Navigating the Thorny World of Software Licensing Management
Over the last decade, the complexities of managing enterprise software have grown exponentially. Cloud computing, virtualization, mobility and an array of trends — including bring-your-own-device (BYOD) and new software licensing models — have transformed the way organizations use and manage applications.
Navigating this landscape can prove daunting. For many organizations, tracking licenses is a difficult, time-consuming and expensive task. What’s more, organizations face the constant threat of a vendor audit along with potential fines for noncompliance.
Under U.S. Copyright Law, the amount of a fine can hit $150,000 in statutory damages per violation, but the actual cost can run significantly higher due to legal fees and other expenses.
Unfortunately, many organizations do not address licensing issues adequately.
“A lot of executives wind up feeling overwhelmed and they sweep the issue under the rug,” states Andrea Hoerr, solutions manager for software asset management at CDW.
“Today’s licensing schemes are quite complex, she says. “They require more than a spreadsheet and occasional attention. It’s crucial to apply a more strategic focus and base decisions on real-world needs. Best practice organizations take a lifecycle approach to software licensing management.”
A License to Litigate
Software license management (SLM) has evolved out of a pressing need for structure in an increasingly chaotic marketplace. Today, vendors often deliver painfully long and often convoluted end user license agreements (EULAs). The stipulations vary greatly by software publisher and, sometimes, even within a vendor’s portfolio of product offerings.
What’s more, as IT executives dip into virtualization, cloud computing and mobile technologies — often relying on multiple operating systems and a mélange of applications running on the same physical machine — the challenges grow exponentially.
Robert Scott, managing partner at the law firm of Scott & Scott, LLP in Southlake, Texas, says that SLM is a topic no entity or executive can afford to ignore.
“Software publishers have become far more aggressive, hostile and litigious about how they deal with customers and perceived copyright infringements,” he notes. “In some cases, businesses wind up facing outrageous demands when there’s a perceived discrepancy — even when the company licensing the software is attempting to act in good faith.”
Of course, there are numerous reasons why an organization’s records might not match the vendor’s audit numbers. At the most basic level, an enterprise asset manager might have failed to record licenses accurately — particularly as computers enter and exit the company. In addition, employees may have installed rogue applications or turned to a version of software designed for home use.
In more complex scenarios, an entity might run an enterprise application such as an Oracle or IBM database on virtualization software like VMware or connect to an enterprise resource planning (ERP) application such as SAP on Windows, Linux and iOS devices.
“The situation can become incredibly convoluted and complex,” Hoerr says.
For example, IBMs subcapacity licensing scheme — designed for use with DB2 and other applications running in virtualized environments — includes hundreds of rules and provisions for how software can be used. In addition, it stipulates how customers must maintain records, what virtualization technologies can be used and how they can be used, and how many cores and how much memory is allowed with the IBM software.
Meanwhile, Microsoft’s rules for who does and who doesn’t need a client access license (CAL) can prove vexing for even the most experienced asset managers.
These problems often multiply for highly decentralized organizations operating in a multinational environment. In addition, businesses tackling mergers and acquisitions or dealing with large number of independent contractors often find software licensing daunting.
Likewise, consumer trends in IT — such as BYOD and clouds — create other obstacles. For instance, IT executives might struggle to manage software licensing issues for employees that use a nonenterprise owned mobile device to access an enterprise database or application.
Finally, it’s critical to recognize that so-called shadow IT — different departments procuring software and services independent of the IT department — is a growing issue for organizations.
How SaaS Fits into the SLM Picture
Software licensing models are changing. In addition to traditional licensing based on a price per seat, some vendors — particularly those providing software-as-a- service (SaaS) and cloud-based applications — are rolling out annual subscription fees.
In some cases, this approach can greatly simplify licensing but in other instances it can further complicate an already complicated situation.
“The advantage to a software-as-a-service approach is that it removes the dependency on local hardware,” explains Dennis Drogseth, a vice president at Portsmouth, N.H. consulting firm Enterprise Management Associates. “As a result, it typically creates a clearer model.”
In the end, the lack of an effective licensing strategy can lead to inefficiencies, increased costs, violations and fines. It can also create a chaotic IT environment that leads to over-provisioning and under-provisioning of resources.
“In many cases, organizations fail to take a proactive approach to software licensing and asset management. They do not fully support the business of IT,” Drogseth says. “As a result, software asset management teams often spend a great deal of time preparing for audits and coping with the aftermath. It is not a productive use of enterprise resources.”
