How to stay on the right side of licensing law

Taking an apathetic view to software licensing can cost you dearly. So before your organisation is named and shamed find out what...

Taking an apathetic view to software licensing can cost you dearly. So before your organisation is named and shamed find out what you need to do to get your house in order.

The British Software Alliance's "naming and shaming" campaign has chilled the heart of many an IT manager. Last year several companies came under fire from the BSA for failing to meet licence requirements. This January, failure to comply with Microsoft's labyrinthine licensing terms cost Clackmannanshire Council almost £150,000 in fines and licence fees.

Some industry players are fuming over the BSA's big-stick approach. Others are pondering the question of whether companies like Microsoft are really trying to make it easy for corporates to stay legal.

"I almost think Microsoft doesn't want the licensing system to work better," reflects Randy Britton, communications director of asset tracking vendor Tally Systems. "They really push enterprise agreements that encourage companies to buy 100 extra copies just to be on the safe side. Does that work to Microsoft's advantage? I couldn't possibly say"

Too much of a good thing?
But the good news is that the same software asset management tools that help companies keep on the right side of the licensing laws can also help them ensure they don't pay Microsoft and other software vendors over the odds.

As Gartner Group points out in its October 2001 research note IT Asset Management: Reduce Costs and Minimise Risks the benefits of a more thorough approach to software asset management cut both ways.

"Many enterprise software purchasing strategies revolve around software licence management - ie, overbuying to ensure compliance," Gartner points out. "Installing a software usage tracking process can help enterprises optimise software licence allocation and contain maverick overbuying. On average, an enterprise can save up to 5% in licence fees in the first year, and 2% to 3% in ensuing years."

According to Richard Willmott, general manager of corporate services for the Federation Against Software Theft, software management is a piece of cake. "The process for becoming software compliant is quite simple and can be done in four easy steps," he assures IT managers. "Establish policies and procedures; conduct a software audit; reconciliation to determine correct licences; and ongoing management."

Four steps maybe, but not necessarily cheap or easy ones. If you're a small organisation with just 20 PCs, going round all of them and checking what's on the hard drives may not be too arduous a job - especially if the range of applications you use is small. But if you're a large organisation with thousands of PC users and a wide range of applications in use, it's a pretty daunting task.

Every company needs a matchmaker
Automated tools exist to help bring the problem under control. At the most basic level, asset tracking tools can be used to scan each PC's hard drive over the network and compare the list of installed executable files with a central software library. Scans can be carried out either on demand or at user-defined intervals.

Knowledge is power, and the information from these scans can come in useful in a number of ways. For example, they will often identify where a specific PC is by the network connection it is using, enabling companies to track down lease machines that they have to hand back and which
might otherwise be lost.

According to Gartner Group, nearly 80% of UK companies haven't even got this far in automating their software management. One problem is that as well of the cost of the tool itself, there's the cost of configuring it so that the central library recognises which executables belong to which application, who is authorised to use what and so forth.

And simply knowing what's on each disc won't necessarily help you much. "The problem with that approach is that none of the software publishers help you keep your library up to date, so recognition of what you scan against what you know is pretty poor," points out Ian Dunn, chief technical officer for software asset management specialist Monactive. "When you compare the 10,000 files you've found on the disc with the library, you can still be left with 40,000 unidentified files, and it's hard to know whether they're important or not."

Some companies go a step further by offering software recognition. Tally Systems says that its patented recognition method can produce an application profile that shows the files that make it up and their characteristics; whether it's part of a suite or bought individually. Its tool can then "fingerprint" applications and correlate their nomenclature to your software library.

Get used to IT
A growing number of asset management specialists advocate a usage monitoring approach. This involves installing a software agent on each machine to continuously monitor activity and report back at regular intervals. This has two main benefits. One, seeing which files are in use helps to identify which ones are important. Second, it helps you see exactly how many licences you really need.

Construction consultancy WSP has to keep track of software used by over 700 remote workers around the UK. Its electronic inventory product told it what software was installed, but not what the software was and whether it was being used. It is now using Monactive's dxPRO software asset management tool to actively monitor software use.

"For example, we've just bought some £25,000 computer-aided design software and we want to get the best value from it," says Buzz Albats, WSP's technical director. "If we find it's only been used for two hours a week at one office, it makes more sense for us to install it somewhere where it's really needed rather than buying a second licence for that location."

But Milind Govekar of Gartner Group warns that "it's not always possible to do active monitoring. Not only might you have a variety of different platforms you need to monitor - Macs, Solaris, HP-UX, PDAs and so on - but each piece of software has a different licensing model. The rules may be so different that it's hard to do active monitoring.

Tie up all your loose ends
For maximum effectiveness, point tools for disc scanning, usage monitoring and so on need to be hooked into an asset management system which integrates the physical inventory with existing internal systems that track contracts, purchasing agreements and so on. "But that means integrating a lot of systems," points out Britton. "That can take six months-plus to implement, and most companies don't have the time to wait. You can get asset tracking going in a matter of weeks."

Probably the most elementary form of software management, though, is simply to ensure that no-one can install anything on the company's PCs without the IT department knowing. At WSP, none of the users have admin rights on PCs, and it's a disciplinary or even dismissal offence to run unauthorised software. "The next step is total lockdown on all 2,500 PCs so users can't do anything apart from what we permit," Albats says.

It seems that Big Brother has finally arrived. But he just could save your company a lot of hassle and money when it comes to software licensing.

Read more on IT risk management