What Is Cloud Cost When Your Vendor Audits You Into a Corner?
Here's the thing about cloud cost that nobody puts on a slide deck: it isn't just the monthly bill. It's the hidden tax you pay when your software vendor decides to come knocking with a clipboard and a subpoena.
Allstate Insurance just made that painfully clear. The insurer walked away from VMware and CA software — both Broadcom products — right around the time the acquisition closed in late 2023. The move made sense on paper: migrate workloads, cut licensing overhead, stop paying for software you're not using. But what Allstate didn't expect was the bill that came after.
Four simultaneous license audits. Two copyright infringement lawsuits. One very expensive legal battle that won't wrap up until at least May 2027.
This is what happens when cloud cost optimization collides with aggressive vendor enforcement. The numbers on the invoice are one thing. The legal fees, the operational disruption, the sheer chaos of defending yourself against a vendor who's decided you owe them money for software you stopped using three years ago — that's the real cost.
The Exit: Walking Away From VMware and CA
Allstate's story starts the way these stories usually do — with a vendor relationship that went sour. Broadcom acquired VMware in November 2023, and around the same time, Allstate began planning its exit from both VMware and CA software.
Let's be clear about what that means in practical terms. Allstate wasn't just canceling a subscription. They were dismantling an entire software estate — removing VMware instances from their environment, migrating workloads elsewhere, and essentially declaring independence from a vendor that had become part of a much larger company with very different priorities.
The insurer told Broadcom on October 1, 2025 that "all VMware instances have been terminated and removed" from their enterprise license agreement environment. That's not a half-measure. That's a full stop.
Now, here's where things get interesting — and where the cloud cost conversation gets complicated. Allstate also sold its Employer Voluntary Benefits business to StanCorp. That transaction triggered a separate allegation from CA: that Allstate had breached its contract by transferring licensed software to a third party without permission.
So Allstate wasn't just leaving VMware. They were untangling themselves from the entire Broadcom ecosystem, and they did it in a way that gave CA grounds to sue.
The Audits: Four Probes, One Insurer
In April 2025 — right around the time Allstate was making its exit official — Broadcom advised the insurer of its intent to audit. Not one audit. Four.
The probes covered Tanzu, VMware, Agile Operations, and Mainframe. All under Broadcom's umbrella.
Allstate's response, according to court filings, was straightforward: they didn't have the resources to respond to four simultaneous probes. Think about that for a second. A Fortune 500 insurer, drowning in audit requests from a vendor they're actively trying to leave.
The timing is what stings. Allstate alleges in a June 12, 2026 filing that Broadcom initiated these audits "once it was aware that Allstate did not intend to renew its contracts with VMware or its sister company, CA." In other words: you can't audit us for not paying for software we're leaving.
Broadcom's counter-argument is equally blunt. They claim Allstate "stonewalled and withheld the requested materials" throughout August and September 2025, despite weekly follow-ups from VMware. The insurer's audit questionnaire, according to Broadcom, was "woefully incomplete."
The Lawsuits: CA and VMware Both Come Knocking
By May 2025, CA had filed a copyright infringement lawsuit alleging contract breach — specifically tied to the StanCorp sale. The argument: Allstate transferred licensed software without authorization, and that's a violation of their agreement.
Then in December 2025, VMware filed its own copyright infringement suit. This one was about audit non-compliance — the claim that Allstate didn't fulfill its contractual obligation to participate in license audits.
Two lawsuits. Two different Broadcom business units. One insurer caught in the middle.
This is the cloud cost reality that finops teams need to understand: when you're negotiating your software estate, the exit strategy matters as much as the entry. You can optimize costs by leaving a vendor, but if you leave badly — if you don't honor contractual obligations, if you transfer licenses without permission, if you ignore audit requests — the savings evaporate faster than you can spend them on legal fees.
The Escalation: Dropping VMware Like a Hot Potato
September 12, 2025. That's when Broadcom alleges Allstate did something dramatic: they removed VMware from all devices.
October 1, 2025. Allstate told Broadcom that "all VMware instances have been terminated and removed" from their ELA-governed environment.
Here's the twist: after removing VMware, Allstate claimed Broadcom's audit scripts wouldn't work. Fair enough — if you've deleted the software, the detection tools can't find it. But then Allstate completed an audit questionnaire anyway. Broadcom says that questionnaire was incomplete.
So what are we looking at here? An insurer that removed the software, claimed the audit was impossible, but still filled out a form? Or a vendor that's trying to extract value from a customer who's already walked away?
The answer depends on which side of the courtroom you're sitting on.
Allstate's Retaliation Claim: The Audits Came After the Exit
Allstate's June 12, 2026 filing lays out their theory of the case pretty clearly. Broadcom didn't audit them because they suspected non-compliance. Broadcom audited them because they found out Allstate was leaving.
The filing accuses Broadcom of making "vague, competing, and contradictory demands of Allstate, often in direct violation of its contractual agreements." That's strong language. It suggests a pattern — not just one bad audit, but a systematic effort to pressure the insurer into compliance (or payment) after the relationship had already broken down.
For anyone managing cloud cost and software licensing, this is a cautionary tale. Vendors have the right to audit. Contracts give them that power, often extending beyond the term of a license agreement. But there's a difference between legitimate enforcement and what looks like retaliation.
The question Allstate is asking — and the one every enterprise should be thinking about — is: at what point does an audit become a weapon?
The Broader Pattern: VMware Quitters Are Everywhere
Allstate isn't alone. T-Mobile, Tesco, Western Union — all big VMware customers who've left under less-than-friendly terms. The pattern is recognizable: Broadcom acquires a vendor, raises prices or changes licensing terms, customers bolt, and then the audits start.
VMware points to major clients like the London Stock Exchange and Nationwide Bank as evidence that enterprises still trust them. AWS even added support for VMware Cloud Foundation 9.x this week, signaling continued investment in the platform.
But the exodus continues. And every departure carries the same risk: the vendor you're leaving will come after you with everything they've got.
What's Next: Dispositive Motions by May 2027
Both cases are moving toward dispositive motions — essentially, attempts to resolve the lawsuits before a full trial. Courts have proposed that both matters adopt the same timeline, with dispositive motions scheduled no later than May 17, 2027.
Alternative dispute resolution was attempted in both matters. It didn't work.
So Allstate and Broadcom are heading to court. And while that battle plays out, the broader question remains: what is cloud cost when your vendor decides to audit you into submission?
The answer, apparently, is: whatever it takes to defend yourself.