Advice on getting legit and staying that way

By Jocelyne Lafreniere

Billions of dollars are lost each year to illegal and unlicensed software installations. In a 2007 KPMG survey, 87 per cent of software industry executives indicated their companies suffered such losses, with 34 per cent estimating those losses to be more than 10 per cent of total revenues. (The survey is available at www.kpmg.ca/en/industries/ice/publications.html.)

However, harm caused by software piracy doesn’t stop at publishers’ bottom lines. Companies and individuals with insufficient licenses are also at risk. Not only are offenders subject to potential legal and financial consequences, they are susceptible to security risks and are often unable to access vendor support.

Are you fully compliant with your vendors’ license requirements? It’s not at all difficult for even the best-meaning companies to become over-deployed in the course of regular business. Some common causes of unlicensed installations include:

Complex, vague and ever-changing licensing and pricing rules: In order to meet changing market demands and provide flexibility to customers, publishers frequently change their license models. Confusion around an already-complex matter can be resolved by continuously educating customers of their current usage rights.

Disconnect between buyers and users: When Procurement is buying the software and IT is actually using it, misunderstandings can result in inappropriate deployment. Examples include installing the software on more machines than licensed or hosting applications on the Internet without permission.

Changes to IT environments: When changes are made to a company’s hardware, software is typically allowed to be moved from one server to another. However, if the software should be removed from the old hardware and is not, a company can quickly become over-deployed.

Mergers and acquisitions: When one company acquires another, the acquirer does not automatically inherit the acquisition’s software licenses unless the contract expressly allows it. A thorough due diligence process should be performed to properly assign all software assets before signing on the dotted line. Despite the increased ability of software companies to protect their software from unlicensed use, it is unlikely that publishers will ever be able to completely protect their property. However, there are a number of measures that users and publishers can take to minimize intentional and unintentional piracy (see sidebar).


SIDEBAR

10 best practices

Interested in recovering some of your company’s lost license revenues?

Here are 10 successful practices.

1. Educate customers: ensure both Procurement and IT understand the license agreement and are kept abreast of changes that affect their rights.

2. Require self-reporting: this reminds customers of their entitlement and providing a template helps ensure customers are using the proper information to determine compliance.

3. Consider a contract compliance program: this helps address the risk of under-reporting by customers, and is a good way to educate and better understand client needs.

4. Include audit provisions: audit provisions in the license agreement states your intentions and rights. Even if you choose not to audit the customer, the clause may encourage compliance.

5. Make it a top-down priority: senior executive support signals everyone, customers included, that compliance merits serious attention.

6. Use a risk-based approach to select customers for review: although random selection may reveal the extent of noncompliance, a risk-based approach is a more efficient way to uncover losses.

7. Use a third-party to conduct the reviews: independent third parties bring resources, experience and objective execution to an otherwise demanding process.

8. Leverage the customers’ information: this is often a more efficient approach and also promotes a healthy long-term relationship between publisher and customer.

9. Make it a learning experience: compliance reviews provide opportunities to teach customers how to better manage their software assets.

10. Request payment for over-deployment: it is important to establish from the outset that over-deployment is no different from receiving additional packaged products; be clear you expect to be paid.