Business User Help
Business users of software can inadvertently discover that software licenses do not tally with software installed, for example, because of buying another company or the actions of rogue employee. On finding out that the software licensing situation needs attention, action is needed without delay as the company is automatically an infringer of the software IPR if a valid licence cannot be produced in defence.
Q: What are the risks of using unlicensed software?
A: No doubt about it, any type of unlicensed software on your network is going to represent a risk of some form to your business. Some of these risks are:
- Financial Exposure – regardless as to whether your under-licensing situation has arisen because of intentional corner cutting when it comes to price, poorly managed environments where there is very limited control or where you have honestly just over installed an application unknowingly…if you are approached for an audit by a software manufacturer (or an industry body such as FAST on their behalf), you will be expected to settle up any unlicensed/counterfeit installations with legitimate licensing. Not only that, but there may even be penalties and back-payments to face. You are also unlikely to be able to benefit from significant discounts, as you are in a position of weakness when it comes to negotiating.
- Business Credibility – There have been instances in the past where situations of under-licensing are not only required to be balanced via purchases and penalties etc., but your company may even be required to publish an official statement to the software manufacturer or be quoted in the press as an example to other businesses. In any event, negative publicity associated to fraudulent or illegal software use can do your company no favours.
- Malware Infiltration and Cyber Crime - Unauthorised downloads and counterfeit copies of software programs leave your security vulnerable. Viruses associated to these methods of acquiring software can lead to massive data loss and business downtime, not to mention financial expense.
- Data/Confidential Information Leaks – When it comes to things like Peer-to-Peer file sharing, it opens the company up to the risk of data/confidential information leaks that could seriously hurt the company. The repercussions of this are significant, potentially leading to legal action/resulting in identity theft.
- Imprisonment – This is a very real possibility. The director of the company can legally be prosecuted for software theft and can actually be imprisoned for up to 10 years. Even if he had no knowledge of the offenses. It is the responsibility of the directors and/or business owner to maintain license compliance.
Q: What can I do to avoid these problems?
A: There are no quick fixes here. There are levels of vigilance, processes, structure and control that need to be in place to ensure you aren’t putting your company at risk. Below are some of the key areas to address:
- Know what is out there – Start initially by getting to know your software environment. You need to know what is out on your network. Knowledge is power, and as soon as you can identify the areas of risk, the sooner they can be addressed. This can be achieved by deploying a discovery/inventory tool that fits your requirements. Take this as a learning opportunity to combat internal practices that have opened up any exposure/risk. Ensure you cover all the bases when it comes to software usage. Virtualisation and thin client usage have created many licensing shortfalls over the past few years. Cloud based applications or application streaming are some of the latest technologies to create risk around software usage.
- Know what you have – Just as importantly as knowing what you have out on your network, is knowing what licenses and agreements you hold and the parameters around the deployment of the software. The software you have purchased will come with clear license terms whether it is purchased through retail, OEM (Original Equipment Manufacturer) or volume licensing. This often means that the deployment of the software is limited to a no. of devices/users/even hardware specifications. Appoint a software champion within the company if you don’t already have one to stay on top of your entitlement and ensure they are involved in any processes and procedures you create around software requests/purchases.
- Appoint Authorized Suppliers – Any attempt you can make to centralize your software purchases is a positive. Processing purchases through a centralized (and authorized) channel will not only give you better control over the validity/credibility of licenses you own, but will also give you access to greater discounts in pricing and additional benefits associated with pooling purchasing under an agreement. To ensure that you are obtaining genuine software, ensure you either purchase it directly from the publisher or from one of their authorized resellers. If you are unsure, details of authorized resellers can be found on the publisher’s website. Most high street retailers are linked to most major software manufacturers. When buying online, be careful to ensure the online shop is a reputable business and you can seek guidance at the Citizens Advice Consumer Service. The rule of thumb is, if it sounds too good to be true – it usually is.
- Make sure it doesn’t happen again – The best people and the best tools will fail in the Software Asset Management (SAM) space if the appropriate processes, procedures and policies aren’t in place moving forward…This will make it easy to control and manage your license lifecycle in the future. Ensure that you have written IT policies to ensure good software license management practices and make sure that everyone in the organization signs up to them. Review your license procurement and maintenance contracts on a regular basis.
Q: Where can I get advice and guidance?
A:FAST has a wide and varied membership and are able to offer advice and assistance to businesses to achieve and maintain correctly licensed and managed software. Our members are also well placed to assist in providing software asset management and audit services as necessary.