance levels is customer access to legitimate products, says Mr. Zou. At the consumer level, and often at the enterprise level outside of the larger centres, counterfeit and illegal products are easier to acquire and install. A Microsoft study in June 2009 found counterfeit products are more visible during the pre-purchase and purchase phases of the vendor-buyer relationship. Genuine products take 5 08 Piracy Study by the BSA and IDC, Released May Piracy Study by the BSA and IDC, Released May 09 7 Emerging Markets Windows Assessment Qualitative Highlights by Harrison Group, June 2009 Gaining value from software in China 7

10 8 Gaining value from software in China Legislators and law enforcement play a role The Chinese government has been calling for more respect for IP for decades. In April 2008, the State Council led by Premier Wen Jiabao approved a series of proposals known as the Guidelines for the National Intellectual Property Rights Strategy, developed by the State Intellectual Property Office in tandem with other government departments. The government has also put rules in place that require all original equipment manufacturers (OEMs) to ship hardware installed with legitimate software. A new IP law passed in late 2009 has also played a positive role and incorporates many of the provisions of similar legislation in the European Union. In April 2010, Microsoft won a significant victory in Shanghai. After almost a year at trial, Microsoft won its first copyright infringement lawsuit against a Shanghai-based insurance company. It was the second significant court victory for Microsoft, following its successful prosecution of a popular pirated software distribution website. The Business Software Alliance hailed it as a milestone in the fight against software piracy. In another case in July 2007, the Intermediate People s Court of Shenzhen issued a civil penalty against a product manufacturer for pirating product lifecycle management software. Interestingly, the case was not initiated by the the company concerned, but by the local Intellectual Property Office of Shenzhen, following a license review. Municipal governments have also stepped up. In early 2009, the city of Chongqing said it would protect (IP rights) throughout China for those companies which decide to locate in the city. The city of Hangzhou had made similar commitments to step up enforcement as part of an investment deal with Microsoft. 8 The steps above are only part of the numerous policy initiatives that have emerged from various levels of government. Other examples specific to the software industry include: A joint notice ( 關 于 推 進 企 业 使 用 正 版 軟 件 工 作 的 实 施 方 案 ) from the nine ministry level agencies and the State Copyright Office promoting the installation and use of genuine software across the agencies IT infrastructure. The notice was adopted by the China Securities Regulatory Commission (CSRC), which requires domestically listed companies to disclose liabilities and potential litigation associated with the use of pirated software. A State Owned Assets Supervision and Administration Commission (SASAC) announcement and notice on encouraging better SAM and use of genuine software across the state enterprises under its supervision. A new China Banking Regulatory Commission (CBRC) guideline on information system risk management ( 银 行 业 金 融 机 构 信 息 系 统 风 险 管 理 指 引 ) which requires banks to implement policies and procedures to protect software IP rights, ensure the purchases of legitimate software and prevent the use of pirated software. In addition, the CBRC incorporated a software legalisation disclosure requirement in banks annual filings. These laws and regulations provide more comprehensive legal protection that have been backed by stronger enforcement and more predictable court decisions. The overall result is a growing list of precedent-setting cases. In 2009, courts across China issued more than 30,000 decisions on cases involving IP. 9 Many of these lawsuits are between domestic companies with some involving multinational software developers. There have been several high profile legal cases against large enterprise software piracy. These headlinegrabbing cases have demonstrated the increasing willingness of the government to prosecute software IP infringement on various fronts, not only the suppliers but also enterprise users. Increased enforcement cases and legislation are also evidence of the government s recognition of the importance of software IPR in nurturing and developing the domestic software industry. This should bode well for local software developers in encouraging the development of more enterprise level software solutions that are competitive in the international market, thereby helping software developers ramp up to a scale comparable with their multinational peers. 8 Black, Aaron; Microsoft Tries Carrot to Fight China Piracy ; Wall Street Journal, 16 May Zhang, Gary; An, Xiang; Lu, Jinhua; Zhang, Guangliang; China s IP system comes of age ; Managing Intellectual Property magazine, 2010

