News & Insights

COALITION INSIGHT: Software Choice is Critical to Cyber Resilience

Software Choice is Critical to Cyber Resilience

Restrictive Software Licensing Undermines Customer Cybersecurity

By Ryan Triplette, Executive Director, Coalition for Fair Software Licensing

When people think of cybersecurity threats, they tend to think of foreign hackers or rogue employees. What few realize, though, is that one of the most serious emerging threats to an organization’s cyber resiliency plan is restrictive software licensing that limits an organization’s choice of security products.

How Restrictive Licensing Practices Harm Customers

In recent years, some legacy software providers have utilized restrictive software licensing practices to compel customers into adopting their security and cloud products. According to a Morning Consult survey, almost 70 percent of tech decision makers who have experienced unfair software licensing practices said that unfair licensing terms restrained their ability to roll out new features or products.

The immediate impact of these practices is limited customer choice – of preferred cloud providers, software vendors, and security products. While this alone raises concerns meriting attention, the long tail effect of limited choice is becoming increasingly known; namely, increased customer vulnerability to cyberattacks.

Cyber resiliency is defined as, “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” To ensure cyber resiliency, customers need to ensure that they have not only a diversity of cyber products, but also vendors with seamless integration capabilities. Here’s how restrictive software licensing practices pose a threat to customers meeting those needs:

Vendor Lock-In and Tying of Security Solutions

Vendor lock-in occurs when customers cannot easily change vendors, generally because switching would be either too costly or complicated. Vendor lock-in holds customers to the status quo against their wishes and allows vendors to capitalize on customer dependencies to condition – or tie – the sale of dominant core products at discounted prices to purchase agreements for products in adjacent markets.

Increasingly, legacy software providers, particularly those with leverage over government customers, are conditioning discounts for dominant software products on customer adoption of a bundled suite of adjacent product offerings, including their cybersecurity and cloud solutions. For example, Microsoft packages its security products with their productivity suite with a bulk discount conditioned on the customer’s use of Azure. Given both the importance and dominance of Microsoft’s productivity suite, enterprise customers become locked into those security products as they try to extract the most value out of their purchase. Over time, it becomes more difficult to replace security products or switch cloud providers that are embedded across customers’ networks and security operations.

Vendor lock-in and product tying can prevent customers from adopting potentially more secure, and certainly diverse, product offerings. As CrowdStrike’s co-founder and CEO George Kurtz recently noted when discussing the threats to customers being forced to put all their eggs in one basket. “…This can be a real risk to the company, using both Microsoft for security as well as applications, cloud, and everything else.”

There was considerable coverage of the company’s security practices in October of this year when Microsoft confirmed a misconfiguration exposed troves of sensitive business data for more than 65,000 customers. However, the more concerning demonstration of this risk is the number of vulnerabilities that the company discloses on a monthly basis, including as recently as this month when it acknowledged six zero-day vulnerabilities that were being actively exploited.

Impeding Interoperability

A “single point of failure” is a vulnerability that, if exploited, can bring down an entire system. A diverse and interoperable cybersecurity ecosystem enables customers to benefit from innovation by enabling the rapid integration of best in class cybersecurity solutions. That is why it is critical for IT architecture to be built with interoperability in mind. Otherwise, we will continue to see cyber attacks that prove that software designed with limited integration capabilities is “one of the primary reasons why ransomware attacks spread from single machines to entire organizations unchecked.”

Unfortunately, many cloud customers are learning that their existing software and security products – which were originally compatible with other systems – have diminished integration capabilities at the very time when interoperability is more important than ever. For example, in a June 2020 blog post, Matt Stoller shares a note from one of his readers – a cyber security professional for a Fortune-100 company – describing how Microsoft made it “incredibly difficult” to integrate with the Splunk logging platform before launching a logging platform of its own.

Limiting integration capabilities to foreclose the utilization of competing products puts customers in a precarious position because, in the event of a breach, responders cannot access and deploy the best resources to remedy the situation if they cannot interoperate.

Solutions Are Within Reach

Widespread dependence on certain software reinforces the effect of vendor lock-in and product tying. Legacy software providers can, and increasingly do, leverage their customers’ dependence on software to grow their share of adjacent markets, such as what we are seeing in the cybersecurity sector.

The good news is that commonsense, effective solutions are within reach. Ninety percent of technology executives and directors support the adoption of the Principles of Fair Software Licensing as industry best practices to preserve customer choice. By adhering to these Principles, software providers can empower their customers to implement the best cybersecurity solutions.

In a world of persistent cyber threats, these Principles represent any organization’s best chance at protecting itself, both on-premises and in the cloud.

As a healthcare software provider, our ability to utilize the cloud provider of our choice impacts more than just our business – it affects the health and well-being of patients everywhere. Restrictive software licensing imposes real-world threats like pricing increases that directly influence how we are able to assist healthcare providers and the patients they serve. We support the Principles of Fair Software Licensing to protect both cloud customers and the communities they serve.

Healthcare Technology Company

Cloud computing has brought low-cost, on-demand IT services to every corner of the economy, raising productivity and innovation levels at enterprises of all sizes. And intense competition and innovation among cloud providers continues to drive costs down while adding new customer capabilities.

But some incumbent IT vendors are imposing restrictive software licenses to limit how customers can take advantage of competing cloud offerings.

NetChoice supports the Principles of Fair Software Licensing as a roadmap to drive innovation, serve customers, and promote competition in IT services.


