Daniel Reio remembers the days of the software retail box when buying software meant it came on a CD with a paper manual packaged in a box.
“The way that some customers used to track their software licence rights is, they would walk into the server room and count the number of boxes on the shelf,” said the senior marketing manager with Etobicoke, Ont.-based technology provider CDW Canada Inc. “But now everything is licence-based. It’s all virtual,” said Reio.
CDs and manuals have been replaced by licence keys and electronic files, making it difficult to track software licences in an organization. The tendency, too, said Reio, is for organizations to focus entirely on their core business, often leaving licence tracking to fall to the wayside. “But there’s a point in time where something happens where they realize that they probably should be tracking the number of licences and ensure they are compliant,” said Reio.
That reminder could come in a variety of forms. It could be the software vendor itself who suspects the customer is not being compliant. Or, perhaps the company has downsized and must re-align its licences with the reduced headcount. Maybe the company has suddenly grown and can’t be sure it actually has the necessary number of licences for the new users.
“The reality,” said Reio, “is that today tracking is much tougher because you don’t have a physical piece anymore.”
Non-compliance has its price
PCs now must be individually scrutinized for applications that reside on them, a task that can be a “highly complicated, very detail-oriented, labour-intensive type of activity,” said Edwin Jansen, manager of IT asset management service with Toronto-based IT products and services vendor Softchoice Corp.
Jansen recalls a customer’s plan to categorize the jungle of commercial and non-commercial software across its 50,000 PCs. There were probably no fewer than 20,000 unique software titles to deal with, estimated Jansen. “How do you figure out which ones are commercial (and which ones are) non-commercial?” The company, a North American financial institution, decided to create a small team of employees who would painstakingly search, using Google, what each application did and what licence was required, said Jansen.
“Organizations often feel they’ve got to go it alone and do it themselves,” said Jansen.
There are products and services available to help with software licence management, but “there is no silver bullet,” noted Jansen.
To start, organizations should realize the benefits of a licence management strategy, like cost-avoidance. Businesses will have planned budgets and expenditures, “and by then getting tapped on the shoulder by a vendor can mean you now have got to buy licences at list price that you had not planned on,” said Jansen.
Risk reduction and good vendor relations is a benefit, too, because a licensing agreement, essentially a legal relationship with responsibilities that must be adhered to, can render penalties for non-compliance, said Paul Asseff, director of software marketing at Softchoice. The actions taken by software publishers vary, like losing a corporate rate or having to pay a fine, said Asseff, but in most cases vendors are willing to arrive at an amicable solution if the customer shows an eagerness to get compliant.
Dealing with non-compliance can take precious time away from core responsibilities, said Jansen, especially when the chief financial officer and legal department are preoccupied with “looking through the licensing situation in panic mode.”
Beware the nuances
Most often, counting and measuring software utilization entails IT staff “walking around or counting by post-it note,” said Ross Chevalier, president and chief technology officer of Toronto-based software vendor Novell Canada Ltd.
The process is not only tedious, but fraught will peril because the likelihood of making an error is quite high, he said. While some software publishers provide a tool to track their products, the method of counting software may vary. This makes it important to decipher the nuances of a licence agreement, warned Chevalier. But the lack of a standard format for end user licensing agreements (EULAs) can mean a customer’s responsibility can range from specific to broad. EULAs are tedious and boring and seldom get read, he said, so while customers are aware they have engendered some liability, they don’t know exactly how. So it’s important to align the EULA with the number of software instances installed and the manner they are being used, said Chevalier.
Depending on the EULA, software may be counted by device, user, or full-time equivalent. Software publishers try to minimize misunderstandings by making EULAs accessible for customers to easily print and store in a binder, or download and save as a file.
But because IT environments are heterogeneous by nature, Chevalier recommends a tool that tracks software installs and utilization regardless of brand. It’s useful, too, for licence renewal so an organization can “get levels of entitlement (from the vendor) that are just right for their business,” he said. “Well, you can’t know what’s right if you can’t count it.”
And a user can make a case for renewing software because the tracking tool can prove frequent usage, said Chevalier.
But EULAs also vary in terms of the type of the software. Virtualization technology, for instance, has “clear benefits, but the devil is in the details,” said Jansen. Vendors of virtualization technology are often not licensing experts, he continued, so “the licensing implications need to be considered so that you don’t undo some of the benefits you got from the virtualization exercise.”
According to Patricia Adams, research director with Stamford, Conn.-based research firm Gartner Inc., aside from virtualization, databases and customer relationship management applications are also technologies that could have “three or four licence models just for that application.”
And, further complicating the matter is that vendors will modify their licensing agreements every five years or so to maximize their revenue opportunity, said Adams. Part of an organization’s strategy, she said, must be to anticipate such changes and plan ahead for it.
Don’t forget the usage policy
A policy for software usage plays a crucial role in licence management to help employees understand the risks of sharing and not paying for software, said Adams. Non-adherence to policy is usually a result of “casual piracy,” she notes, where ignorance is the driver.
Driving that policy should be the person responsible for licence management within the organization. That individual, usually in IT with a dotted line to procurement, creates and builds awareness around the policies. Specifically, policies should focus on what is permitted to be installed, and who can install it, said Asseff. “That’s the most basic policy … to make sure that only the people who are linked back into the software asset management process can install the software and therefore reconcile that with licences already owned or additional licenses to buy,” he said.
Part of the policy should also focus on how software is purchased to prevent, for instance, the high-level executive buying and expensing software using a company credit card, said Chevalier. While the process of expensing the purchase may be permitted, he said, the software “doesn’t become part of corporate asset listings.”
In general, non-adherence to licence management reveals a prob
