Indirect access. In Danger?

It's there in the agreement, you can bet on it. Indirect Access. Whether it's disguised as 'qualified users, or 'devices', or perhaps 'multiplexing', it's prohibited. And that means you need to be sure that the access you're providing to your licensed systems is correct and compliant.

​The simple way to think about it is that if it's related to a proprietary system, or sourced from a proprietary system, any access must be properly authorised. And that means properly licensed. So whether it's via an API, an interface, or extracts, you need to ensure that you're compliant with the terms of your agreement - to not be can prove very problematic, and potentially very costly.

​Take the recent finding (Feb 2017) in favour of SAP UK over DIAGEO Great Britain which you can view at http://www.bailii.org/ew/cases/EWHC/TCC/2017/189.html in a remarkably readable form for a crown judgement. The core of the matter was the "Named User" metric by which DIAGEO licensed its SAP installation, and the development and use of functionality within Salesforce (known as Gen2 or Connect) that enabled DIAGEO customers and distributors to places orders, check stock availability and prices, see invoices and select delivery. Through various interfaces back to SAP, Connect provided the necessary data, lists, and workflow to those end customers and distributors 24x7 negating the need for a call centre to receive and process requests. Despite DIAGEO asserting that the use of Connect by customers was essentially no different to when they contacted and were processed through the call centre, the judge saw otherwise and ruled that such access constituted use of the SAP system.

​The implications are yet to be seen, however in summary the damages were considered by the judge as below:​​​

"In summary, usage by Gen2 sales representatives is not authorised usage under the Agreement. SAP is entitled to additional licence and maintenance fees, the level of such fees to be assessed in the quantum phase of the trial, if not agreed, by reference to the nature and extent of the usage and SAP's price list."

So, should we be concerned? Absolutely. If you're unsure of the your license grants or metrics, the terms of your agreements, or the compliance of any periphery/accessing systems, you need to take stock and run a full assessment exercise across your domain.

​To be unaware is to be in danger.