11 up a larger portion of consumer awareness later, when they seek updates and support. 7 The study found that most vendors sell mostly naked systems while system builders (often working with the vendors) generally use pirated software. Consumers may also perceive other benefits from using counterfeit products including simplicity (in purchase and installation), price, access to service (for example where technicians also use counterfeit products) and localisation. Scenario 1: Communication challenges in a period of growth Many Chief Information Officers (CIO), the executives most often in charge of developing the information systems that represent the backbone of most businesses, have yet to fully incorporate licensing requirements into their planning. One common scenario involves a discussion of business expansion among the top management of a company and a decision to, for example, move into new geographical areas. The obvious result is new facilities that require new computers with access to the company s servers, databases and IT infrastructure. The CIO would typically entrust IT people whether in house or outsourced to a vendor the job of installing the new hardware. One frequent occurrence is that neither the CIO nor the IT team consider whether the company has licenses for the new terminals or whether the server architecture allows for the new users. Decision-making executives may know that software comes at a cost, but this knowledge is not always transferred to the company s operations. The result is a disconnect between more widespread awareness of the value of IP and the willingness to take significant steps to ensure compliance at the enterprise level. These questions, which would fall under an effective SAM programme, are the ones that software developers seek to address and represent the next logical target in the ongoing efforts to secure more widespread compliance and higher revenues. Finding users is not the problem, but convincing those users to pay for the software on a regular basis may be. We don t need to create usage demand but we must create buying demand, explains the license compliance manager of one leading software brand in China. Gaining value from software in China 9

12 10 Gaining value from software in China The conclusion is that while genuine products are considered more stable, secure and reliable, by itself this may not be enough motivation to sway every buyer. Channel development is the most important area of focus to increase the use of genuine products. Heading in the right direction Ultimately, in China, the numbers speak for themselves. The use of pirated and illegitimate software has dropped while revenues for both domestic and multinational companies have generally increased (with the exception of 2009, when many companies were hit by the global economic downturn). Software developers are selling more licenses now than they did a decade ago in nominal terms. By this measure, they have been successful. However, in real terms, software licensing revenue trails far behind the growth rate of GDP. Growth is constrained by developers ability or willingness to constantly police, push and prod customers and severely hampered by the challenges in managing communication between executive decision makers, IT implementation actors, vendors and governments at various levels. This breakdown stalls many of the efforts to improve licensing compliance that are focused on spreading awareness or pursuing legal remedies. It means decision-makers may be aware of licensing considerations during the planning process but don t necessarily make this awareness explicit to the implementers or include this knowledge into business plans. Bridging this gap in communication is the next necessary step as software developers work to expand their presence in China.

13 China Software Alliance: Working both sides Case study Almost exclusive reliance on the local market has long forced domestic software developers to be more proactive and creative in tackling software compliance. Multinational developers may be able to emulate some of their efforts as they seek to raise compliance levels among enterprise users in China, says the China Software Alliance (CSA). The CSA, a part of the China Software Industry Association founded in 1995, comprises large domestic developers and IT players. The CSA s primary role is to help both the government and software firms raise awareness of compliance issues, fostering a healthy software industry. A secondary mission is to work with enterprise users to legitimise their software. The CSA has been helped in its efforts by two separate developments. The first is a series of progressive government initiatives that started in 2002 that have required central government departments, then provincial government departments and finally enterprises to use legitimate software. The second is a long stream of education campaigns by government, vendors and intermediaries on the need for software compliance. On any given year, the CSA will work with dozens of domestic companies to legitimise the software they use. Progress has not always been easy but domestic enterprise users are increasingly eager to be compliant, says Sun Yan, a lawyer and the CSA s secretary general. The move towards compliance has been helped along by the efforts of domestic developers to put out products better suited to the domestic market. It is this ability that multinational developers would do well to emulate, whether in their offerings, flexible pricing structure or in simpler licensing contracts. Zou Bian, a director at the CSA, says the global footprint of many multinational developers often means that they would only feel a limited impact from IP infringements in China. Domestic developers, on the other hand, may rely for their very survival on raising compliance in the local market. Nevertheless, notes Mr. Zou, cost is not an excuse to be non-compliant. Mr. Zou says there are enough alternative products that enterprises generally have the option of bypassing an expensive offering by a multinational developer in favour of a lower cost alternative developed locally. Software is a tool for manufacturing or production. It is like machinery. It helps enterprises make money and make profits, says Mr. Sun. Morally, enterprises need to pay for it. It has to be acquired in accordance to the law. Gaining value from software in China 11

