Compliance Audits Are Like Ransomware

Ransomware is the newest form of extortion whereby a person, company or institution experiences a cyber holdup.   The threat is real and it is generally brutal:  pay immediately or suffer the consequences such as losing data or watching confidential information spread across the digital horizon.  You did not expect to be held hostage and you certainly did not budget for such an event.

The fact is, you have most likely had an analogous experience when undergoing a vendor license audit.  Unexpectedly you are notified that your license usage does not “comply” with the executed legal agreement between your organization and the vendor.  You are shocked!  Nothing underhanded was intended or contrived, yet the fine print favors the vendor’s allegation.

Why does this happen?  The main culprit is the changing world for legacy vendors and the fact that their business model and very existence is threatened.  Think Cloud, subscription and usage fees versus on premise, perpetual and enterprise licensing.  Vendors are looking under rocks to find revenue to support their eroding business models (e.g.; IBM, Informatica, Oracle, SAP and hundreds of others).

Many technology companies are dealing with the disruption by executing a plan.  They will sell you a product – let’s say an MDM license – and know that you will exceed the terms and conditions sometime after the initial deployment (usually a year to eighteen months).  You most likely did not anticipate such and outcome or the vendor purposely hid that eventuality during the sales cycle.  (Hurry, end of quarter deal).

SMF is aware of these strategies and more importantly familiar with all of such licensing schemes.  We have both the knowledge the experience to mitigate such costs.  We welcome the opportunity to offer guidance prior to such an experience or, when an audit arises, to help you navigate through with minimal spend and exposure.