Imagine this: It’s the last quarter of the financial year and you are in the process of consolidating the financial data relating to the company. The company’s performance has been good and you know that the financial results would please the shareholders. Your good mood continues until you see the mail from one of the software vendors, whose software you use within the organization, informing you of their findings from the license audit they conducted just last month.
They have found your company to be non-compliant, using more licenses than permitted and even some products that have not been licensed at all.
Your first thoughts are:
- How could this have happened? You will have to ask the IT team for an explanation. The non-compliance could not have been this much!
- The cost of rectification of this non-compliance, as quoted by the vendor, would set the company back by a considerable amount, and reduce the profits to lower than acceptable levels.
- A dispute with the publisher could result in loss of reputation and investor/ customer confidence
Well, your job just got a lot tougher.
Who is to blame?
Most companies believe that it is the responsibility of the IT staff to ensure compliance. But that’s not true: Compliance is everyone’s responsibility. From the inexperienced hire to the CXO level executives, all employees have to know that non-compliance (including piracy) has far-reaching implications. Whether it is software or movies or music or even copyrighted reading material, if it is not purchased or procured through the right channels, using it is illegal and this offence is punishable by law. And if pirated software is found on the company’s assets, this could lead to significant cost for the company.
How do we ensure compliance?
Software License Compliance can be achieved by following either of these two approaches:
- Software publisher conducts an audit and identify gaps in compliance. Pay the non-compliance penalty and cost to procure the additional licenses (Not recommended!)
- Presence of strong software asset management processes & controls
- Ban on unauthorised installations/ downloads
- Regular review of license deployment status and identification of unlicensed software
What does it cost to ensure compliance?
If you chose the reactive approach to software license compliance, there are chances that the penalty could cost you as much as $1000 per computer asset per publisher audit. For example, an organization with 4000 computers ended-up settling with a middleware publisher for US$4 million, although the software was actually deployed only on the servers, which were much fewer in number.
The indirect cost of a reactive approach could be loss of reputation and investor confidence, which is much more difficult to quantify
However, the proactive approach is more economical and with the cost being spread out over a longer time, doesn’t seem to pinch as hard. The key components of the cost of this approach would be the time and effort taken to:
- Streamline the software asset management process and vendor licenses
- Enforce stringent internet activity and download policy to ensure that unauthorised downloads and installations are barred
- Identify gaps in compliance, if any, and bridging this gap
- Conduct regular assessment of entitlements and actual usage
Despite what you may do to protect yourself from these threats, it is prudent to accept that none of these steps can guarantee 100% compliance. Yet, corporates should always strive to get as close to 100% as possible (and commercially viable).