Using Self-Auditing Applications to Reduce Software Audits
February 27 2012 by Joseph Noonan
Software license compliance isn’t often something chief executives spend a lot of time thinking about until an audit request makes it an issue. A significant under licensing issue and the presence of pirated software cannot only impact companies’ bottom lines, but can damage their brands and reputations as well. As a result, attention to software licensing needs to be a top priority. Here’s why.
This recent news announcement highlights that companies caught using unlicensed software can be fined thousands of dollars depending on the level of severity related to the infringement. Often, news stories about these fines brings bad press to these companies, hurting their reputation and sales.
Depending on the size of the company, it can be increasingly difficult to track misuse and overuse of software within the organization. Global companies that share their IP networks with subsidiaries and consultants are be left vulnerable if those users should download pirated software onto their networks. Once on the network, the potential spread of the illegal software on the network increases as employees (who are unaware the software is illegal) see that it is available and download it to their machines. In addition, illegally downloaded software can also introduce malware and other forms of spyware that can leave corporate networks vulnerable to hacker attacks. Reporting that a hacker attack stole customers’ personal information is every executive’s worst nightmare.
There are also organizations set up specifically to uncover software piracy use in corporations. The Business Software Alliance (BSA) and the Software & Information Industry Association (SIIA) are organizations that reward whistleblowers who report current or former employers that they know they are using pirated software. The BSA often files suit against infringing companies on behalf of the software vendor.
.ISVs and their consulting partners also use profiling to target companies for an audit. For example, some vendors look at job postings to see if the requirements include knowledge of software for which the company does not have licenses. No matter how the audit is triggered, they can result in significant time, resource and financial costs.
There is new technology available to mitigate the risk of software piracy. Software vendors are now employing business software intelligence technology that can detect software piracy and identify the companies using illegal software. This information is reported back to the software vendor and with the hard data in hand, they reach out to bring those infringing companies, either make them paying customers or file suit against them. This is actually good news for companies whose competitors have been using pirated software, as the playing field will be leveled as these competitors will finally have to bear the same software costs.
Taking an inventory of software licenses is a good place to start. While it may turn up software non-compliance, it may also turn up more software licenses than a company may need thus curbing wasteful IT spending. Companies should also take a software management approach that includes requiring software vendors build compliance-aware applications into its software.
Some companies may resist the notion that the software on their networks has self-aware capabilities that can detect and report if it has been pirated or is out of compliance because data is being reported out of the organization and concerns with privacy. In fact, the benefit to the enterprise user is actually quite valuable. It limits the company’s overall liability because it allows companies to identify misuse early and mitigate the risk of illegal software propagating in their IT environment. It also helps pinpoint the illegal software use activity, which can help companies avoid wide-scale software audits that are time consuming and can be costly to business operations. It also uncovers the root cause of the software misuse (broken procurement process, training issue, rogue employee overtly downloading illegal software) and provides companies with the information they need to address those concerns.
When done with the company’s knowledge and agreement upfront – and it is made clear what data is communicated- this approach can eliminate hefty fines and possible costly lawsuits when non-compliance is detected and provide a clear way for the enterprise company to become software compliant. The company should also let the software vendor know who its point of contact for reviewing data and identifying infringing computers will be to ensure effective communications and resolutions.
Software piracy and software non-compliance are issues that should concern senior management. The negative impact of software piracy and the costs involved makes this a top priority. Top executives working to drive revenue growth and extend market share need to be mindful that software non-compliance within their organization can result in serious financial risks for the company. Taking a proactive approach to software license compliance can keep the problem manageable, root out the source of the non-compliance and protect sensitive company data.