14 12 Gaining value from software in China The case for genuine software: Security

15 A very compelling but little-heard argument for using legitimate software lies in the enormous potential risks to Information, Communication and Telecom (ICT) infrastructure associated with pirated or illegitimate products. Availability, lower prices, ease of acquisition and apparent effectiveness make illegitimate software attractive. 10 However, recent research by KPMG China shows illegitimate software poses very significant security risks. Software downloaded from the Internet can be particularly dangerous to ICT. The potential risks include data theft, more frequent malware attacks, extortion and unwitting information disclosure. Companies using non-genuine software are 73 percent more likely to lose confidential data and 28 percent more likely to lose customer information, according to one study. 11 More than a quarter of websites around the world that distribute pirated software also distribute malware. The BSA says there is significant evidence to link software piracy with the frequency of malware attacks. 12 KPMG China examined software from more than 100 websites that offered free downloads to determine if it included malware or presented other dangers to enterprises ICT. Our examination included some of the most commonly used enterprise and consumer software products. The findings from the KPMG examination were quite revealing. Virtually all of the pirated products tested, which includes some of the more popular operating system, database, antivirus and office software, are embedded with some kind of backdoors, viruses and malwares. Back-tracing these modifications revealed that many originated in China. Dangerous contamination Although some level of contamination was inevitable, the results were alarming. Much of the downloaded software was accompanied by Trojan horses, viruses, adware, annoying pop-ups and a variation of builtin back doors that create multiple vulnerabilities. Many of these add-ons are designed to change the security settings in the computers where the software was installed and allow the computers to be controlled remotely or download and propagate viruses. Some changes are only intended to generate commissions. The legitimate software is only altered to allow for toolbars or pop-up advertisements which, in turn, may earn the hacker revenues when they are used. Other changes are more insidious, allowing remote access, the download of information and even the enslavement of a terminal or network in a cyberattack. For hackers, the opportunity lies in achieving scale. For example, modified versions of Windows XP were downloaded more than 100 million times from a popular pirated software distribution website before the site was shut down by authorities in 2008 in the largest piracy case in the world that year. The site also included products developed by other wellknown software brands. 10 An Inconvenient Reality: The unintended consequences of non-genuine software usage, KPMG India, Impact of the use of unlicensed software in mid market companies, white paper by Harrison Group, Internet Piracy Report by the Business Software Alliance released October 2009 Gaining value from software in China 13

16 14 Gaining value from software in China The more frequent dangers include: Trojan horses: These are programs hidden inside other software that give hackers access to PCs, networks or both. One vicious example is Gray Pigeon ( Huigezi ) originally developed as a legitimate remote administration tool. Huigezi, can spread within a network. Another, MSSCKETS can spread through anetwork and secretly download files from the Internet. Adware: Adware may include pop-up ads or toolbars that may be only an annoyance for the user but generate commissions for the hacker, vendor or both. Malware for phishing: Some software includes potentially dangerous malware that may lead users to websites disguised as legitimate but are used to steal information. Viruses: Viruses are present in a wide range of downloaded software. One example is Virus.ALS.Bursted, which poses little threat itself but is able to communicate with a remote server to download other malware. This sampling of illegitimate software and the modifications described may only represent the tip of the iceberg. There is a very wide scope for illegitimate software to be downloaded, copied from grey-market vendors or acquired from distributors without a real link to the original developer to include dangerous modifications. Illegitimate software, system failures and data loss The safety concerns outlined above represent one of two potentially expensive technical dangers created by illegitimate software. The other is system failures which may result in a lower productivity and potentially expensive data losses. Companies that include SAM into their strategic planning as well as a comprehensive IT plan are less likely to use unlicensed software and more likely to benefit from the long-term cost savings of using more stable and reliable products. According to a 2008 study by The Harrison Group, companies using fully licensed software actually spent less of their revenue on IT (about 0.5 percent) compared to those using unlicensed software (0.7 percent). 13 Careful and detailed software planning, one of the key components of SAM, is an important avenue to limit IT costs and the risks associated with unlicensed software. 13 Impact of Unlicensed Software on Mid-Market Companies, White Paper for Microsoft by The Harrison Group, 2008.