Frustration, use limitations, threatened audits, and significant additional expenses. That has been our experience with unfair software licensing. Organizations need transparency from their software providers.

We support the work of the Coalition for Fair Software Licensing to protect customers and ensure IT spend is effective and free from surprises.

Global Building Materials Supplier

Unfair software licensing practices in the cloud are a global issue, and CISPE is pleased that the Coalition for Fair Software Licensing is taking the Principles to North America.

Originally launched and jointly conceived by customers and cloud providers in Europe, we encourage customers around the world confronted with unfair software licensing practices to consider the Principles as a powerful framework for positive change.


As start-ups, it is essential that we retain flexibility to use the cloud infrastructures that fit best our aspirations and those of our customers. The Principles of Fair Software Licensing help the next generation of software and service providers to avoid lock in and ensure a fair playing field for all. Seeing their adoption in North America adds weight to this important movement for innovators in Spain and worldwide.

Carlos Mateo Enseñat

President, Asociación Española de Startups (AES), and Promoter of the NUBES Initiative in Spain

Developed in Europe by CIOs and cloud providers, the Principles of Fair Software Licensing are supported by digital organizations in Italy such as Assintel. Assintel welcomes the Coalition for Fair Software Licensing’s embrace of the Principles in North America. Fair licensing of software in the cloud is a global issue for businesses of all sizes. In Italy, our government recognises this challenge and just updated its antitrust bill to put an end to unfair software licensing practices.

Businesses in North America can benefit just as well as those in Italy from a best practice framework for software licensing.

Paola Generali

President, Assintel

As a longtime advocate for open systems and open networks, CCIA supports the competitive ideals reflected in the Principles of Fair Software Licensing for Cloud Customers as the Coalition embarks upon its efforts in North America.

Matt Schruers

President, CCIA

Some legacy software providers are attempting to extend their current on-premise market dominance into the cloud market through aggressive and restrictive contracts, licensing terms, and software audits.

While many promote ‘cloud freedom,’ in actuality they are employing tactics designed to lock out competition and innovation while increasing profits for themselves at the expense of their customers. No longer can legacy software providers be allowed to disguise their predatory practices.

I am proud to align myself with the Coalition for Fair Software Licensing in shining a light on these issues and putting forth actionable solutions.

Craig Guarente

Founder and CEO, Palisade Compliance

Despite the current spotlight on antitrust issues in Washington, behemoth software providers continue to misuse their legacy status and market power to target business customers with predatory audits and trap those customers in restrictive licensing agreements.

Through our practice — dedicated to representing software licensees against these very tactics — we have seen first-hand the real world effects of such licensing practices. Both growing and established companies are routinely kneecapped by unexpected costs, forced to waste immeasurable resources in spurious audit defense, and stymied in their efforts to make the technology changes they believe are necessary for their business.

We support the Principles of Fair Software Licensing and believe they represent an excellent and necessary step towards much needed business consumer relief and will help open the market to smaller providers in the cloud ecosystem.

Arthur S. Beeman & Joel T. Muchmore

Founding Partners, Beeman & Muchmore, LLP

Consumers benefit from a competitive, dynamic information technology marketplace. Competition drives innovation and ensures that customers get the benefit of fair pricing.

Overly restrictive, abusive licensing agreements from IT companies with market power, on the other hand, impose costs on government and corporate customers of reduced innovation and long-term price increases. We support the Principles of Fair Software Licensing and policies that encourage innovation, competition, and licensing practices that give customers the freedom to mix and match solutions from a wide variety of vendors.

This is particularly critical in the market for cyber security solutions since hackers are innovating every day, leveraging new strategies, new tactics, and new technologies to support their illegal campaigns. The only way to defeat nation states and trans-national criminal organizations is for the government to ensure that the IT market for cyber security is as competitive as possible and customers have the freedom to choose.

Cybersecurity Provider

The Alliance for Digital Innovation supports the Coalition for Fair Software Licensing’s efforts to protect customer choice and advocate for access to modern, secure commercial solutions.

As advocates for public sector customers, we think that government mission owners and enterprise information technology and cybersecurity leaders should have access to as many modern commercial solutions as possible.

These solutions are critical components to driving digital innovation and security in the public sector, and ADI supports removing barriers that slow adoption of those solutions, including restrictive licensing practices.

Alliance for Digital Innovation

As an attorney, I have represented enterprise software customers for years and have routinely seen enterprise software companies deploy predatory business practices, including falsely inflating alleged non-compliance gaps, to increase profits and limit customers’ ability to go elsewhere.

These practices produce causal effects throughout the economy including increased prices, as businesses across various sectors are forced to spend resources dealing with these unforeseen issues. I support the work of the Coalition for Fair Software Licensing to help my clients and enhance an economy that provides opportunities to all.

Pam Fulmer

Founder and Partner, Tactical Law Group LLP

We believe licensees should be able to deploy licensed software in a way that best suits their business, including their choice of cloud provider at no additional cost. Having experienced licensing practices inconsistent with the Principles of Fair Software Licensing, we support the Principles and urge others to support both them and the Coalition for Fair Software Licensing.

Insurance Industry Business

Startups, often operating with limited resources, need the freedom to assemble the technology infrastructure that best suits their needs.

Cloud computing infrastructure is central to startup growth, and the Principles of Fair Software Licensing will help maintain accountability, mitigate unnecessary costs, and promote innovation in this environment.

Industry-wide adherence to these principles will level the playing field for startups.


Get Involved

Learn more about joining the Coalition or expressing support for its Principles