Software License Audits: What Does It Mean to Be Non-Compliant?
Jan 11, 2010 11:45:38 AM
The risk of non-compliance should rank high on the CIO’s list of concerns, yet more often than not seems to be relegated to an afterthought. Findings from a May 2008 Software License Compliance survey by KACE Systems Management indicated that more than half of the participants from companies with 1,000 or more employees believed they had unlicensed software deployed in their environments. Despite risking failed software audits, negative publicity and hurting the very companies they rely on to succeed (i.e., independent software vendors), many CIOs continue to ignore the issue. However, the software community is catching up by using technologies to identify, trace and litigate against organizations illegally using their products. CIOs can meet the software audit regulations by having an understanding of their companies’ software compliance policy, conducting regular surveys of their software inventory and more.
Victor DeMarines is vice president of products at V.i. Laboratories..
If a software audit is not conducted, there are a number of ways a company can be found using unlicensed software - for example, insiders (whistleblowers) or piracy business intelligence tools.
Insider reports often come through organizations such as the Business Software Alliance (BSA) or Software & Information Industry Association (SIIA), and are generated by the need for software vendors to be sure companies are compliant. This process consists of an outside lead coming into one of the software alliance organizations stating that unlicensed versions of software may be on a company’s network. The software vendor that created the product in question will be alerted by the software alliance organization. At this point, the primary enforcement tool is the software alliance organization sending threatening letters to the business using the software, indicating that an investigation is taking place and offering to give up litigation action if a compliance audit is conducted. If the compliance audit is conducted, the company must provide a list of all the software in question, as well as the purchase dates of the software licenses.
“... the insider report approach is not the most reliable or effective method of determining compliance within a company; there are many cycles involved before any reasonable evidence can be gathered.”
Not only can this approach cause negative publicity for the business in question, but it can be the result of a disgruntled employee trying to cause trouble within a company, or a person searching for a reward from a software alliance organization for turning in a potential non-compliant company. Because of these reasons, the insider report approach is not the most reliable or effective method of determining compliance within a company; there are many cycles involved before any reasonable evidence can be gathered.
The second method, piracy business intelligence, gathers concrete evidence first, then proceeds with an inquiry. With this strategy in place, software vendors are able to collect information about how the software within an organization is being used. Because this is a more granular and comprehensive method of detecting those that are non-compliant, it can help in a situation where a large organization is overusing software licenses or pirated versions of the product. Piracy business intelligence can also assist the software vendor by allowing them to pinpoint where software is being used unlicensed, and save on time and resources on both the vendor and customer end.
Tidak ada komentar:
Posting Komentar