17 ChinaSoft: Navigating the middle ground Case study ChinaSoft International is an IT outsourcer and software developer that creates customised enterprise solutions focused on China. ChinaSoft is listed in Hong Kong, works across the country and has many international customers. As a large and growing domestic software developer it understands the value of IP, the importance of compliance and the challenges domestic enterprises face in ensuring all their software is legitimate. As far as its own IP is concerned, ChinaSoft has fewer challenges than other software developers. The company uses its ResourceOne middleware (a piece of software that links multiple applications and services) that is specially designed for the Chinese market. With ResourceOne, ChinaSoft develops large business solutions that allow enterprises to better manage every aspect of their operations. Customers pay for a ResourceOne license but they don t actually use ResourceOne directly, and couldn t use it even if they wanted to. Even if it gets stolen, enterprises still don t have the application-level software, explains Senior Vice President Fanny Chan. Our model gives us a lot of immunity to the kinds of licensing challenges that other companies face because ResourceOne is virtually useless on its own. The company also takes internal compliance seriously. The issue is particularly important for ChinaSoft because of its size and public profile. The company does bi-annual audits, which Ms. Chan says are important to running a secure business. We purchase a lot of Microsoft products for our own use. Can we copy those products? Technically, sure we can. But of course our priority lies in supporting the business of our strategic partners, says Ms. Chan. ChinaSoft s history of growth alongside China s software development industry also give the company a unique understanding of the pressure other smaller companies face in staying on top of licensing issues. Software products sold by multinational developers are often too expensive, Ms. Chan explains. A lot of people want or need to use the software but may not be able to afford it, she says. Do software developers really understand this market? Ms. Chan suggests developers consider much lower prices and creative business models that rely on software-as-a-service (SaaS) approaches, cloud computing or to follow the success of mobile phones and sell software only to manufacturers and not directly to the consumers. Putting more emphasis on pay-byservice models might change the whole issue for the consumer, she says. Not every approach will work for every developer, but bringing more enterprise users up to full compliance will require a pragmatic approach and understanding that most enterprises actually care about being compliant. And the reality is that there has been progress. Do large enterprises want to run the risk and use illegal software? Do they really want to run that risk and put their reputation in jeopardy? Probably not, says Ms. Chan. They don t need to. They can afford legitimate software. Using illegal software is just not worth it, particularly if they are a large listed company. Gaining value from software in China 15

18 16 Gaining value from software in China Pricing and simplicity

19 Over the past decade, software developers have watched economic growth across China trigger the formation of new companies and entirely new industries. Often these developers have found it a challenge to boost their own revenues from enterprise users at the same rate. In interviews with industry executives, conducted for this report, two main sticking points regularly emerge that software companies should consider when formulating their strategy. The first, price, is already the subject of much debate. Enterprise users in China say the cost of products developed by multinational developers is typically far higher than the cost of domestically developed alternatives and illegitimate options. The relatively higher cost of legitimate software may be easier to justify if it can help support wider cost, growth and risk management strategies. The second point, one that bears more regular consideration, is the complexity of licensing agreements and a level of discomfort among enterprise users in dealing with contractual arrangements. Particularly for the more complex enterprise solutions, licensing agreements can appear dauntingly complicated. Enterprises (or at least those IT implementers who set up computers, servers and networks) can often have difficulty understanding the nuances of licensing clauses. A piece of software on a server may be licensed for 400 users but have the technical capacity for 10,000 users. Just by making a choice on a control panel, an IT technician may make a company liable for millions in licensing fees. Moreover, that technician may have no authority over budgets, procurement or the company s expansion strategy. SAM practices are a critical means of improving the situation, but they are still evolving and need to be accompanied by thorough risk management. The China Software Alliance (CSA) says many of its members believe software from multinational developers is unreasonably expensive. They say there are domestic alternatives at much lower prices, even if those alternatives lack some of the functionalities of the more branded products. Domestic enterprises cannot afford to pay what developers want, particularly if they have to pay millions just to be compliant on the software currently installed. For their part, overseas-based head offices of software developers have been often reluctant to adjust pricing structures to fit the domestic market, but it has gradually happened and in many cases today the China version of a software product is sold at a lower price than the version marketed in certain other markets. Different companies have taken different approaches, but a common theme among multinational vendors is a more concerted effort to engage and gather feedback from China-based users (see case studies). The reluctance to lower prices is understandable. China has yet to produce many examples of software developers achieving substantial and consistent revenue growth from licensing over a number or years. On the other hand, China-based Gaining value from software in China 17

