Attachmate sue Mobistar for $6M
We’ve received a tip off that the software publisher Attachmate is suing Mobistar, a Belgian telecommunications company.
It is alleged that Attachmate is claiming 4.5 million Euros (around 6.12M $USD or 3.57M £GBP) for alleged illegal use of a product called ‘ReflectionX’. The dispute is said to have originated from an onsite audit by Deloitte and has now been escalated to Belgian courts.
As a result, Attachmate is said to be auditing all worldwide companies connected to Mobistar via the parent company, Orange/ France Télécom.
ReflectionX is a terminal emulator, allowing users to connect to legacy mainframe operating systems such as IBM, UNIX, OpenVMS, and HP from a Windows machine.
The nastiest vendor out there
Attachmate have a reputation in the licensing market as hostile and litigious. One ITAM Review reader, an experienced SAM practitioner stated:
“They are the nastiest vendor out there. One of the top four auditing firms actually stopped doing business with Attachmate because their behaviour was damaging their customer relationships” (i.e. even the audit alligators don’t want to work with Attachmate).
“Attachmate is a dying brand with license revenue heavily dependent on audits. They are aggressive and quickly jump to legal action; no holds are barred with Attachmate”.
“For example if an Attachmate customer has mislaid old license records they will make them pay for them again. Back payments start at the first release date of the application even though Attachmate have patchy records prior to 2003. Furthermore interest in charged on back payments at a rate between 12% and 18% depending on local jurisdictions.“
A point reiterated by Daniel Renall, a Software Audit Specialist from New Zealand in an ITAM Review LinkedIn discussion thread:
“A major gotcha was the legacy installs of the reflection products. Watch out for non-compliance penalties and back maintenance charges.”
Lack of Management Controls
Attachmate maybe a ‘nasty vendor’ and take an aggressive approach with their customers, but if this lawsuit is verified Mobistar must also face the fact that nobody forced them to install the software. Any fines and time and resources wasted are due to a lack of basic management controls for managing software as an asset.
In particular, be careful when building Attachmate products as part of a standard deployment build or providing access with Citrix Terminal Services or other streaming technologies – if one published desktop has access to Attachmate and no access controls are in place, even if no one has accessed, you face the risk of everyone in the organization being charged. With interest rates applied over a decade, a $1M fine can quickly become $5M fine.
Trustworthy Inventory and Audit Readiness
Like most large software publishers Attachmate have a license compliance program and periodically review customers. One ITAM Review reader shared their Attachmate license review / audit letter which stated a focus on completeness and accuracy:
“Verifiable level of comfort that both accuracy and completeness were accomplished”
Attachmate auditors will be looking for exhaustive inventory of your estate to prove installations of their software as well as a level of verification to show that the inventory is accurate.
Rory’s process of the month on scope verification uses anti-virus as a comparison to inventory data to verify data. I would also recommend using Active Directory and / or SCCM. If you compare and contrast three data sources you’ll benefit from stronger inventory and stronger AD and SCCM records.
It is also interesting to note how Attachmate approach the compliance assessment:
“Upon receipt of the [inventory] data, we’ll work to prepare a preliminary deployment table showing installations by product and version. We normally give your organization 1 week to review the report’s accuracy and ask follow up questions. After that time, I will ask for the numbers to be approved by your organization at which point the compliance table summary will be labelled final and work will begin with the Attachmate business team on next steps.“
So once your inventory is complete and verified as accurate you’ll need to move quickly to assess your position. The data is then sent away to the business team to generate a bill / compliance position.
All of this point towards a basic need to have good inventory and license records to defend against such audits. As Tier 1 of the ISO/IEC 19770-1 standard suggests we need “Trustworthy Data”.
Finally, if all else fails and things start to get nasty invite the account reps from Attachmate’s sister brands (Novell, NetIQ and Suse Linux) along to contract negotiations and suggest that if it gets bad for Attachmate it will get bad for everyone.
Attachmate and Mobistar declined to comment. Image source.
Update – Vote with your feet
I was sent this link for a cheaper, easier to manage alternative. Let me know if you can recommend any others.
Related articles:
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
I was involved in assisting a customer with an Attachmate audit a few years back and have to agree with the view that the jump from initial contact to full on audit was faster and more aggressive than I have seen with any other software vendor.
I have been involved in a number of Attachmate engagements over the years and was stunned by the company’s aggressive approach. The damages calculations were often without foundation or legal support and when questioned, threats of “escalation” and “law suits” followed shortly thereafter. A dying company intent on cannibalizing what’s left of its rapidly declining business.
I went through a ‘self audit’ for them a year or so back in my old job. Agree with others – needlessly aggressive for the amount of licensing we had (two installs of FileXpress). Every environment needed to be audited. They even wanted various configuration details that we didn’t provide siting security concerns. Glad to be at a company that will never need their products.
I completely agree with how aggressive attachmate are. After our dealings (audit) with them, we stopped using RelectionX and moved to X-Win32.
in most cases the license agreement gives the supplier the right to audit your license estate, but what most organizations fail to do, is force the supplier into an audit agreement (scope, timelines etc), in this particular case, I would not have shared the install base with the supplier prior to knowing my financial exposure, please do not misunderstand my statement, I’m not in any way shape or form suggesting not to share the install base, I’m simply suggesting one should know the license balance prior to sharing it with the supplier, and then validating the balance with the supplier’s position
The number of times a large organization with good management controls and record-keeping will conduct a lengthy, time-consuming and expensive software audit are limited. Add to this the perceived breach of trust and the relationship can quickly deteriorate.
We have a very different approach at OpenText – which is probably why we retain our emulator and X-Win connectivity customers (and migrate others from suppliers they are not happy with).
George makes a very good point about not agreeing the terms of the audit.
You want to avoid the audit “fishing” for compliance gaps and the best way to achieve this is limit the scope and the information
Attachmate is an unethical company, no doubt about it. I was an auditor at one of the big 4 doing Attachmate audits, and in time I probably would have quit for ethical reasons. However, I was happy to see that my company stopped doing business with them because it was so damaging to our staff and our brand.