201901.29
Off
2

Audits in the Cloud

Female hand holding cloud perforated paper craft

Traditionally, software audits were conducted by gaining access to software installations and reviewing entitlements. Theoretically, if a customer is using a cloud product accessed by login credentials, then audits wouldn’t be an issue because the software publisher would be in complete control of the customers’ access to its systems. But, audits can still be a concern for software customers even if they are using a cloud application.

Portal Software

Publishers in many cases require that customers install portal software as the entry point for customers to enter login credentials. Such installations may give rise to separate terms and conditions for installing software that will be above and beyond the terms of use for online services. These installations can create discoverable software on end user machines during a traditional audit of installations and entitlements.

User Access

Internal IT organizations still need to manage cloud login credentials and manage the proper end-user access. Details such as the number of users, proper access, data retention, data recovery, and adherence to license restrictions and limitations must be managed closely. Cloud applications may not necessarily have controls placed on systems to limit certain access so that too many users could potentially log in at a particular time and violate the license agreement. Publishers that merely limit use via a contract rather than with system controls can place customers in a position to closely monitor usage and compliance, or otherwise customers could be subject to stiff penalties in the event of an audit.

When considering implementing cloud based tools, it is usually helpful to employ the assistance of legal counsel experienced in advising clients with issues related to software audits to help ensure that the business understands the software rules, obtains the proper licenses, and mitigates its’ audit risks.