Tweet Cloud Computing

Piracy in the Cloud: A Picture Is Starting to Emerge

One of the most striking findings in the global survey data we are releasing this week is the fact that 42 percent of the people who use paid cloud services for business say they share their log-in credentials inside their organizations. This points to a worrisome new avenue for software license abuse, and it is the latest sign that piracy is evolving in the cloud era, rather than dying out.

Let me stress: Credential-sharing within organizations does not always amount to pirating cloud services. In some cases, organizations may hold licenses that allow users to share accounts. In fact, many cloud service providers charge for their services not by “seat” but by the volume of computing resources consumed, making the path users take to access those resources less important.

But it is worth noting that 56 percent of those who use paid cloud services for business believe it is wrong to share employer-provided log-in credentials for those accounts with other people in their organizations. (That includes many of the very same people who are doing it.) And in many cases, depending on the terms of their service agreements, they would be right: Sharing credentials would in fact constitute license abuse.

Two other points are especially noteworthy. First, there is a decided split in the credential-sharing habits of users in emerging markets and their counterparts in mature markets. In emerging markets, 45 percent of those using paid cloud services for business say they share their log-in credentials internally, compared to 30 percent in mature economies. This mirrors a trend we have long seen in the rates of piracy for installed PC software — the problem is significantly more acute in emerging economies.

Second, the computer users who admit they pirate PC software most frequently (a question we asked directly in this year’s Global Software Piracy Study) also are more likely than other users to say they share log-in credentials for paid cloud services.

This highlights the chronic nature of software piracy, and it underscores a point BSA articulated in the policy blueprint we released earlier this year as part of our Global Cloud Computing Scorecard: We need to modernize intellectual property laws so they provide clear protection and allow for vigorous enforcement against misappropriation and infringement of IP in the cloud

BSA first began assessing how piracy might occur in the cloud in late 2010 and early 2011. We conducted a series of interviews with industry experts and frontline technologists in our member companies and other sectors and concluded cloud piracy could take at least four forms:

  • End users could abuse their licenses for cloud services by sharing their account credentials.
  • A rogue business could set up a “dark cloud” to deliver illegal software or offer software as a service without a license for redistribution.
  • An enterprise could set up a private “dark cloud” for its own use — that is, to provide pirated software to its employees.
  • An enterprise could use a private “gray cloud” to provide legally purchased software to more users than the license allows.

Of those four types of cloud-related IP theft, sharing credentials for public cloud services might prove to be less of a long-term threat than the types of piracy that can occur in private cloud environments hosted by enterprises. That is because private clouds are merely efficient, scalable architectures for delivering traditional IT tools — which are typically licensed the same way whether they are installed locally for each individual user, or deployed through traditional networks or clouds.

For decades now, the most common form of enterprise software piracy has occurred when an otherwise legal company buys a license to install a program on one computer but then installs it on tens, hundreds, or thousands of additional machines. Today, in a private cloud environment, the company can centrally serve the software to all of its users rather than install it on their individual hard drives. But the end result is the same: The company is paying for fewer licenses than it should.

It is critical that we enforce copyright laws in both sorts of cases. Given the rate at which cloud services are growing — especially in emerging economies — the balance appears likely to shift.

Click here to download the topline results of BSA’s global survey of cloud usage.

Download high-resolution infographic: EPS or PDF.

Author:

As President and CEO of BSA | The Software Alliance from 1990 until April 2013, Robert Holleyman long served as the chief advocate for the global software industry. Before leaving BSA to start his own venture, Cloud4Growth, Holleyman led the most successful anti-piracy program in the history of any industry, driving down software piracy rates in markets around the world.

Named one of the 50 most influential people in the intellectual property world, he was instrumental in putting into place the global policy framework that today protects software under copyright law. A widely respected champion for open markets, Holleyman also was appointed by President Barack Obama to serve on the President’s Advisory Committee for Trade Policy and Negotiations, the principal advisory committee for the US government on trade matters.

Holleyman was a leader in industry efforts to establish the legal framework necessary for cloud-computing technologies to flourish. He was an early proponent for policies that promote deployment of security technologies to build public trust and confidence in cyberspace. And he created a highly regarded series of forums for industry executives and policymakers to exchange points of view and forge agreements on the best ways to spur technology advances and promote economic growth.

Before heading BSA, Holleyman was a counselor and legislative adviser in the United States Senate, an attorney in private practice, and a judicial clerk in US District Court. He holds a bachelor’s degree from Trinity University in San Antonio, Texas, a J.D. from Louisiana State University, and has completed the Stanford Executive Program at the Stanford Graduate School of Business.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × four =