Software Licensing Tips to Reduce the Risk of Legal Action

September 28, 2016 Security and Compliance, MOVEit

If you require software licensing tips, don't expect your software vendors to be of any real help, given the prevalence of outsourced call centers by many of the world's global players. If you can understand the accent of your assigned contact, congratulations! You have passed the first level in a game evidently designed to avoid the customer at all costs, at least initially.

Once purchases are made, the game begins in earnest with you, the loyal customer, targeted as possible pirates with audit requests and licensing requirements that would challenge Stephen Hawking on a good day.

"I have represented companies ranging in size from two-person lumber suppliers to some of the largest companies in the world and they all struggle with what seems like unnecessary license complexity," said Robert J. Scott, managing partner at Scott & Scott, LLP, a law firm that specializes in defending software audit cases.

"Many of my clients spend millions of dollars a year to track and manage licenses and even with that level of investment, understanding the complex and ever shifting licensing rules is a challenge," said Scott.

He refers to this investment as a "compliance tax" imposed on customers by software vendors.

How can companies remain in the bounds of legality as licensing requirements change? Can shadow IT be eliminated? Are there any software licensing tips that will help?

Pirates of the World Unite

A recent BSA survey claimed that 39 percent of software installed on computers around the world is not properly licensed, a reduction of just 4 percent from two years earlier.

Software vendors are of course entitled to expect payment for their software, but their licensing and audit penalty tactics leave a lot to be desired and are unlikely to inspire brand loyalty. The real pirates, who mass-produce software for sale online and in markets throughout Asia, are unaffected since customers are an easier target. There are several ways to protect your company from expensive litigation but some are easier to achieve than others.

Define Your Vulnerabilities

Firstly, all companies need to identify their potential weaknesses in terms of software licensing, whether it is shadow IT, location of physical licenses or related purchase orders. In addition, the use of virtualized environments complicates license management.

"Capacity and hardware-based licensing metrics are commonplace in the data center. A company facing financial pressure from a vendor over licensing for virtual data center operations will need to fully understand the legal and business issues surrounding the publisher's claims," said Scott, who added that assessing the strength of the software vendor's legal claims are key to developing the best strategy.

Open Source?

Secondly, the use of open-source software has no contractual implications for companies or users except for some distribution rules. Unfortunately, open-source solutions are not available for many key applications or, if they are, do not include all the features and support. Still, it's an option that would hit commercial software vendors where they live and perhaps leads to a change in attitude for audit frequency and related penalties.

However, open-source software is not practical for many and leads to the next problem, shadow IT, where software is unwittingly or deliberately installed on computers without the proper license. In some cases, these beady-eyed, cheese-eating users inform the BSA and other organizations that the company is stealing software (as they stole it themselves). Secure in their anonymity and pending reward, they avoid all risk.

What Do You Need?

Therefore, any IT solution that will successfully protect your company against licensing audits and related expenses needs to:

  • Lock down systems to prevent unauthorized software installs. Some claim that this reduces productivity but as long as each user has the licensed software necessary to perform their tasks, it becomes a nonissue, especially if a pool of additional software is provided for temporary use in sandboxes and other development environments.
  • Ensure that all hardware and software assets are cataloged, updated as needed and audited regularly.
  • Ensure that licenses and related purchase order information is readily available as auditors are only concerned with tangible data. You can try "Our IT department was involved in a philosophical debate on the concurrent rise of the Fifth Reich and auditing practices when a nearby hard drive went rogue and teleported elsewhere, taking all our licensing data with it," but it rarely works.
  • Allow for sub-capacity licensing or other situations where server licensing is determined by server hardware performance rather than instances of use.

According to Scott, it is possible to negotiate licensing terms with software publishers, with the best deal accomplishment with multidisciplinary teams including IT, asset management, finance, legal and procurement. Smaller companies will not have all of these departments and are the easiest targets of all for audits, being more easily intimidated than their enterprise counterparts.

"The worst deals I see are those that are hastily entered into with the involvement of lawyers without expertise in software licensing," said Scott.

As he pointed out, every time a publisher audits a customer it sours the relationship, and software manufacturers who can protect their intellectual property without aggressive audits will have a competitive advantage over those who prefer to antagonize customers.

In the meantime, in my opinion, the best defense is a good offense. Treat software vendors as you would any external cyberthreat by limiting or eliminating use of their software. If this is not possible, use a third-party solution for asset management and software licensing.

As Scott predicted, cloud-based asset-management solutions are likely to reduce deployment disputes as adoption increases. In the meantime, can you confidently state that your company is compliant and unaffected by shadow IT?

Michael O'Dwyer

An Irishman based in Hong Kong, Michael O’Dwyer is a business & technology journalist, independent consultant and writer who specializes in writing for enterprise, small business and IT audiences. With 20+ years of experience in everything from IT and electronic component-level failure analysis to process improvement and supply chains (and an in-depth knowledge of Klingon,) Michael is a sought-after writer whose quality sources, deep research and quirky sense of humor ensures he’s welcome in high-profile publications such as The Street and Fortune 100 IT portals.