As IT professionals, we have a responsibility to ensure that the companies we work for understand and comply with laws regulating software licensing. Whether you are a CIO, network engineer, consultant, or service provider, understanding and applying sometimes complex licensing requirements is part of the job. However, many IT professionals are unaware of both the business and legal consequences resulting from a lack of compliance. Here’s a look at the consequences of not taking compliance seriously. To help you get started managing your organization’s licenses, we’ve also included a free download for tracking your software.
The problem at hand
In early 2001, International Planning & Research Corporation completed a study of the level of piracy worldwide. The good news is that last year, North America continued to be the area with the lowest piracy rate, at 25 percent. The bad news is that this 25 percent of pirated software meant more than 30 billion dollars in lost revenue in 2000, among the highest in the world.
The surprising fact is that the great majority of companies who pirate software, about 90 percent, fall into the category of small and medium-size businesses. Here is how the situation starts: A company buys one copy of a software program such as Microsoft Office, and for whatever reason, spreads it across multiple computers in the workplace. Very shortly, the company has gotten itself in a situation where it is not compliant with the licensing agreement terms of the particular software product.
This is a common scenario that virtually every IT professional has witnessed and possibly participated in. What you may not have known, however, are the legal ramifications—including stiff penalties and criminal prosecutions that exist for almost every act of installing unauthorized software.
No discussion of software compliance or piracy is complete without a mention of the Business Software Alliance (BSA). The Business Software Alliance is an international organization representing leading software developers in 65 countries around the world. BSA members include companies such as Adobe, Apple, Macromedia, Microsoft, and Symantec. Their primary mission is to educate users about software copyrights and to fight software piracy.
Fighting software piracy is something that the BSA has actually been very successful at. In fact the BSA, acting on behalf of its company members, has collected approximately $59 million from the corporate world since the group’s inception in 1988.
How does the BSA find and collect on companies distributing unauthorized software? The source may or may not surprise you. Disgruntled employees are the number one source for leads obtained by the BSA. The BSA receives about 1,500 calls a year from its hotline (888-NOPIRACY) and about as many leads from e-mails sent to its Web site. If an initial investigation turns up substantial evidence that a company is using unauthorized software, the BSA will move to obtain a court order to perform an audit on the offending company.
This audit is more like a raid because the BSA auditors, along with a few not so friendly U.S. marshals, show up at the business under suspicion. They then proceed to audit and inventory every piece of software installed on every computer system, including workstations, laptops, and servers. Each software use for which the company can’t produce a valid license is fined up to $150,000. These raids are usually highly publicized—a deliberate attempt by the BSA to promote awareness of the consequences of the illegal distribution of software. If you think this scenario is extreme, think again. The BSA is stepping up its efforts and is determined to make examples out of more companies.
License compliance is a topic that very few professionals in the technology field want to discuss. It often involves audits, inventory, purchasing, and other items that savvy IT pros don’t consider to be a flashy part of the profession. However, as an IT professional, you do have an obligation to help the company or client you work for assess and understand where it stands in the struggle to maintain license compliance. Unfortunately, this is a complicated issue, especially when you enter into an IT environment you have inherited due to a new job or engagement. No one wants to have to go up to the boss after a few weeks on the job and inform him or her that the company has illegal copies of software floating around. Many times it is much easier just to say, “This is how it was when I got here” or “I assume they have a license for this.”
Most of us, myself included, have actively taken part in distributing software that we knew wasn’t purchased. Sometimes this is done as a request from a user or supervisor. Often, it seems easier to just install the software first and deal with the license issue later, if at all. All these scenarios are wrong and can potentially lead to a series of high fines for the company. I say fines for the company because you personally are not legally responsible for the unauthorized distribution of software within a company. It is solely the company’s legal obligation. However, as a knowledgeable and trusted IT professional, you may be responsible for bringing any possible occurrence of pirated software to your company’s attention. So what can we, as IT professionals, do to help keep the companies we work for out of trouble with organizations like the BSA?
Steps toward getting compliant
Most companies are unknowing participants in software piracy because they don’t understand current licensing requirements. Undoubtedly, as software gets more complex so does the licensing. The barrage of licensing choices and requirements is almost enough to justify the role of a full time “licensing specialist.” Unfortunately such a designation does not exist for most companies, and we are left to decipher the complex licensing terms on our own.
Vendors present their licensing models in a variety of flavors. We have open licensing, volume licensing, academic licensing, upgrade licensing, and competitive upgrade licensing. As if that were not enough, now many vendors are moving to a subscription licensing model. This new model is designed with an attempt to simplify the licensing model of many software products; however, only time will tell if this is the result.
Understanding the licensing specifics is only part of the battle. Hopefully, your company has an effective software management plan in place. This software management plan should allow for the audit and inventory of all software assets installed on company computers. If you do not currently have any kind of tracking mechanism, this free Access database file can help you get started. A number of commercial tools on the market can further assist you in managing compliance, especially if you work in an enterprise organization.
A common software asset management program is Microsoft’s Systems Management Server. This sophisticated and complex product, usually deployed in large enterprise environments, provides detailed information on software installed.
If you are looking for a less complex tool that will quickly and accurately collect software inventory information, I recommend GASP. This is the BSA’s own tool, which its auditors use. The BSA version of GASP is a suite of programs designed to help you identify and track licensed and unlicensed software and other files installed on your company’s computer systems, including desktops, laptops, and network servers. The BSA offers a free, 60-day, fully functional copy for up to 100 systems so that you can give it a test run.
The last step in this process is the most important. In conjunction with an understanding of software licensing and a software management plan, companies should strive to establish a clear and concise software policy. This policy should help employees understand the value of software and learn the difference between legal and illegal use, as well as pledge their commitment to the proper use of software. The software policy should also outline the company’s goal to manage the software for maximum benefit and detail the procedures for acquiring legal software. TechRepublic offers a free download of a sample software installation policy.
With the risk of thousand of dollars in fines and a publicly embarrassing audit, IT professionals need to be cognizant of their potential role and responsibilities when dealing with software piracy within the companies they work for. Demonstrate to your organization that you have a keen understanding of licensing issues and bring to light any occurrence of noncompliance you find. Go a step further and present ways for your company to assess and gain compliance in an effort to keep organizations like the BSA from knocking on its door.
How do you currently manage software licensing compliance?
Do you have software in place to track licenses? We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.