Managing software licenses has emerged as an onerous and vexing task. Here are three ways to navigate the software compliance space more effectively.
By Samuel Greengard
By now, it's apparent to any CIO that software licensing is a growing challenge. Cloud computing, virtualization, mobility and an array of other trends—including bring your own device (BYOD)—have transformed the way organizations use and manage applications. What's more, software-licensing models have changed radically over the last decade. For organizations that fail to comply with increasingly complex—some might say Byzantine—rules, the fallout can be substantial. Audits and fines can lead to penalties that reach well into the millions of dollars.
Jonathan Shaw, a principal at IT consulting and advisory firm Pace Harmon, says that this rapidly evolving environment requires close and ongoing scrutiny. What's more, a spate of mergers, acquisitions, divestitures, joint ventures and other arrangements means that the tentacles of software compliance reach into every corner of the enterprise…and beyond. "In many situations, software use may be precluded by a variety of restrictions, including standard language or geographic limitations," Shaw points out.
Here are three ways to navigate the software compliance space more effectively:
- Understand your assets. Multiprocessor cores, virtualization, cloud computing, mobile tools and growing numbers of connected devices make it increasingly difficult to achieve a firm grasp of machines and assets. In addition, upgrades and other changes can throw licensing counts out of whack and, in some cases, push an enterprise beyond the bounds of legal licensing. "It is easy to find yourself out of compliance without realizing it," Shaw says. He recommends conducting periodic self-audits, reviewing contracts regularly to catch changes in terms and conditions, and better understanding product life cycles, as well as identifying the way employees use software in the real world.
- Ensure that your company adopts the right model and has the means to track licenses. One of the biggest problems that organizations run into, Shaw says, is a mismatch between the licensing agreement that an organization adopts and what it really needs. "Typically, a team attempts to negotiate a software deal that is the most cost-effective. But they may not have any visibility into whether the IT organization has any way of tracking software under that model," he points out. Among other things, there's a need to build robust asset management into processes, ensure manageability, and adopt tools and technologies that make accurate tracking possible. It's also wise to standardize practices. Shaw suggests using ISO/IEC 19770, an international standard for software asset management.
- Negotiate with vendors more effectively. For enterprises, the question isn't if an audit will occur, it's when it will occur. In some cases, it's possible to negotiate with software vendors for more favorable terms upfront. It's also possible to work with vendors if an audit reveals a discrepancy. For example, if noncompliance was inadvertent, Shaw recommends attempting to settle with the vendor based on the goal of maintaining future compliance. "Aim for a settlement that is capped rather than paying punitive damages," he suggests. Shaw also recommends threatening to take business elsewhere if a vendor is too aggressive and doesn't provide adequate time to prepare for an audit. Yet, many problems can be avoided through upfront planning and discussion, he says. Examine whether it's better to negotiate usage across the enterprise or on a department-by-department basis, address exchange rights (in cases where an organization winds up with too many licenses of a product), and probe geographic restrictions and sub-licensing. "The goal is to make the arrangement as flexible as possible," he concludes.
About the Author
Samuel Greengard is a contributing writer for CIO Insight. To read his previous CIO Insight article, "State of Hawaii Dials Into Digital," click here.
This article was originally published on 02-24-2014