Wouldn’t it be great if you could just buy software – once – and use it forever without any more costs except for your own time (or that of your employees) as users? Why are we always being hit with licence fees, upgrades costs, subscriptions fees, security patches, etc.? This article is all about explaining the driving forces behind these costs that sometimes can make your initial outlay looks quite small alongside the ongoing, longer-term fees and charges.
One of the most common reasons to upgrade your software is to access new features that are unavailable in your current version. Perhaps it’s a feature you’ve been hanging out for. Maybe it’s a feature that you (and other users) have been pleading with the developers via their support forums to add. The attractiveness of the new feature, or features, is that it will make your life easier (i.e. save you time) and/or improve the finished product that the software is designed to output (e.g. a newsletter).
Believe it or not, there’s virtually no such thing as “bug free” software. The more lines of code, the more likely there are to be bugs – perhaps even exponentially so. Some bugs are minor – so minor in fact that no-one ever notices them. On the flipside, some bugs are so major that the software is rendered effectively useless for its primary purpose. Some bugs you can work around to still achieve the same final effect – some you can’t.
No professional software developer (that I know!) deliberately introduces bugs into software. Following ‘best practices’ for any given software language or framework is typically a good way to reduce the incidence of bugs – but it’s by no means bulletproof. A ‘best practice’ one day might be trumped by a ‘better best practice’ the next day after flaws are revealed behind the logic of the first.
When you have software that is used by thousands – or millions – of different users in a myriad of different ways every day, then the resources required to test all the millions of usage permutations prior to releasing such software to the public might be prohibitive (i.e. would make the initial software development too costly). This is when your users become your testers. So the object here is to get software to a point that is “good enough” to be released to the masses (perhaps with a ‘beta testing’ phase first), but then with a view to issuing patches and updates in response to user feedback. Users (especially ‘early adopter’ users) will tolerate a certain amount bugs, but certainly reputations can be seriously damaged when too buggy software is released too quickly to too many people.
Another debate is whether the rise of the Internet has permitted sloppy coding practises to become more commonplace. Why? Because the cost of delivering bug fixes over the Internet is now virtually free (i.e. download and install). Prior to the Internet the traditional way of getting software updates out to users was much more expensive: the software developer had to produce new disks and physically mail them out to their user base.
Prior to wide-area computer networks and the the Internet, software ‘security’ wasn’t such a big deal. Someone had to physically break into your workplace (insider jobs notwithstanding!) in order to get to your valuable or sensitive company or client data. The moment you plug your computer into a network (local, wide, or THE ‘Net) the potential for security breaches multiplies massively. And yet, these days, NOT plugging your computer into a network of some sort is not an option. The benefits of having your computer and the software on it communicate with the outside world (generally!) far outweigh the potentially negative consequences.
Security updates are the #1 reason why you HAVE to keep your software updated. Turn a blind eye to this, and not only is your unpatched software and – more importantly – the data stored in it, at risk, but potentially your computer and beyond (i.e. other computers on the same network) could also be vulnerable to malicious outside attack.
A classic mistake is to assume that a well-tuned firewall (hard and/or software) and the latest anti-virus software running on your computer are enough to compensate for a security hole in your software. They aren’t. The point is that if communications have to happen between your software and the outside world, then this IS a way in (and out) of your computer for external hackers to attempt to exploit. The pathways might be well guarded, but they are absolutely not closed. Only physically unplugging your computer from the network (wired and/or wireless) can you guarantee that this kind of attack can never happen.
Here’s another security conundrum: the more popular the software that you’re using, the more attractive it becomes to would-be mischief makers, and therefore the more attention you have to take to pro-actively updating your software with security updates. People used to say that the Apple Mac operating systems were more secure (implying higher quality) than the Microsoft Windows operating systems, and the pointed to the massive list of security updates that Microsoft has issued over the years for its software. The truth of the matter is that Windows software has consistently occupied between 90% and 95% of the global market for years, which makes it a hugely more attractive proposition to hack then other operating systems, i.e. the payback is potentially much larger for any given effort. (side note: if indeed the Apple Mac software is higher ‘quality’, then remember that Apple’s business model is that it tightly binds Apple software and Apple hardware together, whereas Microsoft’s model requires it to ‘support’ a massive array of hardware from a massive range of hardware suppliers – hence a large amount of additional complexity for Microsoft to attempt to manage).
Final word on security updates: they should be done proactively (i.e. when you are alerted that a recommended security patch has been made available), as opposed to reactively (i.e. when the damage has already been done). Therefore either yourself and/or appointed specialists need to be subscribed to official announcement lists, and you (or appointed specialists) need to apply the updates in a timely fashion.
Legislation / Compliancy
A minor point perhaps, but noteworthy all the same. We use MYOB accounting software which helps the books of our business to remain compliant with the Australian Tax Office. But every so often legislation changes that means we have no choice (if we want to stay on the right side of the tax man – and we do!) but to upgrade our software. MYOB must love those legislation changes because some of those essential updates aren’t cheap!
Sometimes external pressures (other than legislation) can force you to upgrade your software. This can happen, for example, when you need to upgrade your operating systems (e.g. Windows XP to Windows 7), but the software you used to run on your old operating system is not supported “as is” after the operating system upgrade. In other words, the software you’re currently running isn’t “forwards compatible” with new technologies that you might have no choice but to embrace.
So hopefully we’ve made a good case as to why updating the software you purchased is both normal and reasonable – and therefore to be expected, or factored in, when making your initial purchasing decision. The key TCO (total cost of ownership) questions you need to consider when purchasing new software in relation to keeping it updated are:
- What are likely to be the typical software costs of keeping my software updated (minor and major versions)? This may or may not vary depending on the number of users of the software.
- What are likely to be the typical labour costs of keeping my software updated? For example: do these updates happen automatically (e.g. Windows Update set to run automatically), or do I need non-skilled, semi-skilled, or skilled persons to perform the updates for me?
Hosted Software – the answer to our prayers?
No discussion about software updates would be complete without a nod in the direction of hosted software. Hosted software can be described as any software you use that isn’t actually installed on your personal computer. Instead it’s installed on one – or many – servers in your home, office, or data centre(s). But let’s make a quick distinction:
- Software that is hosted within your organisation – accessible by, but not on, your PC. For the sake of this analysis, this scenario is no different from software installed on your PC: someone within your organisation has to be responsible for updating the software. So we’ll ignore this one.
- Software that is hosted external to your personal or business equipment, i.e. by a 3rd party vendor on their systems and/or maybe (increasingly likely) in ‘the cloud’. Obvious examples are Gmail, Facebook, Salesforce, Twitter, etc.
One of the attractions of the second model is that the responsibility for installing and supporting software upgrades is 100% in the hands of the 3rd party. Naturally the vendor will factor in the cost of writing the updates and installing/supporting them into the price that you pay (or don’t pay yet, in the case of Gmail and the like). But by utilising software in this way you remove the sometimes considerable headaches, hassles – and responsibility – of software upgrades. Although that’s not to say that these 3rd parties get it right all the time!
The need to update software is almost as inevitable as death and taxes. There are a multitude of models under which software developers make available software updates. Familiarising yourself in advance with the likely ongoing costs of these updates (now that you accept that software upgrades are inevitable!) should be important component of your up-front questioning with any potential software vendor.