Coping with a Software Licensing Audit
In recent years, as the economy has stalled and revenues have waned, software vendors have increasingly viewed audits as a tool to boost revenues.
According to various industry studies, about 60 percent of firms undergo at least one software audit each year — a number that has doubled in the last six years. In fact, nearly 20 percent of firms say they have been audited at least three times during the last year, according to a 2011 IDC/Flexera study.
Typically, auditors examine devices and check to see if licensing requirements match the actual systems. They look at the number of licenses held by an organization, license expiration dates, and the hardware on which the software is installed. In some cases, auditors may overlook minor violations.
In other instances, they may crack down aggressively — even when an entity has made a good-faith effort to comply with licensing terms. The lack of clear reporting can create a more stressful and lengthy auditing process.
There are numerous steps an enterprise can take to streamline software licensing management and minimize the odds of an audit. One of the most effective ways to address the situation is through the use of a software licensing management tool.
These applications not only generate a database of devices and licenses, they identify potential discrepancies and provide insights into how to maximize cost efficiencies. Many applications provide detailed reports and graphs that provide an at-a-glance view of the enterprise.
Enterprises are also turning to strategies and tools to rein in consumer devices and BYOD. Although mobile device management (MDM) applications can provide some help — and a growing number of organizations are establishing internal app stores to better manage and track the distribution of mobile apps — Drogseth says that business and IT executives must approach mobility seriously.
In many instances, “It’s necessary to use discovery and inventory tools — and have a dedicated team in place to track assets and software licenses across the entire spectrum of devices and systems,” he explains.
Organizations are also turning to automated and physical self-audits to better understand the software resources they have deployed within the organization — and gain a more complete picture of an IT environment. A self-audit can also provide feedback about the effectiveness of overall enterprise governance and how closely the organization is adhering to policies.
Many audit executives find this approach attractive because they’re able to approach software licensing in a more flexible way — including how they allocate resources toward the task. A physical audit typically involves examining contracts, purchase invoices, bills of lading, end-user agreements, certificates of authenticity and actual software boxes.
Although a self-audit usually isn’t as precise as a physical audit, it may help an organization avoid licensing discrepancies or, at the very least, prepare for an outside audit more effectively. In some cases, too, a vendor will accept a formal self-audit in lieu of conducting its own investigation. In fact, some vendors will provide a complimentary software asset management (SAM) program to an organization that has IT asset management (ITAM) software in place.
Some vendors are also willing to assist organizations in complying with terms of their end-user agreements. For example, Microsoft offers customers Software Assurance (SA) benefits such as deployment days (where Microsoft experts help IT learn deployment tools, training days (where Microsoft experts help IT staff deploy, manage and support new software) and e-learning (online courses that are aligned with the software a business owns). Many vendors also offer licensing reviews and a variety of other programs and benefits.
Regardless of the exact approach an enterprise takes, it’s critical to develop a viable strategy.
“The idea that it’s possible to survive from audit to audit isn’t cost or time- effective over the long run,” says Jenny Schuchert, content director of the International Association of IT Asset Managers (IAITAM).
“In most cases, an organization that falls into this trap winds up constantly behind the curve and continually facing problems and expenses,” she adds.
The upfront cost of investing in discovery tools, software licensing management applications and tracking overall assets “goes a long way toward maintaining a manageable situation.”
Not surprisingly, organizations that take a proactive approach to software licensing management realize other benefits. They’re able to ensure that they have the most cost-effective licensing programs in place, they’re able to engage in better IT forecasting and planning, they pay only for the software they use, and they’re able to more effectively eradicate rogue applications as well as the use of applications among unapproved groups.
Simply put, these businesses are able to approach licensing in a more holistic way and track use across the lifecycle of applications and IT resources.
Scott says that it’s a dollars-and-sense proposition. A key to managing software licensing effectively is ensuring that a strategy and the right technology are in place at the onset of a relationship. In some instances, he says, it’s also possible to negotiate more favorable terms upfront. However, it’s also possible to periodically revisit terms with a vendor.
“Too often, businesses fail to streamline licensing after the initial purchase. They do not take steps that directly improve the terms of the relationship and reduce their exposure,” he points out.
Ultimately, Scott and other experts say that a software lifecycle management approach transforms licensing from a bane into a manageable task. Those that involve consultants and legal experts in the process from the beginning usually realize the best results.
“Too often, companies discover that they’ve made mistakes only after they’ve been audited and they’re facing a huge fine,” he states. “There’s no one-size-fits-all approach to software licensing management. The nuances and situation are different for every organization and the situation is constantly changing. But organizations that take the task seriously come out ahead.”