20 18 Gaining value from software in China executives say it is difficult to convince users both enterprise and individual to buy products they see as too expensive. The resulting pull and push on pricing is a chicken-and-egg dilemma in which one side believes discounting prices lowers value and brand image and the other argues that lower prices will lead to higher revenues. The license compliance manager of one international software company explained to KPMG that his company has had to deal with that very dilemma. He believes China is already home to millions of users that could Scenario 2: Understanding agreements Often neither managers nor IT implementers fully understand the complexities of licensing agreements. They may not fully understand how the price of a license is affected by the number of users, the number of processors involved in a server, how the software will be used or how it is configured. The difficulty may be exacerbated by the decision-making structure in a particular company and who has the overall responsibility over budgets and procurement decisions. The IT manager may simply not have the authority to enter into a contractual agreement on behalf of the company, but may easily have the ability to alter server settings in a way that has cost implications. Another potential scenario involves a CIO outsourcing software installation to a vendor. It is not uncommon for vendors to take software that was meant as a sample or supposed to be used in a single terminal and spread installation around the company. In a number of KPMG SAM review cases, it was noted that the company IT personnel was unaware that software installed on servers required additional licenses. Worse still, a lot of the software may not be used by the company, but was initially installed by a vendor for testing purposes and never removed. Alternatively, the software was part of a packaged solution and the vendor never informed the company of additional license requirements. The liabilities for these installations are often not known to an enterprise until the software developer conducts a license review - by which time the vendor is long gone and the company is left holding the bag. be a source of globally significant revenues. However, the promise has not yet materialised as China accounts for only 3 percent of the company s worldwide revenue. Enterprises that understand their software asset needs and how these align them to their strategy are beginning to realise the benefits of compliance. However, users still have to take into account local needs when selecting software vendors. More sophisticated users may have to resolve internal considerations to strike a balance between the need for the best products and a reluctance to pay fees on an ongoing and long term basis or be stuck dealing with a single product. Enterprise users have to decide between the higher up-front costs of legitimate software and the risks of sticking with cheaper unlicensed products. In the past, the risks associated with using non-legitimate products were considered minimal, but the balance is shifting and the apparent savings are a mirage if unlicensed software actually leads to higher IT costs, more system failures, loss of productivity and the risk of serious data losses. 14 Domestic approach Domestic software companies are developing an increasingly sophisticated range of products and are very aware of the need to leverage their IP advantage to secure revenues. In some respects, they have been more flexible than their multinational counterparts in their approach to the local market and have found ways to make their products pay, even if their margins are smaller. Some companies have found ways to leverage widespread Internet use into successful revenue models. 14 Impact of Unlicensed Software on Mid-Market Companies completed by Harrison Group in 2008

The cloud takes shape

The cloud takes shape The cloud takes shape Global cloud survey: the implementation challenge KPMG International Contents Foreword What you should take from this report 3 14 Taking a sober look at security: Comfort

More information


BELGIAN CYBER SECURITY GUIDE PROTECT YOUR INFORMATION BELGIAN CYBER SECURITY GUIDE PROTECT YOUR INFORMATION This Guide and the accompanying documents have been produced jointly by ICC Belgium, FEB, EY, Microsoft, L-SEC, B-CCENTRE and ISACA Belgium. All texts,

More information

The National Cloud Computing Strategy. May 2013.

