Software License Compliance: Five Essential Steps

Software License Compliance

According to the 2011 Global Software Piracy Study published by the Business Software Alliance (BSA), nearly one out of five software programs put into service in the United States is illegal. The subject of software piracy, and how software is pirated, was commonly misunderstood by many not so long ago. But vigorous efforts over the last two decades by two software industry trade associations, the Business Software Alliance and the Software & Information Industry Association (SIIA), and by individual software vendors has improved the level of awareness – if not understanding – on the issue.

Common Forms of ‘Corporate’ Piracy

In the workplace, employees sometimes share copies of company software with each other without going through proper channels to obtain licensed copies. Or they may bring personal copies from home to work and load them onto their computers. These actions are common forms of software piracy that are often carried out with little or no forethought about anything other than the need to accomplish work on schedule. Employees look for the most convenient way of getting things done. They also sometimes download unlicensed software from the Internet. Although the employees may not have intended to commit piracy, their actions can still put an organization at risk.

Other acts of software piracy can occur when an organization expands or changes personnel. Licensing details can be forgotten or overlooked during times of change, leading to careless installs of unlicensed software. Especially in times of economic downturn, organizations might engage in cost cutting practices that lead to unlicensed use of software.

Pirated software is not simply software that has been counterfeited for resale, but includes any unlicensed use of software by individuals in any setting. But, thankfully, there are steps that you can take to protect yourself from legal exposure and risk.

The Fast Track to Software License Compliance

1. Collect proofs of ownership

  • Purchase orders
  • Paid invoices
  • Retail and other receipts for purchase
  • Volume purchase licensing contracts
  • Original license certificates

When identifying “proofs of ownership” care should be taken to avoid overlap in the various proofs used to demonstrate software license compliance. Purchase orders, paid invoices and receipts for purchase should be checked to determine whether they refer to a common purchase or to separately licensed copies. Likewise, with Volume Purchasing Contracts: if you use mixed proofs to justify separately licensed software you must be able to demonstrate that they do not refer to the same transaction. Original License Certificates are unique and generally associated with retail purchased software. These certificates presumably demonstrate that you have obtained a legitimate copy of the software – but this assumes that the certificate is not counterfeit, and that it has come into your possession through a purchase. Certificates are actually not a very strong proof of ownership, even if rarely disputed in practice.

Software License Management

Microsoft informs us in their SAM Brief that “Proof of License for Microsoft Software typically consists of a paid invoice or receipt in either an electronic or physical form… [it] provides proof that your organization bought the licensed software from Microsoft or an authorized reseller and that the software license was paid for”. Proof of ownership comes down to purchase records – “show me the money”.

Serial numbers are not proofs of ownership. They are useful to identify copies of software and their source and they are sometimes helpful when purchasing upgrades. But auditors will not accept the existence of serial numbers as proof of ownership. Additionally, original media (CDs, diskettes, and documentation) is less useful in today’s world of volume purchase contracts and multiple license packs, and is generally unreliable in counting numbers of licenses.

2. Audit Installed Software

Systematically inspect every:

  • Desktop
  • Portable
  • Virtual computer
  • Server
  • Personal computer/device used for company purposes

Software auditingSteps one and two can be reversed or carried out simultaneously (proofs of ownership and software audits). Both must be completed prior to reconciling and proving license ownership in step three. You will need an exhaustive list of all copies of software and their version numbers installed on all computers in your organization. Later we will discuss tools that you can use for this task. Once you have completed steps one and two you are ready to discover how much of your organization’s installed software is legally licensed.

Personally owned computers used for work pose a special problem. Such devices may have a mix of software purchased personally and by the company. Whether an outside audit would or would not have access or jurisdiction over these devices is not always clear. But such jurisdiction can be associated with software licensing agreements that grant secondary use rights – the right of a user to install and use the software from a second device. But here we are focusing on an internal company compliance effort, so company policies regarding personal devices used at work should be clearly stated and enforced.

