How to achieve software license compliance

Ekaterina Mizrobova

Introduction

Software non-compliance and piracy are spreading like a virus. Piracy implies not only use of forged software, but also unlicensed use of any software. According to the BSA Global Software Survey 2016, “39% of software installed on computers around the world in 2015 is not properly licensed.” Almost 90% of organizations breach software compliance at least in some way. The BSA survey found that “even in certain critical industries, where much tighter control of the digital environment would be expected, unlicensed use was surprisingly high.” The rate of using unlicensed software, according to the BSA findings, is 25% for the banking, insurance and securities industries.

Software non-compliance and piracy, if discovered during the software compliance audit, expose organizations to legal risks and true-up costs. Fortunately, there are ways to protect your organization.

Main drivers of software non-compliance

Software license non-compliances in business are mostly not intentional. Employees try to fulfil their tasks quicker and in the most convenient way. They might share copies of software, bring them from home or download from the Internet without bothering to report to the IT or legal departments; or purchase a valid license, in case of commercial software.

The main drivers are:

  1. Lack of assets management software. The assets management software simplifies and speeds up software and licenses monitoring. Besides, it eliminates the human risk — an IT/legal specialist might overlook things, the computer program never does this.
  2. Failure to assess and audit software assets on a regular basis. According to the BSA survey results, “many CIOs simply don’t know how much software employees are installing on company networks.” They estimate that 15% of their staff download software their company does not know about, while the percentage is almost twice as that.
  3. Failure to understand license agreements and terms of services. Employees downloading software or subscribing to cloud services (SaaS) without informing their IT/legal departments mainly do not read or understand the accompanying license agreements or terms of services, respectfully. However, ignorance of the legal terms and conditions is no excuse — these agreements are still binding.

Software licensing non-compliances might be revealed by an external audit and lead to true-up costs and fines.

Ways to achieve software license compliance

Achieving software license compliance to avoid penalties is an appalling and challenging task. Though there are measures that can help you.

   1. Regular internal assessment and audit of software

Companies should know what is installed on their computers and what cloud services their employees use to do their jobs. The BSA survey report states: “Too many CIOs are not controlling their networks and, in fact, underestimate significantly how much unauthorized software has been deployed”.

The least companies can do is to regularly audit their software and obtain a list of computer programs and cloud services their employees use. It is a daunting job but there are applications available that can help you by automated tracking of installed/used software and subscribed/used cloud services.

    2. Review of software license agreements and SaaS terms of services

The second step is to obtain a list of all license agreements and terms of services accompanying the software and cloud services used by employees and review their terms and conditions. This is the task of the IT and legal departments. The aim is to detect non-compliances to take proactive corrective measures.

This is a difficult job as well unless applying software assets management tools, which enable to automatically intercept licence agreements and terms of services (agreements) upon installation and subscription/use, respectively, and simplify their analysis by comparing these agreements and highlighting differences between them and their most important provisions.

Additionally, we should mention review of proofs of ownership, though this relates only to commercial licenses. It is important to have all the proofs of ownership available. Their number should match the number of installed/used commercial software and subscribed/used paid cloud services. The proofs of ownership can be purchase orders, paid invoices, receipts for purchase, etc. In case, any a proof of ownership is missing, the company should uninstall the corresponding software or purchase its license.

   3. Implementing a corporate policy

Another important measure is implementation of a corporate policy. It can be done in the form of rules applied to installations and sign-ups/sign-ins to either approve or reject them.

To mitigate a threat of non-compliance a company should decide who is authorized to purchase/install a piece of software or subscribe to a SaaS, what types of software/cloud services are allowed to be installed/subscribed to, and what are the criteria for approval or rejection of installations and sign-ups/sign-ins.

Conclusion

External software auditing is a usual practice which can expose companies to significant expenses. Therefore, they need to take proactive measures to achieve software license compliance and avoid true-up costs and fines. This is a challenge unless using up-to-date software assets management tools which automate the processes of monitoring and analyzing license agreements and terms of services.

How to save IT budget on SaaS subscriptions and software compliance