As an IT asset manager, getting your software licensing compliance right is key to maintaining a secure environment—just watch out for shadow IT and be careful during hardware refreshes.
The digitization of modern business may be old news, but tech-driven changes in the workplace are far from over. Virtually all major firms depend upon an array of proprietary software and hardware.
In order to ensure legal compliance and airtight security, you need to be aware of what software is used across the company. As an IT asset manager, It’s important to keep close tabs on your licensing compliance, as violations are common and costs can be significant.
The good news is that, with a bit of planning and forethought, compliance is relatively easy to stay on top of. The key is to have the policies in place that let you approach software licensing compliance in a methodical way.
A little ingenuity on your part can save your company a huge amount of expense and heartache!
The Cost Of Getting Software Licensing Compliance Wrong
Licensing is a huge issue. According to a 2018 global study by the Business Software Alliance (BSA), a significant 37% of installed software is unlicensed.
When the focus is narrowed to U.S. business, a smaller 15% of software is unlicensed. This, however, remains a considerable amount considering the number (and sheer scale) of many American companies.
The potential costs are even more concerning. While fines vary depending on the case, costs can run as much as $150k per instance, depending on the nature of the infringement.
In one example scenario, a company running an application on 520 PCs could be subject to $175k in fines if it unwittingly uses just 20 illegal copies of the software. Costs include paying multiple times the MSRP to retroactively license software, audit fees, and various fines.
And this is assuming that the unlicensed software or proprietary snippet thereof doesn’t unwittingly become integral to a marketed product. If that’s the case, fines may be as high as $250k, and significant product delays can ensue.
Don’t Assume Software Licensing Compliance Will Take Care Of Itself
A responsible business can’t assume violations will slip under the radar. Auditing is becoming more frequent. A 2016 study showed that 65% of organizations were subject to an audit in the previous year, with 23% being audited at least three times!
Audits aside, it’s also not unheard of for disgruntled former employees to report companies for licensing violations.
And that’s not to mention the security risk. Various studies point to a strong correlation between the incidence of unlicensed software and greater exposure to data loss.
Image from the 2018 report by the Business Software Alliance
Understanding Types of Software Licensing
With these financial and security risks in mind, let’s go through some common types of software licensing arrangements. The arrangements are too numerous and varied to address comprehensively. Still, it’s useful to have a sense of the various restrictions licenses can put on software.
Temporal
The most obvious restrictions are temporal ones. Is your license subscription-based, perpetual, or tied to a particular project? Be especially careful with trial licenses一while free for a time, your company could be liable if it forgets to obtain the appropriate licenses after the trial period is up.
Scope
Another important class of restrictions concerns scope. Licenses can tie software to a named user, a particular device, a network of devices, a department, or even a whole enterprise.
One of the most common obstacles to full compliance is the use of a product outside of its permitted scope. This may be either by sharing login credentials, or by accessing the software on a device or project not covered in the agreement.
Open Source
Open source software and code is an interesting case. Just because software is free at point of access doesn’t make it free from obligations. While you’re free to use open-source code, you may not be allowed to sell products which use it!
If software has a “copyleft” license (The GNU General Public License, for example), then works using the code must fall under the same license一even if the code is modified.
Application
So much for the licensing arrangements. What are the licenses applied to?
Just about everything. From accounting programs like QuickBooks or Xero to messaging apps like Zoom or Slack, businesses use a myriad of programs for various specialized purposes. As software needs vary from business to business, employees at your company will know best what programs are used day-to-day一authorized or otherwise.
Watch Those Hardware Refreshes
Compliance doesn’t concern software asset managers alone. It’s the responsibility of all involved in technology management, including hardware-oriented ITAMs.
Licensing is particularly important to keep in mind when undergoing a hardware refresh cycle. As software is installed in the new hardware, double-check no gaps are introduced in licensing compliance.
Licensing also comes into play when your company uses dedicated hardware systems. When purchasing such devices, you may need to relicense operating systems which come with them.
Even more risky is selling such systems. If unlicensed software is left on a used hardware system your company is selling, the company could be held liable for the license holder’s lost profits.
Avoiding Common Obstacles to Compliance
There are several common obstacles to compliance.
The first is the sheer number of licenses that can be in play in even moderately-sized firms. Dealing with this is just a matter of organization一keeping track of the thicket of licenses restricting how, when, and by whom work can be performed.
Automated tools are a helpful way to keep on top of this. There are dozens of SaaS products to streamline compliance and audits. ServiceNow and Flexera also have extensions which can help track licenses.
Another obstacle to compliance is “Shadow IT”, the name for software employees use which is not explicitly approved by IT. 80% of workers admit to using unapproved SaaS services, and 35% say that doing their job involves working around security.
As well as being a general security risk, this opens the door for surprise license violations. Make sure your company has a clear and effectively communicated policy regarding new software. Consider arranging an internal audit to get a sense of what programs your company’s rank-and-file employees are using.
Other things to consider:
- Be especially careful during hardware refreshes, as it’s a particularly delicate time for compliance. Consider getting someone experienced involved, like an ITAD firm. ITAD firms can also help with the security aspect of data wiping, allowing you to hit two birds with one stone.
- Do you have E&O (Errors & Omissions) insurance? If so, is it enterprise-wide, and does it cover software copyright infringements?
- How clear are your company’s policies regarding copying software and sharing login credentials?
- Do you have a means for obtaining proof of purchase when you buy or renew a license?
Ace Your Software Licensing Compliance
The potential consequences of licensing violations can be daunting. Thankfully, compliance is just a matter of organization and clear policy. Also, the proliferation of license management software means that it’s less of a chore than it used to be.
When it comes to licensing, a little effort goes a long way. The methods and processes which go into license management are also needed to ensure security and to reduce costs. Cracking down on shadow IT, for instance, helps your company avoid costly fines while also preventing data breaches.
In the end, ensuring compliance requires nothing more or less than responsible management. If approached carefully, you can save your company a lot of trouble.
Horizon Technology is an industry-leading ITAD firm that understands your organization’s needs from an ITAM’s perspective. Get in touch with Horizon for comprehensive support around secure, responsible asset disposition.
