Traditionally, software audits were conducted by gaining access to software installations and reviewing entitlements. Theoretically, if a customer is using a cloud product accessed by login credentials, then audits wouldn’t be an issue because the software publisher would be in complete control of the customers’ access to its systems. But, audits can still be a concern for software customers even if they are using a cloud application.
Internal IT organizations still need to manage cloud login credentials and manage the proper end-user access. Details such as the number of users, proper access, data retention, data recovery, and adherence to license restrictions and limitations must be managed closely. Cloud applications may not necessarily have controls placed on systems to limit certain access so that too many users could potentially log in at a particular time and violate the license agreement. Publishers that merely limit use via a contract rather than with system controls can place customers in a position to closely monitor usage and compliance, or otherwise customers could be subject to stiff penalties in the event of an audit.
When considering implementing cloud based tools, it is usually helpful to employ the assistance of legal counsel experienced in advising clients with issues related to software audits to help ensure that the business understands the software rules, obtains the proper licenses, and mitigates its’ audit risks.