Software License Forensic

My earlier blog on Software License Management talked about intentional non-compliance by organizations. Organizations go to an extent whereby they uninstall the unlicensed versions when a publisher approaches them for an audit. They feel that they have met compliance issues as Publisher will not be able to detect the non-compliance.

Publishers deploy expertise and technology during the audit that does a deep dive into the systems to get the history of what has been used. For example registry entry can provide significant information regarding what software was deployed. Such deep dive is termed as Software License Forensic Analysis

Software License Forensic is an investigative approach to identify the actual license usage by an organization that is under Publisher review. Such forensic techniques and methodologies provide a complete or detailed picture of the software deployment in an organization. This provides valid and sufficient proof to the Publisher to decide the future course of action.

Software License Management

Organizations use software. The software should be licensed. With the increase in number of people working in an organization, there is increase in complexity in managing the licenses and ensuring that unauthorized copy of any software is not installed. So there could be a situation that organizations have software for which they do not have a license or for which the number of licenses is less than the instances used. This makes Software License Management a very important and critical activity of Software Asset Management.

Organizations are legally liable to the publishers if:

• They have any unlicensed version of software deployed, or
• They do not comply with any of the terms of license agreement

Software Compliance is a key activity of Software License Management. It has to ensure that an organization complies with the publishers licensing requirements.

The activity that organization performs to ensure that they are in compliance is termed as software license audit. IT departments struggle to keep track of licensing usage. This needs the specialized Software Asset Management Team to help track and manage licenses. There are tools to help asset management team identify the software that are deployed in the environment. Manual audits are also performed for a certain sample to authenticate the discovery data.

Non-compliance to the licensing terms could be unintentional or intentional. In case it is unintentional then internal software license audit gives opportunity to the organization to ensure compliance. Organizational growth and restructuring besides Mergers and acquisitions contributes to the chaos in terms of unknown license usage/consumption even if an organization has a good software asset policy.

On the other hand there are intentional non-compliance cases where organization tries to save on the license costs.

Software publishers have to manage and enforce their intellectual property rights besides ensuring that their customers are paying for what they use.  A Publisher can ask for an audit at any time. Such audits are termed as Publisher Audits. It is during this course that an organization could readily agree for an audit or might decline the request. There is a typical negotiation that happens at this stage. Publisher provides their data of what they presume is the licenses consumed by the organization. Organization may negotiate and agree at a figure and buy the licenses.  On the other hand there might be a dispute. In such a situation Publisher can take a legal action. The worst for the organization can be that it may face a closure of business due to non-compliance.

The Dead Asset Syndrome

Organizations procure assets, both software and hardware, based on certain projections or needs. Also, there are assets which are no longer utilized or rarely utilized. In case of software assets many organization continue to spend on recurring license cost besides spending on support cost for both software as well as hardware support for dead assets. From the organization’s RoI perspective these are dead investments and hence dead assets.

Another concern that organizations have is regarding the utilization rate of their assets. Organizations continue to invest on IT assets whereas they could have optimized their asset utilization, which results in a poor RoI. With passage of time these too contribute to dead assets.

An even more alarming fact is that a number of organizations are not even aware of possessing dead assets. Dead assets not only have poor RoI but poor TCO as well.

If we try to segregate the dead asset in terms of hardware and software assets, then the percentage is higher for software assets. Software assets are more of invisible assets since they are determined by the licenses which are not mostly physically visible or consume physical space.

Since hardware assets consume physical space (data center, desk space, inventory or others), they are visible assets. Thus, comparatively organizations are more proactive in disposing dead hardware assets that have reached end-of-life.

If we plot a graph of asset procurement and its utilization against time over a period it would give a pattern for dead assets. This is what I would term as Dead Asset Syndrome.

It is very important for organizations to come out of Dead Asset Syndrome by proactively eliminating dead assets and improving their asset utilization rate along with RoI for the assets. How this can be done is what I would cover in another blog sometime later.

At this stage it is important to be able to know whether your organization suffers from the dead asset syndrome. If answer to any of the following question is ‘No’ then it is very likely that your organization is a victim of dead asset syndrome:

• Do you have a list of ALL hardware and software assets procured (with details regarding date, cost, depreciation, support, etc.)?
• Do you know where ALL your hardware and software assets are being used?
• Do you know when ALL your hardware and software assets were last used?
• Have you been able to recover ALL your hardware and software assets if it was no longer in use?