Traditionally, many enterprise software licensing agreements allowed an enterprise to use their software as long as it ran within their data center. The concept of cloud and bursting will cause software vendors to request additional tracking of applications (particularly virtual) that are delivered via a 3rd party provider or bursted on to a 3rd party provider.
Many software vendors are leveraging advancements in software licensing technology to bind the application to the virtual machine (server or desktop). This enables dynamic workload allocation and bursting while providing additional security not only for the software vendor but also the enterprise. Knowing what applications are being bursted, what test scenarios will be required, etc. is important for the software vendors. It is also important for the enterprise to know that the additional tests, support calls, etc. will increase the costs of goods sold for the software.
When putting on my Information Security hat, I believe it is vital that an enterprise ask the 3rd party provider what level and types of reporting are available within the 3rd party network to track access control and general audit requirements BEFORE implementing a 3rd party service. More importantly, enterprises need to account for the scenario of who pays for usage fees when you burst to a third party that also is required to license the software...
