Stay legit with software asset management

Having the right tools will help keep businesses from running afoul of the law, say experts.

Negligence may land your organization in hot soup, if you do not act now to manage your software assets under the accordance of your country's regulations.

Two recent criminal cases surfaced earlier this year which highlight the fact that law enforcers around the world are taking more stringent steps to enforce intellectual property (IP) rights.

In late Sep., a software pirate was made to pay US$1.1 million to Microsoft and Symantec in a U.S. criminal software piracy case.

Earlier that month, police in Singapore raided a company for breaching software licensing agreements as well as for using pirated software. In a statement issued to the press, the Singapore Police Force warned the offence "carries an imprisonment term of up to six months or a fine of up to S$20,000 (US$11,820), or both".

The Singapore government on Jan. 1, 2005 had amended the Copyright Act to include under-licensing as a criminal offence.

However, many companies including small and midsize companies, are finding the ability to comply with software license agreements a great challenge.

In October, the U.S.-based Software & Information Industry Association (SIIA) released a study which found that 72 percent of enterprises manually track license compliance or do not track it at all. The results were culled from a survey of 500 software industry executives in the United States.

Four Steps to SAM

Step One: Know what you need
A SAM plan should start with the following questions:
Do I need software?
Am I using the right software, in terms of efficiency and effectiveness?
Are staff happy with their current software?
Are there alternatives that would enable staff to operate more efficiently and effectively?
Are there current software that I don't need anymore?

Step Two: What do you have?
Next, list down your organization's software assets. Ask yourself:

Am I using the most suitable version of software for my needs?
Am I using outdated or unnecessary programs that can be deleted?
Are there software programs that I should get to be more productive or efficient?
Does each employee have the correct programs available to him or her?
Are they properly trained to use the software?
Do I have illegal, unauthorized, or unlicensed programs in my organization?

For each copy of software installed on each computer, record the following details:

Product name
Version number
Serial number
In addition, take an inventory of material related to the software on your computers, and ensure that these material are kept for at least as long as the software remains in use. Such materials include:

All floppy disks, CDs or storage media used to install programs
All original manuals and reference documentation
All license documents
All invoices, proof of purchase, and documents proving the legitimacy of your software, including software pre-installed on computers that were sold to you

Your software audit can be done manually or by using software audit tools available on the market. Software audit tools are available on a free trial basis at the BSA website at www.bsa.org.

Step Three: Run a check
With your inventory in hand, do the following:

Compare the installed software with the licences that you have
If you identify any illegal software, delete them at once Compare the legal software with the needs of your organisation as identified in Step One
You can now decide which software you legally have that you want to keep, upgrade, or discard, and plan or budget accordingly.

Step Four: Living with SAM
To be effective, SAM has to be a continual process. To keep the process going:

Appoint a software manager who is responsible for SAM
Schedule regular audits of computers
Coordinate your organization's software needs with your software manager
Issue a company policy statement stating the organization's commitment to use only legal software
Conduct random checks
Send out periodic reminders on the use of legal software

Source: Business Software Alliance

A quick check with companies here confirms that at least one of them indeed use manual processes to keep track of their software assets.

Vincent Chang, senior director of business development and controller of the Coffee Bean and Tea Leaf chain of cafes in Singapore, told ZDNet Asia that the company uses "an Excel Spreadsheet", which lists the total number of software it currently uses and "the number of licenses we have in place".

However, he added: "There is a yearly budget to ensure that there is adequate provision to cater for (additional) software (licenses) of new users coming on stream, or for new applications."

Legally bonded
Companies that are not software compliant run the risk of being liable for thousands, if not millions of dollars, should they be found to be guilty of copyright infringement.

According to Keith Kupferschmid, vice president of IP policy and enforcement at the SIIA, in addition to the legal consequences, errant companies lose technical documentation that accompanies the legitimate software, as well as technical software, technical support, upgrade and bug fixes.

Kupferschmid warned: "If a company does not have a software asset management policy, it almost certainly will not be software compliant. Software compliance can be a difficult, time-consuming process and if the proper policies and procedures are not in place, a company is going to have a very difficult time being in compliance."

An effective software asset management strategy helps companies identify and root out pirated software and address under-licensing issues, so that they are in line with copyright laws, said Tarun Sawney, Asia director of anti-piracy, Business Software Alliance (BSA). The international software body also offers recommendations and tools on how companies can stay within the legal boundaries.

Software non-compliance in the business environment, whether through under-licensing or the use of unauthorized or infringing software, is often the result of a lack of proper software asset management processes in the organization, he added.

For the hapless however, there are tools that companies could implement to make sure they do not run afoul of the law.

ISVs (independent software vendors) such as Altiris, Mercury and Symantec, have products that help enterprises keep track of their software assets.

Altiris Compliance Suite, for example, tracks where applications are installed, and how often they are used. The vendor's Asset Management Suite captures detailed software inventory of installed applications across the company's complete IT infrastructure, and tracks usage data for all commonly used applications.

"The suite alerts IT staff when application installations exceed the number of purchased licenses," explained Tom Galantomos, director of strategic alliances at Altiris.

Mercury Interactive has a Mercury IT Governance Center (ITG) with a Portfolio Lifecycle Module, which tracks a company's software assets. When monitoring assets, the Mercury ITG Center traces the operating expenditure that companies incur on these assets, in the form of support and maintenance, resources deployed to support the applications, and so on.

Mercury ITG also has embedded Asset Management workflows that allow organizations to automate and track the lifecycle of their assets. The software tool monitors a company's IT portfolio, which requires a regular accounting of applications or systems that are already in production.

Said Damien Wong, Mercury's Asean ITG director: "The ongoing cost of maintaining production applications and the running benefits they bring to your company, need to be balanced so that (the) management (team) can make decisions on when production applications are no longer worthwhile to keep around, or need to be replaced."

Meanwhile, Symantec's Application Infrastructure Management software are licensed per node, and have a key-based licensing system to activate a product for use, said Eka Hartono, senior manager, product marketing, Symantec Asia-Pacific.

"This system controls by preventing the network from exceeding the stipulated number of licenses, rendering it more secure," she said. "And because the system has a Web-based feature, it allows our customers the flexibility of adding more licenses via the Web," Hartono explained.

In addition, Symantec has a LiveState Client Management Suite, which has an asset discovery and management function that helps customers track software installation information.