UPDATED 15:59 EDT / SEPTEMBER 26 2013

Bridging the Great Divide: How to Align User Behavior with Software License Compliance

IT would be so much easier if it weren’t for end users. They don’t read the manuals, they install applications with carefree abandon, they ignore security vulnerabilities – because that’s IT’s job, right? As for software licensing, few users, if any, even understand the concept, let alone the complexity of today’s compliance landscape.

Just as with IT security, staying on the right side of license compliance is a process that must be carefully defined and executed. Implementing the right software license management tools will certainly help, as will understanding the licensing complexities that prevail within organizations boasting complex IT infrastructures, prolific software portfolios, and sophisticated license models. Often overlooked, however, is the importance of educating the user base about how to make good decisions if an organization’s attempts to maintain best licensing practices are to succeed.

The onus falls on IT leaders to ensure that workers understand the importance of adhering to a set of basic standards. Follow-through and enforcement are key parts in the success of any critical corporate initiative, so the IT team must be equipped with tools enabling them to oversee the process and take corrective action if required.

Communicate Clearly

 

It all begins with a well-articulated and clearly communicated software usage policy that swaps technical mumbo jumbo for succinct, straightforward guidelines. You should avoid reproducing the incomprehensible language of software license agreements in your guidelines. Workers won’t be able to curb risky behavior if they need an interpreter to work out what is meant.

.

Customize Your Policy to Your Organization

 

The details of your software usage policy and the strategy for communicating it will, of necessity, depend on many variables including: your organization’s size, number and location of offices, and complexity of your software portfolio. You’ll also need to factor in any specific technology needs and the level of understanding of your users. For example, the IT department of a school district would probably need to enforce much more rigid controls and be on the alert for different behavior than a commercial organization with diverse departments, varied software requirements, and a “bring your own device” policy.

One significant benefit of putting a formal software usage policy in place is that your organization is likely to better prepared the next time you are confronted with the virtually-inevitable software audit. If a vendor sees proof of conscientious efforts to prevent overstepping license limits, it  may be less inclined to penalize carelessness or suspect ill intent during the investigative process.

A well-developed software usage policy requires just a few key components.  Here are our recommendations on what should be included in a document that will serve your organization over the long term:

.

1. Tell employees why you need a software usage policy. Don’t focus exclusively on IT management needs:  give equal weight to legal and network security priorities as well. Explaining the potential consequences of a failed audit, a security breach, or a lawsuit makes for a powerful argument.

.

2. Establish and articulate software purchasing guidelines. Clearly articulate the process for requesting software, if purchasing will be managed centrally. If employees may purchase software on their own, be sure to define the boundaries. Points to clarify include:

.

  •  Is there an approved vendor list?  Conversely, is there a blacklist of vendors or applications?
  • Within these parameters, do some purchases still require approval? Examples of such purchases might be certain types of applications, software that appears non work-related or software whose cost exceeds a certain level.
  •  How should purchases be documented? What kind of authorization is required?

.

3. Provide guidelines surrounding software installation.  Be clear about the activities for which employees must obtain authorization, or anything that’s expressly not allowed.  For example, give details of any software, freeware, or shareware that employees are allowed (or forbidden) to install or uninstall.  Is permission required before the action is taken or is documentation required to record what has been done? Are employees allowed to transfer software to another company-owned or home machine, and if so what authorization is needed?

.

4. Be clear about the consequences of not adhering to acceptable usage policies.  Also provide details about how compliance will be enforced. For example, if you’ll be monitoring usage and blocking unauthorized software, let employees know that their activities will be under scrutiny.

.

Software asset management technologies are available to help monitor software usage, keep track of licenses, and block unauthorized programs, but if users and IT aren’t on the same page, managing software license compliance is an uphill task.  Establishing, clearly communicating, and enforcing a sound usage policy will prevent many of the issues that arise when IT managers and users aren’t on the same page. Your organization will benefit from a more secure, stable, and compliant network and, as an IT professional, you’ll spend less time fixing problems and more time sleeping at night.

.

About the Author

Kris Barker is co-founder and CEO of Express Metrix, a leading provider of IT asset management software. Barker is a member of the DMTF Software Entitlement Working Group, participated in authoring ISO/IEC 19770-2:2009 and 19770-3 standards.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU