I have written about software licensing many times in the past and I continue to work with companies that simply don’t understand the software rules and the cost associated with violating these rules. Software companies are making it much harder to utilize illegally purchased software or to use their software in a manner that is not in compliance with the EULA (End User Licensing Agreement). Some of the things we are going to discuss in this article are: simple software licensing basics, the Business Software Alliance or the software police, and some of the different software models, including SPLA (Service Provider Licensing Agreement) which is important to anyone using the cloud.
Software basics start with a simple statement that surprisingly most people don’t understand, and that is in most cases with commercially released software you don’t actually own the software. When you purchase the software you are actually purchasing a license to use the software, and that license is valid as long as you use it in a manner that is in compliance with the End User Licensing Agreement. There have been many court cases on this subject and the U.S. Court of Appeals ruled in the case of Verner verse Autodesk that people could not resell copies of Autodesk even if it had never been loaded in the past because it is stated within the EULA that Autodesk reserved the right and did not allow for reselling of their product by a third party.
How do you know if someone is illegally selling your software? In the case of Verner verse Autodesk the judges laid out a couple of points; “We hold today that a software user is a licensee rather than an owner of a copy where the copyright owner (1) specifies that the user is granted a license (2) significantly restricts the user’s ability to transfer the software; and (3) imposes notable use restrictions.” The Verner verse Autodesk case is one of hundreds that have been litigated over the years, and the one thing that seems to be consistent is that when you purchase a licenses and you agree to the terms when the software is loading you are entering into an enforceable contract agreement between yourself and the software company. Now that you know you are entering into a legally binding agreement it is important that you read the terms or EULA when you are loading software to see if your intention is to use that software for something that might be in conflict with the agreement you are about to agree to.
There are other limitations that might be contained within the terms or EULA that could impact you if you are not aware that these items are limited or prohibited by your agreement. Where you can install the licensing could be restricted, an example might be that you can’t load an OEM (Original Equipment Manufacturer) copy of the software in a cloud environment. Another example would be you can’t use an Educational version of the software in a for profit company. Both of these scenarios would be considered out of compliance by the software manufacturers and prohibited by the agreement or EULA. Another example would be copying, modifying or redistributing of the software. In most cases software manufacturers do allow a single copy of the software to be made for disaster recovery purposes; however, copying the software for use on another computer would be considered out of compliance. Another example would be to decompile the software so the source code is viewable or to attempt to change the source code. Software companies go to great cost and effort to protect their intellectual property rights, and as similar to many other industries, protection of that intellectual property is the key to their future financial success. If someone were to decompile the software and steal the intellectual property of the owner that would be considered a crime first and foremost which is punishable with fines and jail time, but in most cases it is strictly prohibited by the agreement and the EULA.
One of the biggest debates in the technology software arena is the use of open source, or free software. I have a lot of concerns about free software in a world full of security risks, identity theft, stolen data, and the technology black market and I am always concerned about using a free piece of software on a corporate network. It doesn’t mean that the free utility is bad, or doesn’t meet a specific goal or objective but, from a business perspective what is the quality and value of free? How often does your business work for free? And if it is free should you have a realistic expectation that the quality and vetting of the product or service is of a level that is going to meet your standards? Then, there is always the bottom line, which tells you that nothing in this world is truly free. You’re going to pay somewhere, somehow and in the world of software, you going to pay through continued software development. You might even put your business in what I call IT jail. IT jail is where the business is afraid of change because only one person holds the knowledge of how things work. So, there is fear of what happens if this person leaves. I know it sounds silly, and is almost to the point of disbelief but in my 35 plus years of being in the technology business, I have seen it countless times.
There are some advantages to utilizing open source programs that should be evaluated when determining the methodology of how you are going to utilize your overall enterprise software package to grow and expand your business. First, is that acquisition of the software is going to be free, which definitely on the surface does lower your cost of acquisition. Secondly, due to it being open source, it is continuously being modified and upgraded due to the volume of developers that may choose to implement and use the core software. Open source software doesn’t have the traditional limitations as most commercial software. The advantage to this is that the software becomes very flexible and will interface with many other types of systems. One of the strongest points is that open source software is very adaptable to changing business requirements.
There are powerful advantages to open source software, however there are also some disadvantages as well that need to be considered. Open source software doesn’t have a single source provider, it is an accumulation of several developers which is one of its advantages, but from a risk mitigation perspective you have to ask yourself what is the quality of the work performed and who is responsible if my business is somehow damaged by using a multisource program that was free to begin with. Business logistics or basically business workflow is going to be on the business owner. Business owners must have an intimate firsthand knowledge of how their business works and operates in order to utilize the real power of open source software. This becomes a problem as businesses grow and the owners become less and less knowledgeable on how their business operates both technically and clinically, which will limit the effectiveness of open source software. You won’t own the software or the intellectual knowledge that is developed on your behalf. It is open source, which means that it is open to other businesses and developers that want to take advantage of what you have developed, I call it accumulated knowledge. That is a great and powerful advantage of open source software but, don’t assume you own the software or that you have a legal claim to the software because you don’t.
My final thought on open source software is that it does have some very powerful advantages to using open source software. However, having been involved in many legal cases regarding risk mitigation, ownership of intellectual property and security of data, I have concerns around software that may or may not have been developed with the highest standards with a legal entity standing behind the quality and security of the product. Open source products certainly have a place in the market, but as I advise many of my clients open source is much like proprietary software development, once you start you have to have the fortitude to continue for years and years to come. You have to budget wisely, you have to make certain that if you are interfacing with other commercially released programs that when they upgrade you are ready to invest in upgrading your software to match the requirements. It will be ongoing, never ending, and there is a cost to free.
There are many different types of licensing agreements. Perpetual licenses, which are licenses that once you purchase them you have the right to use the software as long as you like. However, keep in mind that if you upgrade a perpetual license then you may be charged for the upgrade, so if staying on the current versions of software is important to your business than perpetual licensing may not be an option. Then there are term licensing agreements that have to be renewed, typically every year, but that can vary from software vendor to software vendor. When it comes to software licensing and picking the correct licensing package for your organization there are things you need to be aware of. One of the biggest reasons that companies end up in software trouble is because software rules change regularly and it is the responsibility of the company to be aware of those changes and to make sure that you stay in compliance. Another area that can create software licensing issues is basically not understanding your software assets, what you are doing with those assets and properly managing these assets to ensure that you don’t overspend and you are licensed properly for the people who need them.
Let’s talk a little about mistakes companies make in managing software licenses. One of the first things to remember is that it is your responsibility to prove you own the licenses you have on your system, so yes you have to prove yourself innocent not be proven guilty. With that in mind, some of the things to watch out for might include: making adhoc purchases, employees should not be allowed to purchase software and load it, and the documentation of software purchases is the only real defense you have against being in non-compliance. Not tracking installation and use, it is not recommended that you allow people to manage their own software, it leads to over spending in licensing, and it leads to system compatibility issues, and again easily can put you in a situation of non-compliance. Not tracking renewal dates, this can lead to allowing your open licensing or enterprise licensing to expire which then could result in having to purchase all new licensing when it is time to upgrade. Have a central repository for all software licensing and proof of licensing. If for some reason you get audited, not having the licensing in one place can make it difficult and expensive to prove your compliancy. One of the biggest mistakes is assuming that licensing rules don’t change. They do change, and they change on a regular basis. Software companies routinely update and modify their agreements based on discontinued versions, change in market approach, or based on separation of software packages. Do not assume that the rules you purchased your software under still apply, make sure you read the agreement and understand it.
The Business Software Alliance, what is it and what authority do they really have over the software agreements? As stated earlier, when you click on the agree button or check the check box, or sign an Open Licensing Agreement or Enterprise Agreement you are actually entering into a legal contract that does have binding rules that you are agreeing to. The most common method that typically gets the Business Software Alliance interested in you is that someone reports you to them with evidence that you are violating software agreements. Who is that person? In most cases it is one of your employees, typically someone who is basically knowledgeable in the manner in which your business is managing software assets. The Business Software Alliance does pay, and pay well for people to report software violations to them so they can pursue through the legal system resolution and restitution for violations to the agreement.
The Business Software Alliance is an alliance between most of the major software vendors, and mid-major software vendors to enforce their software agreements and aggressively pursue people that willfully violate the agreement. After all you have to look at it from the software vendor’s perspective, if you are violating software licensing, you are stealing the work product and intellectual knowledge of another company. Then, you’re using that stolen property to make a profit for your business. I think any legitimate business would legally pursue any one that was stealing your intellectual property or work product then using that to make a profit for themselves without properly paying for the tools used to make that profit. How does this process work? Typically it will start with them requesting that you do a self-audit of the software you have installed, along with providing the purchasing proof that you actually own the software you are claiming. In most cases it will end there if there is enough proof that through a good faith effort you are trying to manage, document, and enforce your software agreements on your own.
Good faith effort, what does that actually mean when it comes to a software audit? Basically it comes down to having solid policies and procedures that help you manage the software that you own, and you have a process that everyone goes through in order to purchase new software. Managing software assets, what is the process that your business goes through in order to request new software or an upgrade to existing software, is that a well-documented process or more adhoc? How is that software installed and the installation of that software properly documented as to who has it and when it was loaded. Documentation is always key, copies of the agreements, licensing key management and protection, purchase history who, when, did the purchase happen. Enforcement, this is the tough one, every employee thinks they are key, the future of your company, and that when it comes to software they can be expensive. Workstations and Laptops should be locked down so that end users can’t load software, and this is where the tough part comes in, owners and managers have to have the fortitude to say no! You can’t say yes just because it is easy or you don’t want to hear about it. Software licensing is one of the hardest things to keep track of and when you get behind, catching up is difficult and expensive. Violators of your companies’ software licenses should be dealt with just as if they violated any other company policy, verbal disciplined, written or terminated. It is tough and owners and managers have to stick to their guns, put on the big boy pants and enforce their own policies because, at the end of the day who is writing the check for the violations, not the employee.
What is SPLA (Service Provider Licensing Agreement)? Due to the popularity of cloud based computing Microsoft and other software manufactures have developed a licensing model for independent cloud providers and independent software providers to provide a customized licensing programs to their clients. This goes to one of the core cloud principles of paying for what you are using so you don’t have dead licenses. Dead licenses are licenses that may or may not be of current versions that you bought in a package deal but never used or activated, simply put wasted dollars. SPLA licensing allows cloud vendors and software vendors to license what you need. If you need 7 you can buy seven, if that changes and you need 25 you can buy 25 and that can go up or down on a monthly basis depending the growth and contraction of your businesses specific needs.
Some of the advantages to a SPLA licensing model verse the traditional licensing models are; your provider’s ability to provide you with customized licensing, keep in mind SPLA only applies to cloud based technologies not to in-house systems. Due to the flexibility of SPLA it allows your provider to deliver to you exactly the number of licenses you need for the products you choose to host. There are no upfront costs with SPLA, and no long term commitments, which means you can adjust your licensing based on the specific needs of your business, or individual needs on a monthly basis. One of the huge advantages to SPLA is version control. Which means as manufactures who offer SPLA licensing upgrade their software you can upgrade at will or your own specific timeline and again it is all part of your monthly fee. One of the features of the SPLA model is that since you pay by the month you can try out many of the software packages offered by SPLA manufacturers and if you don’t like it then you simply don’t renew it for the next month.
Software licensing continues to be one of the most confusing and costly aspects of running and managing an IT department. However, it is worth taking the time to learn and putting processes in place to ensure that you remain compliant. Regardless of if your strategy is to remain in-house or go to the cloud, licensing costs are going to be a huge part of your reoccurring budget and a time consuming process to manage it is simply now a cost of doing business. However, if done correctly you can manage those costs, reduce your exposure and risk on a compliancy level and still get the software you need to grow your business in a productive manner.