Software asset management: Staying the right side of the law

The past few months has seen a flurry of investment in software asset management solutions. With levels of unlicensed applications still worryingly high, it’s an example every enterprise would be wise to follow.

By Jessica Twentyman.

In July 2005, software giant Microsoft found itself better off to the tune of £750,000 when it reached settlement with two UK customers that had been found to be using unlicensed versions of the company’s software. That sum might be small fry to Microsoft (which in its last full fiscal year reported a net income of £8.2bn), but certainly not for the customers involved.

Executives at Microsoft claim that the settlements show the potential downside for companies of not having the proper controls in place to manage software licenses. In fact, they add, a recent survey of 25 UK customers that have worked on software asset management projects with Microsoft partners in the last year found that, between them, the companies had 2,000 copies of unlicensed software.

That is a staggering figure – but the extent of the problem of unlicensed or improperly licensed software is far greater than many company directors will acknowledge, according to software-industry experts. Indeed, a May 2005 survey conducted by IDC on behalf of the Business Software Alliance, a not-for-profit consortium of some of the world’s largest software vendors, found that 27 per cent of software used in the UK is pirated.

It is easy to dismiss that as scaremongering: detractors point out that the BSA and other organisations like it, such as the Federation against Software Theft (FAST), are run and paid for by software vendors and are intent on maximising revenue at the expense of the companies that they ‘name and shame’, even where criminal intent to defraud is not found.

But the fact is that the legal pressure placed on customers by such bodies can be intense. In October 2004, the BSA announced it had collected $2.2m from 25 companies in its annual piracy sweep. Among the UK organisations that have fallen foul of the BSA in the past five years are UK retailer House of Fraser and Clackmannanshire Council. And in November 2004, the BSA announced it was doubling the maximum reward it will pay out to individuals that report companies for using pirated software to £20,000 – an attractive way of inviting former employees with a grudge to contact the BSA’s whistle-blowing hotline.

Not only that, but non-compliance with software licensing rules is a punishable offence under UK law – albeit one that is rarely, if ever, applied. Under revised legislation that came into effect in November 2002, UK company directors face up to ten years in prison if they fail to stamp out the use of unlicensed software within their businesses.

“All too often IT policy enforcement and management is left solely to the IT department, in the belief that when IT staff say that correct licenses are in place, they are. But directors must not allow themselves to be fobbed off by IT staff as they can also be the culprits. Company directors need to have a firm grip on their technically able IT staff,” says John Lovelock, director general at FAST.

With compliance and good corporate governance under review at most companies, it is hardly surprising that many are rethinking the way they purchase and manage software licenses.

Many are embarking on software asset management (SAM) programmes as a result. Software asset management is defined by the Institute of Directors (IoD) as “all of the infrastructure and processes necessary for the effective management, control and protection of the software assets within an organisation, throughout all stages of their lifecycle.”

“The role and importance of externally acquired software has changed dramatically in recent years, to the point now where it has to be regarded as a business asset and managed as such. Software asset management has become an imperative, not an option,” says George Cox, director general of the IoD. Software licenses are undoubtedly business assets, he argues, and companies that fail to manage them properly expose themselves not only to business constraints but also considerable legal and financial risks.

This is particularly important when it comes to enterprise content-management software. The growing scope of these packages, combined with rapid consolidation among ECM vendors, means that their customers frequently find it hard to track which tools they own and use. “In the UK, we don’t typically find the same licensing issues that we find in regions such as China and Africa. Most of our clients have no interest in exploiting loopholes in licensing and go a long way to ensure that they are adequately licensed to use our products and we do as much as we can to assist them,” says Tony Heywood, senior vice president for Europe, the Middle East and Africa at ECM software company Hummingbird.

“Still, as ECM technology aggregates, the licensing situation can become more complex,” he continues. “For example, a company that licenses reporting tools from us as part of a contract-management deployment cannot then use those tools to report on staff deployment, for example – that constitutes an extension of the license and requires re-licensing.”

As a result, there is potential for greater abuse, he admits. “But we increasingly find that, with the spotlight on corporate governance, most firms are now better equipped to monitor their own license usage and we’re generally pretty confident about the way they enforce that.”

Tracking imperative
The message is clear: organisations need to track software usage as part of their wider compliance initiatives. That is good news for suppliers of specialist SAM software such as Peregrine Systems, BMC, Computer Associates and Altiris.

SAM tools from such companies perform a number of tasks. They perform inventory-discovery checks to assess what software is in use in an organisation, controlling its use and storing information about software assets in a central repository. They control the software-procurement cycle, processing user requests for software, confirming their entitlement and then tracking the testing, evaluation and release of software to users. They manage software contracts, alerting managers when discounts might be requested from suppliers and alerting them when licenses are due for renewal.

These tools can be used to address two separate issues that are often discovered in the course of a software-asset audit, says Jonathan Price, a consultant in the technology services division at Computer Associates. “Most companies either have software that is unlicensed or have software that they have licensed but are not using. In many cases, there are elements of both,” he says.

Either way, few end-user organisations deliberately set out to use software illegally, says David Kavanagh, business solutions manager for change and configuration-management products at BMC Software. “The intention of companies that have problems complying with software licensing is rarely fraud – it’s just a symptom of mismanagement. In fact, we see a high level of probity displayed among companies that we work with on SAM projects – they know they have a problem and they want to put that right.”