The National Cloud Computing Strategy. May 2013. The National Cloud Computing Strategy May 2013 Commonwealth of Australia 2013 The material in this paper is licensed under a Creative Commons Attribution 3.0 Australia license,

More information


HOW SAAS CHANGES AN ISV S BUSINESS HOW SAAS CHANGES AN ISV S BUSINESS A GUIDE FOR ISV LEADERS Sponsored by Microsoft Corporation Copyright 2012 Chappell & Associates Contents Understanding the Move to SaaS... 3 Assessing SaaS...3 Benefits

More information

Notes: - All dollars in this publication denote U.S. dollars unless otherwise stipulated. - Travel manager and travel buyer are used interchangeably

Notes: - All dollars in this publication denote U.S. dollars unless otherwise stipulated. - Travel manager and travel buyer are used interchangeably Notes: - All dollars in this publication denote U.S. dollars unless otherwise stipulated. - Travel manager and travel buyer are used interchangeably to refer to any manager from any department responsible

More information

Cloud UK. Paper fifteen UK Cloud adoption snapshot & trends for 2016. The business case for Cloud. one

Cloud UK. Paper fifteen UK Cloud adoption snapshot & trends for 2016. The business case for Cloud. one Cloud UK Paper fifteen UK Cloud adoption snapshot & trends for 2016 The business case for Cloud 15 one Introduction Since the Cloud Industry Forum (CIF) first started its research programme in 2010, the

More information

Information security awareness in financial organisations

Information security awareness in financial organisations Information security awareness in financial organisations Guidelines and case studies September 09 2 Guidelines and case studies September 2009 4 Acknowledgments Several parties supported and contributed

More information

Cyber Security Incident Response: Are we as prepared as we think?

Cyber Security Incident Response: Are we as prepared as we think? Cyber Security Incident Response: Are we as prepared as we think? Sponsored by Lancope Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report

More information

An introduction and guide to buying Cloud Services

An introduction and guide to buying Cloud Services An introduction and guide to buying Cloud Services DEFINITION Cloud Computing definition Cloud Computing is a term that relates to the IT infrastructure and environment required to develop/ host/run IT

More information

Module 9: IS operational and security issues

Module 9: IS operational and security issues file:///f /Courses/2010-11/CGA/MS2/06course/m09intro.htm Module 9: IS operational and security issues Overview Firms that make extensive use of information systems must contend with a number of ongoing

More information

ETF 2020 Preparing for a new horizon

ETF 2020 Preparing for a new horizon The ETF (Exchange Traded Fund) market is growing at a rapid pace. ETFs are no longer considered a niche product and a growing number of organisations are likely to enter this market in the future. To help

More information

Exploiting the Experience of Transformation. IT Outsourcing A BuyIT Supply Chain Guideline

Exploiting the Experience of Transformation. IT Outsourcing A BuyIT Supply Chain Guideline Exploiting the Experience of Transformation IT Outsourcing 2006 IT World Limited on behalf of the BuyIT Best Practice Network Page 1 P12 IT Outsourcing May 2006 Forewords One of the prime objectives of

More information


ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of

More information

Information Security trends 2015. A Swedish perspective

Information Security trends 2015. A Swedish perspective Information Security trends 2015 A Swedish perspective Publication MSB851 - May 2015 ISBN 978-91-7383-572-5 2 3 Preface The development of information technology creates national and global challenges

More information

Contents: April, 2011

Contents: April, 2011 April, 2011 Contents: RIQ Editorial... 2 Summary... 3 Six Key Success Factors for Outsourcing... 4 Mobile Apps Finding Their Place in Russia... 8 Recovering Economy Boosting Outsourced IT Demand... 9 IT

More information

Follow The Money : Financial Options To Assist In The Battle Against Online IP Piracy

Follow The Money : Financial Options To Assist In The Battle Against Online IP Piracy Follow The Money : Financial Options To Assist In The Battle Against Online IP Piracy A Discussion Paper by Mike Weatherley MP Intellectual Property Adviser to the Prime Minister 2 Disrupting revenue to

More information

Due diligence for joint ventures, mergers and acquisitions in China

Due diligence for joint ventures, mergers and acquisitions in China Due diligence for joint ventures, mergers and acquisitions in China There are many ways to enter the Chinese market, including the establishment of a representative office, outsourcing production, founding

