A recent crackdown by SAP AG on companies that it considers are indirectly accessing its software without paying for it could spell trouble for some longstanding customers of the software vendor, an analyst firm said this week.
Under SAP's licensing terms, an indirect access scenario occurs when a company's employees or business partners, who are not licensed SAP users, accesses SAP software via a third-party application interface, said Dave Blake CEO of UpperEdge in Boston, Mass.
One example is where a company might capture customer orders and enter the data into a SAP system using a non-SAP application. Under a strict interpretation of SAP licensing terms, such access would require each user of the non-SAP application, to also get a named SAP user license.
In the past, SAP has preferred to turn a blind eye to such indirect access scenarios, Blake said. In situations where the issue has come up, SAP has typically issued a waiver or an exception, he said.
That has changed recently, however, based on feedback from UpprEdge's clients, Blake said. Increasingly, SAP has become much more aggressive in auditing and enforcing indirect access violations, in some cases charging enterprises millions of dollars in license and support fees.
Blake said that three of UpperEdge's clients have been asked to pay between $3 million and $6 million in additional license fees by SAP for violating the company's appropriate use licensing terms. All three companies are contesting the company's demand, he added.
Their experience should serve as a cautionary tale for all SAP customers, Blake said.
"The reason it can be challenging [for enterprises] is there is no specific definition at all in SAP's licenses agreement for the concept of indirect access," Blake said. It is a definition that company has held on to internally and used in a seemingly arbitrary fashion, he added.
The issue is an important one, especially for longstanding SAP customers, because over the years, many of them are likely to have integrated their SAP environment with multiple non-SAP applications. What is especially problematic for many of them is SAP's overly broad interpretation of what it considers indirect access, he said.
In a blog post on Tuesday, Blake pointed to several examples of what SAP might consider to be an instance of indirect access. In one, Blake noted that an employee who extracts and saves SAP data to an Excel file and then emails the Excel file to another employee, would require a SAP user license, and so would the employee who received the Excel file. Similarly, an employee requesting specific customer information from a SAP system via a Salesforce.com application would require a SAP license to access the data.
In addition, some recent changes to SAP's licensing terms now make it a requirement for companies to use only SAP processes to extract data from a SAP system to a non-SAP system, he noted.
SAP did not respond to a request for comment. So it was not immediately possible to verify the accuracy of the scenarios described by Blake, or of the claimed increased enforcement of the indirect access issue.