Correcting that problem does not only ensure compliance, adds Ian Macdonald, product marketing manager for Europe, the Middle East and Africa at Peregrine Systems – it can also cut software costs. “When a company is not aware of what software it has, where it is located and who is using it, the result is increased cost.

SAM tools track the location of deployed assets, enabling IT to recapture and re-use software where appropriate,” he says. “Take the example of Microsoft Project for project management. Licenses for this package are frequently bought by individual project teams and then never used again once the project is complete,” he continues. But what tends to happen is that a new project team working on a new project goes and buys new licenses, instead of investigating what MS Project licenses their employer has already bought and paid for.”

“Most companies tend to find that they over-subscribe to some software packages,” agrees BMC Software’s Kavanagh. “There is no real visibility on the behalf of people that are handing out software. What SAM imposes is rigorous self-discipline that enables the company to cut its cloth to suit its needs.”

Effective SAM can also reduce the cost of supporting that software, according to Macdonald of Peregrine. “When IT does not know what is installed on an end-user’s PC, it cannot easily diagnose problems or pinpoint PCs that need updates when application-security vulnerabilities arise.

As a result, the average time it takes to resolve an incident increases and additional support expertise is required to handle the additional applications,” he says.

These arguments, says IDC analyst Frances O’Brien, suggest that companies should get started on SAM initiatives immediately. “If your business has not yet made a commitment to software asset management, there is significant opportunity to focus resources on this area and achieve a disproportionate benefit. The expected 25 per cent reduction in total cost of ownership is not sustainable recurrently, but will make a noticeable impact on the bottom line during the five-to-seven year implementation period,” she says.

Also, she adds, because any money saved through a SAM programme is saved for the duration of the contractual commitment, companies that do not begin to manage these costs now will not be competitive in the future, because they will be building their budgets from a much higher cost base.

Those that have begun to consciously manage software better have found themselves on improved footing with suppliers and better positioned to negotiate future deals with them. Take, for example, City law firm Berwin Leighton Paisner (BLP), which uses Peregrine’s AssetCenter product to manage its software. “We have included all invoices and purchase-order information [in AssetCenter], so we can start to manage future negotiations with software suppliers in a more structured manner. Having all our license information stored electronically provides us with more flexibility when reviewing our relationship with large account resellers,” says Julie Jakings, systems support manager at BLP.

That has had a knock-on effect throughout the business. “I’ve used AssetCenter to generate reports when negotiating our Microsoft Enterprise agreement renewal and it made what has in the past been a time-consuming and complex exercise into a very fast process indeed,” says Kathy Hanna, BLP’s compliance officer.

By following that example, other companies will likely find that their software truly becomes an asset, rather than a management headache, compliance blackspot and a potential source of fines and bad publicity.

Perspectives on piracy
“We think that effective software asset management is an increasingly important issue for businesses in the UK – particularly as small and medium-sized businesses become increasingly reliant on technology. It’s imperative that company directors take a strategic approach to managing their software assets.”
Patricia Peter, head of corporate governance, Institute of Directors.

“The level of software piracy remains unacceptably high. While ongoing campaigns by ourselves and other creative industries will help raise awareness of the piracy problem and respect for intellectual property, the support of the government will be crucial in bringing the rate down.”
Siobhan Carroll, regional manager for Northern Europe, Business Software Alliance

“Software piracy continues to be a major challenge but the government is fully committed to bringing the piracy rate down further. Protecting intellectual property will play a key role in the future prosperity of the UK. Piracy stifles innovation and creativity and has a significant impact on employment, economic growth and public spending.”
Janet Anderson MP, chair of the All-Party Parliamentary Group on Intellectual Property Protection.

“Software piracy doesn’t just affect the software industry but also causes serious problems for British industry as a whole through the loss of quality control that legitimate suppliers provide. Companies must ensure their software is licensed and up-to-date to avoid business disruption caused by viruses, spyware and other pernicious software that is often inserted in piracy copies of the genuine article.”
Jeremy Beale, head of ebusiness group, CBI.

To help small and medium-sized companies to stay on the right side of software licensing laws, the Business Software Alliance publishes a website, www.justasksam.co.uk, which offers free tools and advice.

The site outlines the benefits to companies that put in place best-practice software asset management. These include:

Taking the pain out of the annual software inventory by having a constantly accurate inventory that can just be printed out when needed;
Always knowing who is using what software;
Easily identifying if users have software they don’t need, which can be reassigned rather than purchasing new software;
Giving a company more bargaining power with software vendors by knowing how many licenses it has, how many it needs and whether it qualifies for discount under bulk-purchase schemes;
The ability for IT to impress the board with software budget requests that are based on accurate, up-to-date information and analysis;
Making future planning more effective by having a clear understanding of current requirements;
Making upgrades more targeted, hassle-free and cost-effective;
Reducing the chances of viruses and defective software by making sure the company has only authorised software on its systems;
Ensuring a company receives all the upgrades and support it is entitled to from software suppliers.

For more details, visit: www.justasksam.co.uk

“We will modernise copyright and other forms of protection of intellectual-property rights so that they are appropriate for the digital age. We will use our presidency of the EU to look at how to ensure content creators can protect their innovations in a digital age. Piracy is a growing threat and we will work with industry to protect against it.”
Labour Party pre-election manifesto, 2005.