When my colleague Christina Torode covered the Burton Group’s Catalyst conference this summer, the buzz among IT executives was that business users were purchasing SaaS services without running these agreements by IT first. As Torode reported:

“Business users tired of waiting for IT to provision a new application or service are tapping cloud providers and bypassing IT along the way, much as they have for many Software as a Service applications over the past few years. And cloud providers are not calling on the IT department, but rather going to department heads to pitch their wares.”

But if this trend makes it harder for IT outsourcing contract professionals to oversee the company’s IT assets as a whole, there is also a flip side: When business users procure their own software, it doesn’t come out of the IT budget.

During a breakout session on SaaS services and cloud computing outsourcing contracts, Forrester senior analyst Liz Herbert said that she’s heard that some IT outsourcing contract professionals would actually prefer that individual departments continue purchasing their own SaaS services for this reason. In this economy, with all budgets and spending being scrutinized so closely, why make it look like IT is doing the spending if these other departments are willing to foot the bill?

To be fair, I noticed some snickers from the IT contracting professionals in the room upon hearing Herbert’s comment, so perhaps it’s not a common point of view but I thought it worthy of mention nonetheless. Certainly, it speaks to the need for governance in IT outsourcing contracts on an enterprise-wide level – a subject I’ll be delving into in the coming week.

Has your IT organization surrendered oversight of SaaS services contracts procured by the business, or do you still intend to oversee all these IT outsourcing contracts throughout your organization?

This isn’t the first time I’ve heard of virtualization licensing terms being violated. A systems integrator told me that a customer had to pay Microsoft $300,000 after an audit of an application virtualization project. Apparently, the company was using Symantec’s Norton Ghost disk-cloning technology to create ghost images of four different desktop models. The company had licenses for four images, but they were being used by 800 users.

So how are vendors counting licenses under the virtualization model, and how can you avoid violating virtualization licensing terms?

Duncan Jones, a licensing expert and analyst with Forrester Research, gives some background in a recent report on counting virtual licenses:

For decades, many software vendors have licensed their products by hardware-based metrics such as server, processor, or device. The definitions they have used in their license agreements assume a permanent assignment of software to physical assets. The licenses are like labels that the operations manager can attach to a piece of hardware to say “this device is licensed to run Product A.” But the lawyers who wrote these agreements never envisioned today’s virtualized data centers. Increasingly, applications now run in software-controlled bubbles, called virtual machines (VMs), which usually cannot be permanently associated with the physical resources supporting them. This makes it hard for software vendor managers to ensure that their organization has sufficient license capacity — one can’t affix a license sticker on a virtual machine. If they’re not careful, these sourcing and vendor management teams may find themselves facing a large unexpected bill after a software audit.

Jones offers a few steps you can take to avoid violating virtualization licensing terms. These include:

• Choosing to license products based on named users rather than processors;
• Working with your vendor to retrofit your software licenses for a virtual environment;
• And, simply favoring vendors with more enlightened licensing policies.

Burton Group’s Chris Wolf believes it is time for those serious about virtualization to get a third-party licensing management tool. IBM offers such tools, as does ManageSoft.

ManageSoft, for example, allows you to audit the software you have in a virtual infrastructure and maintains an online database that will validate compliance for the applications and operating systems running in a virtual environment.

License compliance is no joke, as those who’ve been fined can attest. The onus is on you to figure out what you need and work with your vendors on the terms you need.

Let us know what you think. Email me at ctorode@techtarget.com.