Compliance raids in the cloud

When the Business Software Alliance raids your company, don't say I didn't warn you that your cloud computing operations might get you in hot water.

Let's say you've decided to move an application into the cloud. Perhaps it's a departmental app that you don't want to dedicate resources to, or maybe it's an application that has sporadic demand spikes that make it perfect for the elastic resources you can get from, say, Amazon's EC2 cloud computing service.

Once you've decided the cloud service fits your need, is secure, meets your service-level requirements and works with your budget, you move the app and pretty much forget about it. But you should do one more thing before you let it slip your mind.

Check the software licenses associated with the application.

I was chatting with Adam Kerrison, chief technology officer at Tideway, Inc. in New York. His company has agent-free software called Foundation that historically discovers assets in your data center and increasingly is being used to pinpoint what you own in the cloud.

When Foundation is rummaging around your data center, it can associate what kinds of servers your software assets are running on. If you have software licenses that are tied to hardware capabilities, such as Oracle databases that can be licensed based on the number of CPUs in a server, it's easy for Foundation to let you know whether you're in compliance with the license restrictions.

However, if the software is running in the cloud on machines that may change from day to day, moment to moment, over which you have no control, there's no method currently for you to ascertain whether your app is running on an 8-CPU server or a 2-chip machine.  

So, before you merrily send your apps flying into the cloud, check their combined software licenses. If there are CPU restrictions in any of them, maybe those apps should remain grounded in the data center.