More information

CLOUD SOFTWARE PROGRAM. DELIVERABLE D3.1.1 (Task D3.1) First Taste of Cloud Software Business

CLOUD SOFTWARE PROGRAM. DELIVERABLE D3.1.1 (Task D3.1) First Taste of Cloud Software Business CLOUD SOFTWARE PROGRAM DELIVERABLE D3.1.1 (Task D3.1) First Taste of Cloud Software Business Preliminary report on definition of cloud software business, on transition from software project business and

More information

White paper / Network Monitoring. Network Monitoring. Context Response April 2013. Context Information Security 1 / 15

White paper / Network Monitoring. Network Monitoring. Context Response April 2013. Context Information Security 1 / 15 Network Monitoring Context Response April 2013 Context Information Security 1 / 15 Contents Background 3 Devising a Monitoring Strategy 5 Three Key Questions 6 The Kill Chain 8 Bringing

More information

Dealing with the future of dealing desks. How outsourced dealing has now become a credible option for investment managers

Dealing with the future of dealing desks. How outsourced dealing has now become a credible option for investment managers Dealing with the future of dealing desks How outsourced dealing has now become a credible option for investment managers Managing editors Richard Phillipson, Principal and Director of Institutional Consulting,

More information

Digital Evidence, Digital Investigations and E-Disclosure:

Digital Evidence, Digital Investigations and E-Disclosure: Digital Evidence, Digital Investigations and E-Disclosure: A Guide to Forensic Readiness for Organisations, Security Advisers and Lawyers Peter Sommer Third Edition Version 3.0 Mar 2012

More information

The Definitive IP PBX Guide

The Definitive IP PBX Guide The Definitive IP PBX Guide Understand what an IP PBX or Hosted VoIP solution can do for your organization and discover the issues that warrant consideration during your decision making process. This comprehensive

More information

Software Asset Management

Software Asset Management Ville-Pekka Peltonen Software Asset Management Current state and use cases Helsinki Metropolia University of Applied Sciences Master of Business Administration Master's Degree Programme in Business Informatics

More information

Competitive analysis of the UK cyber security sector

Competitive analysis of the UK cyber security sector Competitive analysis of the UK cyber security sector A study by Pierre Audoin Consultants for the Department for Business, Innovation and Skills Version 1 July 29 th, 2013 Disclaimer

More information

Information security awareness initiatives: Current practice and the measurement of success

Information security awareness initiatives: Current practice and the measurement of success Information security awareness initiatives: Current practice and the measurement of success July 2007 Preface The European Network and Information Security Agency (ENISA) is a European Union Agency created

More information

TELSTRA CYBER SECURITY REPORT 2014. Security insights, trends and impact to Australian organisations

TELSTRA CYBER SECURITY REPORT 2014. Security insights, trends and impact to Australian organisations TELSTRA CYBER SECURITY REPORT 2014 Security insights, trends and impact to Australian organisations EXECUTIVE SUMMARY The internet presents a world of social connectivity, economic growth and endless opportunities

More information

New Strategies for Managing the Risks of Exploitation

New Strategies for Managing the Risks of Exploitation E - C O M M E R C E A N D C Y B E R C R I M E : New Strategies for Managing the Risks of Exploitation F O R E N S I C A N D L I T I G A T I O N S E R V I C E S Now that most transactions and exchanges

More information

Research Study on the Economic Impact of Cloud Services on South African SMMEs

Research Study on the Economic Impact of Cloud Services on South African SMMEs Research Study on the Economic Impact of Cloud Services on South African SMMEs Prepared by: Adrian Schofield Manager: Applied Research Unit Joburg Centre for Software Engineering at Wits University 011

More information

Good Business for Small Business. Handbook Best financial practices for Canadian businesses

Good Business for Small Business. Handbook Best financial practices for Canadian businesses Good Business for Small Business Handbook Best financial practices for Canadian businesses Table of Contents Introduction ii I. Financing: Getting money to start and run your

More information

Cyber Security Perspectives

Cyber Security Perspectives Cyber Security Perspectives 21 st century technology and security a difficult marriage John Suffolk SVP Global Cyber Security Officer Huawei Technologies TABLE OF CONTENTS 1 Introduction... 1 2 Executive

More information