Getting to grips with licence management
Can you be certain that everything on your network is properly licensed and paid for?
When people think of licence management, often they focus on ensuring they’re using legitimate copies of Windows and Office. Unfortunately, that only covers what former US defence chief Donald Rumsfeld memorably referred to as the “known knowns”. The sticky part of licence management is getting to grips with the “unknown unknowns”. People do strange things with computers, and even on a well-managed network you can find little fan clubs keeping old applications and variant releases alive, without giving the slightest thought to licensing.
Take activation, for example. For some, it’s a clear indication that an application is legitimate and there’s no need to worry, but activation alone doesn’t prove anything. Software can deactivate itself for all sorts of reasons: Some apps have time limits, some won’t start unless they can contact their licence server, some will only run in a particular region (and only reveal the fact once you’ve landed for your overseas business trip) and so forth.
Then there’s the issue of software that happily activates itself but still isn’t legal, owing to some contravention of the small print. For example, you might have a valid licence, but not the right one for professional use or for the hardware on which you’re running the software. According to the absolute letter of some software licences, you could be in violation by simply restoring an installation of the software from a backup. Being advised to contact your insurer for a new software licence is not unusual – shameful, but not unusual.
A simpler life in cloud and open source?
If your line-of-business apps are hosted on the cloud, licencing is less likely to be an issue, but it’s still not a sure thing. Arguably, the administrative burden goes up because it’s on you to ensure you’re not overpaying for oversized server instances and excessive bandwidth; the cost of getting such things wrong can be not only steep but also recurrent.
In the face of these challenges, it’s easy to think that a move to using open source software would be an easy solution. In reality, however, this type of software is licensed too – and some seemingly free packages are supplied under terms that are at least as awkward as those accompanying commercial software. By all means, rely on the open-source agreements you’ve got, but make sure you understand what might be expected of you the day that the compliance team drops by to give you a checkup.
Handling legacy systems
For many established businesses, some of their systems were set up years ago, making it harder to determine if old apps they’re running are appropriately licenced. Indeed, a typical office computer often has a service life longer than the required (or actual) document retention period. In many cases, however, licences are bought through a reseller, which should be able to provide a purchase history. It also makes sense to start keeping your own records, if you’re not doing so already. Check the end user licence agreements for anything running on your network too – and before you invest in new software, consider seeking a legal opinion on the licence.
Finally, don’t rely on the software publisher to give you the heads up that a licence contract is coming to an end. If you’re buying your code directly from the developer, you might reasonably expect some old-school customer service, and an understanding approach to any licence issues. But in the ruthless corporate world of software-as-asset, you’re unlikely to get any warning ahead of a brusque letter from your local compliance agency. Your best bet is to ensure your house is in order before things get hairy.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.