Software compliance audits are becoming more and more frequent for both small and large organizations. Many software companies are realizing that compliance can be problematic amongst their clients. In a report , 75% of companies surveyed said they were out of compliance with their software usage. That number is surprisingly high and software vendors have noticed. This begs the question; how do you manage software compliance risks as usage grows?
What is software compliance and why is it a challenge to maintain?
Software compliance (or a software compliance audit) is the ongoing process of constantly being within the limits of a licensed software agreement. Compliance involves routine software asset management through careful record keeping and software monitoring.
There are many challenges associated with maintaining software compliance, particularly as the use of software grows and as more applications are pushed to the cloud. Many IT departments find themselves overwhelmed with usage records and data to keep track of. The struggle to maintain compliance can be summed up in 3 main challenges:
Lack of license terms understanding
When a company purchases software, they’re only renting it unless otherwise stated. Companies run into compliance problems because they don’t necessarily realize they don’t own the software. Therefore, you’re legally bound by the contractual obligations and restrictions within your licensing agreement. Additionally, if you buy one software license, it can most often only be used for one device.
For example, if you have 10 Microsoft Office licenses, then you can only install it on 10 devices. Any additional devices the software is installed on are in violation of your licensing agreement. If your company were to be audited, the fines for each individual violation could be up to $150,000.
Similarly, cloud violations such as sharing login information with unlicensed users can get your company in trouble. In a 2012 survey, 42% of cloud users admitted to sharing passwords and user names with other people inside their organization. Cloud management services can help reduce this risk and avoid costly fines and audits.
Inadequate record keeping
Record keeping isn’t something you can neglect. In the event that you are audited, you’ll be asked to produce records to determine if you were compliant with the software agreement. Without adequate records, it’s difficult to prove you were.
Keeping track of software contracts, licenses, and the number of devices using the software are just a few of the things you’ll want to continually update and manage as software usage escalates and moves to the cloud.
Multiple departments and employees downloading software
When departments and employees are able to download software without authorization from the IT department (rogue IT), compliance becomes harder to maintain. Software usage undoubtedly grows when more people are able to install it, making it difficult for the IT department to keep up with compliance issues.
According to one study conducted by the BSA (The Software Alliance), an estimated 39% of software installed on computers in 2015 were not properly licensed. Unauthorized software installations can be reduced by establishing and enforcing software usage policies for your company.
Who enforces compliance and what is an audit?
A software compliance audit is a complete analysis of software being used on a device (or in most cases, multiple devices) to determine if the software is being used within the legal parameters set by the license agreement. If an audit determines a noncompliance issue, the user in violation will likely be fined for the infringement.
The BSA Software Alliance Foundation
Founded by the Microsoft Corporation, the BSA | Software Alliance Foundation advocates for software companies all over the globe. Part of what they advocate for and enforce is software compliance. They investigate reports of noncompliance and pirated software to protect the property of their members. If necessary, they will take legal action against commercial end-user license infringement. For example, if someone files a report stating that you are illegally using software, the BSA will investigate the report and perform a software compliance audit to determine if you are in fact compliant.
Since most software companies enforce compliance through audits, your company should do internal audits as well. Compliance should be enforced through standards and procedures pertaining to how software is used, installed (or downloaded), and tracked. Consider doing your own internal compliance audit to identify any key compliance issues. An audit may include:
- Running a usage report and identifying where software is being under or over used
- Removing unused software or purchase additional software to remain compliant
- Identifying software that needs to be updated to the latest version
What is your organization’s system for tracking compliance – is it accurate?
Every organization needs a system to help identify compliance issues. Some systems are better than others. Unfortunately, some organizations don’t even have systems in place, making compliance an even larger problem. Your system might need to be improved if you identify with any of the following:
- “True ups” aren’t being performed on a regular basis
- There are no records kept of software usage or installation
- No policies or procedures in place for downloading or installing software
A software asset management program can assist in tracking compliance. However, choosing the right one for you depends on how rapidly your software usage grows. A consistent upward trajectory for usage might require frequent audits or an alert system that lets you know if there is an increase in devices using a particular software.
Hiring an outsourced company that specializes in developing software asset management programs may also be necessary to ensure that you’re doing everything you can to track software compliance.
How can you manage compliance risks with software asset and portfolio management?
To eliminate compliance risks, developing a software asset management program is necessary. Companies without one are taking a chance. Your program needs to do three things:
- Track license usage to ensure compliance
- Enable IT growth by determining what technology needs to be acquired and what needs to be upgraded
- Control costs by avoiding or reducing software spend
Companies that are cautious about software compliance should be performing routine assessments and internal audits. Assessments should be done on an annual basis to determine what software is being used, who is using it, and whether or not the software is authorized. Internal audits will help you manage your software portfolio by continuously analyzing what licenses you do and don’t need.
Software compliance is an important part of software usage. To be a responsible user, doing your part to adhere to the standards set forth by the software agreement is important. Using the best practices of software compliance will prevent software management risks and keep your organization safe from an audit. You can’t afford to be in violation of agreements because each violation will cost you.