Licensing the unlicensed
- Article 1 of 1
- S Magazine, August 2006
Businesses of all sizes can avoid financial and commercial consequences by ensuring their business software licences are up-to-date and are valid for all users.
Soon after John Pettifor took over as CEO of Campden Publishing, he was in for a shock. The company had been in trouble financially, but then came a call from the British Software Alliance. A former employee had reported Campden for failing to buy enough licences for its applications and fonts.
The result was a nightmare for Pettifor. An audit by the BSA revealed that the vast majority of the company’s software was unlicensed. The cost? £80,000 for the fonts alone. “[It] came as a complete shock,” he says. “The business was in real financial trouble and this issue wasn’t even on the radar.”
“Software asset management” as it’s known rarely figures on any companies’ radars. Most companies assume they have the correct licences for products, since they will generally buy them as they need them. But there are a surprising numbers of ways for organisations to lose track of how many software instances they have and how many they’re entitled to have.
Steve Atwell, head of marketing services at Sage, elaborates. “Many people may not realise it but if their company buys a business that’s gone into liquidation, the licences ‘die’ with that business and they’ll need to buy new licences. Sometimes a business partner will come into the business and use his own enable key to get a piece of software up and running and it will be forgotten about. They may only have an annual licence. Or you’ll buy a licence for 10 users at the beginning, keep adding users then forget to buy licences for additional users when you need them.”
Then, of course, there’s the possibility of employees installing copies of software without the permission of the IT department. And there’s even the risk of employees using office bandwidth to share software illegally over the Internet.
While some regard these breaches as minor matters, their economic effects are by no means small. An IDC survey reports that 27% of the software in use in UK businesses is illegal, which costs local and international software companies £1 billion; a drop in piracy rates to just 17% would generate £2.8 billion in tax revenues for the government, which equates to over 80,000 policemen or 113,000 nurses.
Equally, the law regards failure to correctly license products as a serious crime, punishable by a prison sentence of 10 years and an unlimited fine. Payment of the due licences is usually sufficient, however, and few cases ever make it to court. But, says John Lovelock, director general of the Federation Against Software Theft (FAST), an EU enforcement directive dealing with intellectual property that could change that has now been made part of UK law. “Article 13 makes it possible for software companies to apply for damages as well. Although it’s not yet been tested in court, there is that possibility.”
Lovelock says FAST, which is affiliated with the BSA, receives as many as 100 calls from whistleblowers each month and audits as many as 38,000 businesses each year. The BSA itself offers a reward of up to £10,000 to anyone who reports infringraments, although quite often informers are more altruistic – or at least less self-serving - in their actions. Research by YouGov has found that 64% of UK employees would report illegal activities to an external body if they had raised an alarm internally but their reports had been ignored; 65% would consider reporting their company if they felt their employer treated them unfairly; and 27% said large salary rises for the board or poor salary reviews for staff could spur them to act.
In general, neither the BSA nor FAST would like to think of themselves as the ‘software police’, since deliberate offenders are the minority rather than the majority. Instead, they prefer to advise and help organisations to ensure they have the right number of licences.
Campden’s Pettifor was certainly grateful that the BSA was more understanding that it might have been. “We found the BSA very constructive in their approach, as this wasn’t something we were going to be able to sort overnight. We were given not only sufficient time, but also the guidance we needed in order to put matters right.”
Indeed, Steve Attwell of Sage says the company tries to avoid a ‘big stick’ attitude to enforcing licence compliancy. “If we can across a mid-market company that had to legitimise say £30,000 of licences, we’d try to work out a phased payment for that company. We treat customers with respect because very few customers are actually trying to pirate software themselves – the software is mission critical and they don’t want to rely on pirated software that could bring the business grinding to a halt.”
While auditing a business to find out what software it has installed on its machines can be “onerous”, according to FAST’s Lovelock, there are a number of ways to reduce the burden. Software asset management (SAM) tools can help if there are a large number of PCs that may be running illegal software. These typically work by scanning each computer for executable files and then reporting back which software is installed. The BSA also provides a downloadable set of tools at http://www.justasksam.co.uk and a number of more complete tools are available from companies such as CA, Novell and Centennial Software, some of which have demonstration versions that can be downloaded and used for a short period. They typically cost £8 per seat and upwards to use on a more permanent basis.
After determining who is running which software – since it’s typically only running the software rather than having it installed that counts as requiring a licence – the organisation then needs to determine how many licences it actually has. In some organisations, that may just involve “a quick check in the cupboards” according to Lovelock, or simply ringing the vendor and asking how many licences the company has on record for the organisation; Sage’s dedicated number for licence enquiries is 0845 111 9988.. Software resellers should also keep records of sales; invoices are often sufficient, both for the BSA and for law courts, as proof of purchase of a claimed number of licences, even if the licences themselves can’t be found.
However, organisations should never rely completely on vendors to keep complete records, according to Gartner analyst Jane Disbrow. “A software vendor has the same problems tracking licence sales that a company has in tracking licence purchases.”
Once the correct number of licences and applications installed is discovered, the organisation can either pay for additional licences or decide if it needs all the instances of the software it has. Campden was able to scale down from 11,000 fonts to just 3,000, reduce the number of its servers fivefold and upgrade to the latest versions of some software. This not only saved it money in the long-term, but made the company more efficient.
Once organisations have rationalised licences, they need to ensure that the problem doesn’t occur again. That requires imposing discipline on the workforce and setting down clear policies about what can and can’t be installed on machines. Using various management tools, organisations can lock down desktops and laptops so that it’s not even possible to install new software without the authorisation of the IT department. Gartner’s Disbrow recommends conducting an annual inventory of licences and software to ensure compliancy. She also advises establishing guidelines for maintaining the inventory records so they are consistently recorded, preferably in an asset management system, although the BSA’s SAM tools will also suffice. Policies can also be established as part of a wider management framework, the Information Technology Infrastructure Library (ITIL), which Forrester Research analyst Richard Peynot says provides “tangible cost savings”.
Ensuring software licences are up-to-date has benefits for both customer and software vendor. Although it may involve some work at first, with proper planning it can become a good way to save money and ensure employees aren’t doing anything that could land the company in trouble. Without it? Just ask John Pettifor what can happen.