||Add To My Personal Library
August 1, 2008
Vol.30 Issue 31|
Page(s) 1 in print issue
Software License Compliance
Stay On The Right Side Of The Law
But a new study by King Research reveals most respondents do not feel confident about their compliance with software licensing agreements.
In fact, many survey respondents were not confident they could pass a software compliance audit. In today’s budget-constrained times, administrators may put software license compliance issues on the back burner, a potentially costly decision if an audit reveals a lack of compliance.
Software License Compliance Basics
So what should data center administrators and CIOs at small to medium-sized enterprises know about software license compliance? For starters, decision makers should understand that the penalties for noncompliance can be quite severe. Rob Meinhardt, CEO and co-founder of KACE (www.kace.com), says administrators may be held personally liable, meaning fines, confiscated assets, or even jail time, if they knowingly have unlicensed software on their network.
Just because a business is small doesn’t mean software licensing issues are not a concern. Andi Mann, research director at Enterprise Management Associates (aka EMA; www.enterprisemanagement.com), says SMEs need to know as much as large enterprises because the challenges are fundamentally the same. “They are facing many or all of the same threats—compliance, fines, punitive license costs, security exposures—and need to treat their licensing just as seriously,” says Mann.
Also, administrators should be cognizant of the costs that a software compliance audit can incur. Scott Rosenberg, CEO and founder of Miro Consulting (www.miroconsulting.com), says, “Audits can cost anywhere from several thousand to a few hundred thousand to millions of dollars.” Just one software compliance audit that ferrets out numerous compliance findings could drive a company clear out of business.
The biggest mistake administrators at SMEs can make is assuming they will not be audited because they are small, says Jing To, senior product marketing manager at BDNA (www.bdnacorp.com), a provider of IT infrastructure insight and analysis solutions. In fact, adds To, the fines incurred from being out of compliance can be many times higher than the time and money spent putting in place the processes and technology to ensure compliance.
Another common and costly mistake is the overbuying of expensive software packages just to make sure a business is in compliance, says KACE’s Meinhardt. The main reason behind overbuying is to provide the business with a protective buffer in case it is ever audited, he adds. This is an unnecessary expenditure that the company can avoid by implementing a better way to track and manage software purchases.
Technology can be a godsend, and this holds true for software license management. According to EMA’s Mann, one common mistake businesses make is relying on static, manual processes, such as spreadsheets, to manage their software licenses. In fact, says KACE’s Meinhardt, trying to track software licensing compliance using spreadsheets for even a small, growing business is “a recipe for disaster.”
Miro Consulting’s Rosenberg points to overspending or underlicensing due to poor planning, failing to pay attention to the fine print in licensing agreements, and not keeping up with changing licensing rules as mistakes businesses commonly make.
Getting It Right
Software license compliance is certainly a tough issue to manage. So what should SMEs with limited budgets and resources do in order to keep themselves in compliance and out of trouble?
According to KACE’s Meinhardt, “Effective license compliance requires both clearly defined and communicated policies, as well as the tools to back them up.” He says organizations need to establish and communicate software purchase and installation policies and clearly communicate that unauthorized and unlicensed software on corporate systems is unacceptable. Finally, he adds, SMEs need tools that allow administrators to effectively deploy and track software, assign and track the corresponding licenses for installed software, and provide the reconciliation capabilities needed to demonstrate license compliance.
EMA’s Mann says manual procedures, even for smaller businesses, are not reliable. So, he says, SMEs need to automate the process by using active discovery tools that find both authorized and unauthorized deployments.
But, says Jeremy Soref, senior product manager for software DRM (digital rights management) at Aladdin Knowledge Systems (www.aladdin.com), “the implementation of comprehensive compliance systems may be beyond the resources of many SMEs, particularly those at the smaller end of the spectrum.” Soref recommends users with limited resources obtain self-enforcing software licenses based on software DRM. These tools provide monitoring and management capabilities that can help SMEs stay in compliance and even analyze their existing capacity, he says.
Miro Consulting’s Rosenberg says the key to remaining in compliance is “software asset management.” He recommends that administrators have an outside software licensing consultant conduct annual audits. Creating a repository of information on software assets and keeping all documentation, such as proof of ownership and copies of all SLAs (service-level agreements), can help businesses stay in compliance. Rosenberg recommends that businesses reconcile this information at least every six months. He adds that automating the process with a discovery tool to identify where software is installed in the enterprise can help a business remain compliant as needs change.
Teamwork is also critical to success. BDNA’s To says the procurement department and the business need to work together to ensure business needs are met with the most optimal price from the vendor. But, he says, both sides need to have reliable information automatically gathered from the environment, such as information on software deployments (what has been deployed and where has it been deployed), how rapidly the software is being adopted, and how much it is used, if at all.
“Without this information, it is difficult for both sides to make effective decisions without negatively impacting the business,” says To.
Staying compliant with software licensing agreements is a must in today’s world, given the prevalence of software and the ever-increasing complexity of IT infrastructures and licensing agreements. A combination of automated discovery technology, good policies and procedures, and plenty of diligence are the recipe to software license compliance success.
by Sixto Ortiz Jr.
You Have A Software Audit. Now What? |
Here are a few tips and hints to prepare for a software compliance audit:
• Providing detailed, up-to-date information about applications installed on all systems and their licenses, combined with change history reports, can give you the upper hand in an audit, says KACE’s Meinhardt.
• Keep your head. Also, retain a software licensing/compliance consultancy that specializes in the software platform being audited, says Miro Consulting’s Rosenberg.
• Rosenberg also recommends setting up a single point of contact and communicating with the software vendor.
The Impact Of Virtualization |
As if software license compliance wasn’t difficult enough, now administrators must contend with a new wrinkle: virtualization. Andi Mann, research director at Enterprise Management Associates (www.enterprisemanagement.com), says virtualization rewrites the whole licensing methodology: Licensing paradigms are more complex, there is more software to worry about, it is easier to deploy unlicensed software, and it’s much harder to detect what has been deployed. Also, he adds, deployments can happen in the blink of an eye and can move around and disappear very quickly.
Rob Meinhardt, CEO and co-founder of KACE (www.kace.com), says virtualization makes it much easier to create new systems, rapidly multiplying the number of systems the SME must track and reconcile. And because these machines are virtual, they are extremely difficult to detect with physical inventories.
Finally, virtualization is a relatively new technology, so many software vendors have not yet defined licensing policies for virtual systems. Scott Rosenberg, CEO and founder of Miro Consulting (www.miroconsulting.com), recommends that administrators use experts to assist with the management of software assets when they use virtual environments.