Cloud conduct principles – realistic?
April 2021 saw the release of “Ten Principles of Fair Software Licensing for Cloud Customers” by Cigref and CISPE – an attempt to bring some control and guidelines to how on-premises licenses are used in public cloud environments.
Who are they?
“Club Infromatique des Grandes Entreprises Françasises” is a French non-profit organisation with members from 150 French corporations and public administrations and the aim of helping companies to better function in the digital world. Members include:
- BNP Paribas
“Cloud Infrastructure Service Providers in Europe” is a non-profit trade organisation for European IaaS providers, working to help shape EU-wide cloud procurement policies as well as security and data protection standards and more.
Why has this come about?
The “Ten Principles of Fair Software Licensing for Cloud Customers” aims to address what they believe to be practices harmful to customer organisations moving to the cloud and is a pushback against software vendors using their market positions to restrict choice in the new world of public cloud. It seems, to some degree, to be prompted by the proposed Digital Markets Act – expected to come into force in 2023 in Europe.
The Digital Markets Act (DMA)
Submitted as a legislative proposal from the European Commission in December 2020, the DMA aims to create a (somewhat) level playing field for online platforms and cloud services. In its entirety, the Act encompasses eight areas:
- Online intermediation services (such as app stores and marketplaces)
- Search engines
- Social networking
- Video sharing platforms
- Number-independent interpersonal electronic communication services
- Operating Systems
- Cloud services
- Advertising services
It takes aim at “gatekeepers” which the Commission describes as companies that “have a major impact on, have substantial control over the access to, and are entrenched in digital markets”. The proposed benefits of the DMA include more opportunity for innovation in the market, fairer prices, and an easier ability to switch providers. There are proposed “dos and don’ts” for the Gatekeepers which include:
- Do allow third-party integration
- Do allow business users access to their data within your platform
- Don’t favour your own products in ranking systems
From a cloud perspective, it’s pretty easy to see how Microsoft and Amazon will be classed as “gatekeepers” – Azure & AWS certainly seem to meet the criteria. I’ll be interested to see how the other cloud providers, particularly Google, Oracle, and IBM, end up being classified.
Cigref and CISPE both take the view that adding a requirement for fair software licensing to the DMA would be beneficial to ensure a fairer technological future for businesses, with CIO of France Télévisions, Philippe Rouaud, saying that current licensing terms have had a “chilling effect” on their growth and agility.
Reviewing the principles
The ten principles are:
- Licensing Terms Should Be Clear and Intelligible
- Freedom to Bring Previously Purchased Software to the Cloud
- Customers Should Be Free to Run their On-Premises Software on the Cloud of their Choice
- Reducing Costs through Efficient Use of Hardware
- Freedom from Retaliation for Cloud Choices
- Avoiding Customer Lock-In Through Interoperable Directory Software
- Equal Treatment for Software Licensing Fees in the Cloud
- Permitted Uses of Software Should Be Reliable and Predictable
- Licences Should Cover Reasonably Expected Software Uses
- Permitting Fair Software Transfers
These are all commendable ideas, and some would certainly make things easier for most people involved in hybrid cloud and Bring Your Own Licensing (BYOL). However, let’s delve into them a little deeper and see what’s what…
In my opinion, numbers 1, 8, 9, are not cloud specific i.e. they apply just as much to on-premises software. These could well be the bedrock of any campaign to improve software licensing:
- Make them clear
- Don’t change the rules halfway through the lifecycle
- Make it clear what licenses are required to get ALL the features you’re promoting
Numbers 2, 3 and 7 all work together – customers moving existing on-premises licenses to the cloud shouldn’t face additional costs, they should be able to be run on any cloud, and software pricing shouldn’t differ based on where it will be installed – whether it’s on-premises, in the customer’s cloud, in someone else’s cloud etc.
There are several examples of behaviour that could be caught by this including:
- Oracle only certifying Azure & AWS
- IBM requiring twice the PVU count in Orace Cloud
- Microsoft’s Azure Hybrid Benefit
Where costs can differ depending on where the software is installed.
It could also catch Microsoft’s requirement that licenses must have Software Assurance (SA) in order to be used in a cloud environment. Furthermore, the licensing changes Microsoft made in October 2019 that License Mobility rights are required to run their software on 3rd party dedicated servers would fall foul of this – in fact, that could be a large part of the drive behind this principle.
Number 4 refers to software vendors forcing BYOL customers to use on-premises licenses only on more expensive, dedicated servers in their cloud environment. This isn’t something I’ve seen with Microsoft or Amazon and doesn’t really make sense; dedicated servers increase the providers costs, and I can’t see any benefit to them doing this. This rule seems to be tilting at windmills in my opinion – although I’m happy to be corrected if this practice is happening.
Number 5 is more of a forward-looking rule. It aims to prevent software vendors from “over-auditing” customers who choose to use a different cloud provider i.e. those using Microsoft SQL Server on Amazon AWS. That’s great in principle but I think, in reality, proving this was the reason behind an audit would be so difficult as to make this clause null.
Number 6 refers to the directory software the cloud vendors use to “create, identify, manage, and authenticate users” and that the cloud providers have a “heightened responsibility” to ensure they use open standards to facilitate smooth migrations from one cloud to another.
My initial feeling is that this is an unrealistic ask. Being able to get your data out of a cloud in an easily readable and importable format is absolutely critical but I’m not sure the vendors do have a responsibility around user directory software and structure. If we’re looking at SaaS products then sure, it would be ideal if you could just switch from Office 365 to Google Workspace without re-importing and re-building all your users – but they’re separate products from separate companies, so differences are surely to be expected?
In the IaaS world, the ability to migrate workloads (and data) between cloud environments is critical and, to a large extent, it exists already. Many of the directory systems are already quite similar underneath and Microsoft, Amazon, and Google all have documentation for migrating from one to the other – although I can’t comment on how easy those processes are!
Number 10 refers to the ability to re-sell software licenses and so is really an on-premises clause.
It’s clear that public cloud platforms such as Azure & AWS are going to be the primary environment for many of the workloads run by businesses across the globe. Anything that can give more control to customers of the Compu-Global-Hyper-Mega-Net cloud providers of the 20s and beyond is a welcome move. Just because software licensing has been confusing and restricting doesn’t mean it has to continue to be that way! I welcome this initiative from Cigref and CISPE and look forward to seeing how it progresses.
Furthermore, I’d advise all end user organisations out there to take these principles and use them both as a framework for your vendor negotiations and a set of criteria with which to evaluate a new vendor’s approach to software licensing.
Cigref website – Club Infromatique des Grandes Entreprises Françasises
CISPE website – Cloud Infrastructure Service Providers in Europe
The Digital Markets Act (DMA) – https://eur-lex.europa.eu/legal-content/en/ALL/?uri=COM:2020:842:FIN
About Rich Gibbons
A Northerner renowned for his shirts, Rich is a big Hip-Hop head, and loves travel, football in general (specifically MUFC), baseball, Marvel, and reading as many books as possible. Finding ways to combine all of these with ITAM & software licensing is always fun!
Connect with Rich on Twitter or LinkedIn.