As more applications move to the cloud and software publishers embrace the SaaS model, software piracy will decline and eventually become a thing of the past.
Or, maybe it won't. Maybe users will simply find new ways -- trading SaaS account login credentials, or setting up "dark clouds" -- to get around paying for software.
A debate has been sparked by new data from the Business Software Alliance (BSA), which surveyed nearly 15,000 PC users in 33 countries; the study did not include smartphones or tablets. The survey shows that 42 percent of respondents say they share login credentials for paid cloud services inside their organizations.
Robert Holleyman, president and CEO of the BSA, wrote in a blog post that sharing login credentials doesn't necessarily equate to piracy -- some cloud services may allow multiple logins simultaneously on a single account -- but in many cases such activity does constitute license abuse or a violation of terms of service.
The BSA's data has been criticized by some media outlets, most notably The Economist, which questioned some of the conclusions as well as the wording of the survey. For example, they argue that some questions don't specify whether sharing login credentials violates the terms of service or licensing for a paid cloud app.
But, the BSA is sticking to its guns and maintains the topic of "cloud piracy" is cause for concern. Matt Reid, senior vice president of external affairs at the BSA, said while cloud piracy may not be on the same level as traditional software piracy, the data is cause for concern. "At this point, making a direct assessment is difficult because cloud is new and fast growing," said Reid. "But, we've been looking at trends, and what we've learned is that the conventional wisdom that piracy just goes away in the cloud is not true."
That conventional wisdom, ironically, has been echoed by some of the BSA's own members; Adobe Systems CEO Shantanu Narayen told Forbes in an interview last year that cloud services will significantly reduce piracy, thanks to the always-on Internet connection required for SaaS and cloud applications.
Kevin Lalor, founder and CEO of Business Intelligence 101, agreed and said his company's SaaS model gives his company a clearer picture of customer usage. Bi101 used to sell on-premise software years ago and saw a high rate of piracy among customers. But, it's a different story today, he says, because SaaS offerings like Google Apps or Salesforce.com allow solution providers to track logins and account usage.
"Piracy was almost totally eliminated with a subscription service model," Lalor said. "Why? Because we can see what's happening."
NEXT: Architecting Cloud Apps: Limited Access Or FlexibilityDavid Hoff, CTO of Cloud Sherpas, also sells Google Apps and said the visibility offered by cloud services is a major advantage for resellers and vendors. "In the past, we thought 'Is there a warez crack for this program?' but now it's different," he said. "Because the software is in the cloud and there's real-time analytics and a view into each user base, the publisher has fundamental control over the product. They just have to architect it properly."
So what exactly constitutes a proper cloud app?
Opinions differ on how cloud apps and SaaS offerings should be delivered, especially when it comes to the subject of login usage. While some cloud services and SaaS offerings limit each seat or account to one login at a time, others such as Google Apps do not.
Hoff said allowing multiple simultaneous logins for a single account isn't necessarily a design flaw, either. "You may be logged in on your desktop, but then you have your phone, your tablet and other mobile devices," he said. "Should cloud providers shut down the account because its seemingly three logins are being used at once? You risk alienating your users that way."
Bi101’s Lalor said he doesn't see login credentials being traded much within his customer base. "I don't think it's a major problem, and it's probably only for intimate use," he said, referring to small groups of co-workers who may access the same account during a meeting, for example.
BSA’s Reid acknowledged that not all login trading represents a licensing or terms of service violation, and offering flexibility for account usage is a good thing for some software vendors and cloud providers. But, the practice itself portends to potentially bad behavior, he said.
"Not all of it is piracy and license abuse," Reid said, "but there are some bad habits."
For example, one part of the survey poses a simple question: Do users think it's okay to share login credentials for a paid cloud computing service with other people? According to the BSA, 56 percent of respondents that used business cloud apps answered no. Again, the survey itself didn't specify whether or not such activity violates that cloud app's terms of service.
Nevertheless, Reid pointed out that despite the majority of respondents believing it's wrong to share their login credentials, 42 percent also say they share their credentials and accounts for paid cloud services with other employees inside their organization. Again, such sharing may not violate the terms, but Reid said the BSA is concerned that users may abuse the privilege of multiple logins.
NEXT: Limiting Business Cloud Services LoginsSo, does the BSA believe that business cloud services should limit accounts to one simultaneous login? "It's an interesting question," BSA’s Reid said. "I think it's based on each individual business model and how each company wants to deliver its product and charge for it.
Cloud Sherpas' Hoff said whatever a software vendor decides, the cloud ultimately gives it more control over the product. "There is a lot more capability for organizations to control their own destiny," he said. "Any company that's starting out today is going with SaaS. You rarely see new desktop software coming out with just the old model."
That said, Hoff believes cloud apps and SaaS models are completely foolproof when it comes to abuse. "I do agree there are new sets of challenges with cloud," he said.
Along with sharing login credentials, the BSA highlighted the possibility of "dark clouds" that provide unfettered access to unlicensed software. Unlike digital lockers and file hosting services like Megaupload, where users can simply upload/download pirated content, public or private dark clouds can be used to deliver pirated software-as-a-service. Similarly, the BSA says "gray clouds" can be used by enterprises to take legally purchased software and offer it to more users than the licenses allow.
While the BSA's survey did not include any data on dark clouds or gray clouds, the organization is touting such activity as a major concern. "What we're seeing mostly today is credential sharing, but we're watching dark clouds very closely because it's the ripest area for enterprise [license] abuse," Reid said.
But, Bi101’s Lalor said coordinating credential sharing is hard enough for some businesses, and he doesn't see more companies being able to successfully build private dark or gray clouds. In addition, corporate clouds are still in their infancy; CRN sister publication InformationWeek recently reported that just 21 percent of businesses have private clouds in place now, according to InformationWeek's 2012 Private Cloud Survey.
But, the BSA believes as more companies embrace the cloud and more software vendors build out their applications for cloud and SaaS models, the risk of abuse will increase. "All of these software companies, our members included, are moving to the cloud," Reid said. "And, what we've heard from our members is that they are concerned."
PUBLISHED AUG. 23, 2012