3. Reconcile the Software Audit & Proof of Ownership records

Compare and match the following items:

  • Software Product Names
  • Version Numbers
  • Types of Licenses (Per-device, Per-user, Concurrent use, other models)

Compare the items in list three between your audit list and ownership proofs list for matches. The goal of step three is to discover any software installed or in use within your organization that cannot be traced back to an acquired license. And when it can be traced to a license, you must note whether your organization has acquired sufficient entitlements to cover all copies discovered in the audit. When unlicensed software is discovered, you must decide whether to buy a license or delete the software. That’s it in a nutshell – you’ve established momentary compliance. This is easy to describe, extremely difficult to accomplish – unless you employ the use of automated auditing and usage management tools (more on that subject later).

Software License Compliance

A Long-term Solution – Steps 4 & 5

4. Establish Corporate Culture

  • Publish corporate policy
  • Have employees agree to and sign it
  • Centralize purchases
  • Store purchase contracts, license certificates, purchase orders, invoices, receipts
  • Detect and manage employee software installs

There is nothing that can replace the value of well designed and active anti-piracy education among all members of your organization. Their understanding of the liability and the policies that address it will go a long way toward reducing risk. Add to that the organizational discipline of recording ownership as purchases occur and you will create the important foundational basis upon which your company can build an effective software license compliance program.

5. Manage Ongoing Usage

  • Determine ownership (department, division, or corporate)
  • Manage correctly by type of entitlement
  • Who should have access to each software product?
  • Identify waste, reclaim & redistribute
  • Predict needs and purchase accordingly
  • Track computer obsolescence and stop buying software
  • Track software usage and analyze for optimization and cost reduction

Before you can effectively manage software usage to comply with your software licenses you must first know who owns the licenses. You must determine whether licenses have been purchased for use within specific departments, divisions, or regional areas of your organization or whether you are free to use it anywhere within your company.

Next, you must understand what type of licenses your organization owns. Site licenses (licenses that can be installed anywhere within your organization) can, in some respects, be the easiest to manage. However, unless you are careful to determine true usage requirements, site licenses can hide budgetary waste with over-licensed products. Concurrent-use licenses (licenses that can float from user to user) are also convenient but they require a software license management tool that is able to track and manage a real-time usage limit. Per-computer (node locked) licenses (licenses which must be locked to specific computers) are sometimes the most expensive IT asset your organization owns and can create the biggest legal risk if not properly managed.

In the next section we will discuss how to effectively manage all of the major types of software licenses to reduce legal risk, lower ownership costs, and soften the fears and resistance of software publishers to offer license models that are truly useful to your organization.

Effective Software Asset Management

It is easy to understand, from the material we have covered so far, that effective software asset management (SAM) of a multitude of software programs within a diverse and ever-changing user community can be a complex task.  K2 – KeyAuditor & KeyServer, from Sassafras Software, simplifies the task by breaking down software asset management into three essential elements: computers, software products, and license entitlements.

KeyAuditor, K2’s comprehensive software auditing service, integrates enterprise-wide software and hardware audits with K2’s license Policy management.  Using a transparent auto-discovery protocol, K2 runs scheduled audits to automatically keep information current for desktop, portable , and virtual computers. Then K2’s software Product Recognition Service (PRS) provides up-to-date software product definitions for convenient product identification and management.  K2 automatically discovers and identifies tens of thousands of software program files and aligns them to software product definitions, while hardware audits provide details about operating system revision, computer configuration, computer asset tag, and location data.

KeyServer, K2’s award-winning software license management tool, centralizes software asset management across multiple operating systems and on both virtual and physical devices.  The intuitive administrative interface permits management of one or more license policies for each software product and version.  K2 then tracks deployment and usage company-wide.  An enforcement option automatically manages software license compliance for each policy.  K2 will help your team to quickly reclaim and redeploy abandoned software licenses and reduce the cost of software throughout your organization.

K2 reduces the risk of  software piracy.  It creates a supported working environment where everyone can gain convenient legal access to software to accomplish their work efficiently.  And it can enable your organization to achieve remarkable cost savings through use of its software license optimization tool set.

Tags: , , , ,

No comments yet.

Leave a Reply