Implementing a License Management System: Best Practices
Unless you buy software explicitly under the public domain, you don’t actually own the software itself: You are only allowed to use it according to the rules of the license agreement (often called an end-user license agreement or EULA). Because litigation is not in the interest of software vendors, many of them now outline license agreements that focus more on the productive side of the engagement than on legal proceedings (unless there are serious violations). In terms of preventing contract breaches, a common approach is companies more frequently auditing how you are using their software and adjusting your licenses through a true-up formula. Note that although this helps avoid big fines, true-up derived usage can still be expensive as well as an administrative burden.
A license management system (LMS) helps organizations navigate these complexities by acting as an asset control tool. The core function of the tool is to help you proactively manage software licenses and usage, with the overall objective of mitigating the risks of audits, non-compliance, and unexpected costs.
In this article, we discuss various factors that impact modern licensing programs and implementation strategies and best practices for an LMS to function optimally irrespective of your tech landscape and enterprise size.
Summary of key best practices for creating a robust license management system
| Best practice | Description |
|---|---|
| Establish what was purchased | Collect and document what was purchased for licensing as well as the modality of the licensing in each case (e.g., by user, by device, by core, etc.) |
| Centralize your license inventory | Automatically discover and track all software licenses in your IT environment. Create a single source of truth for license management. |
| Proactively manage license renewals | Set up automated alerts and notifications for upcoming license renewals. Avoid compliance issues and service disruptions. |
| Minimize license compliance risks | Generate comprehensive license usage reports. Compare usage with entitlements and identify potential compliance gaps. |
| Extend license management to the cloud | Integrate with your cloud providers to manage cloud-based licenses and gain visibility into your entire software estate. |
License management system facts and myths
All software products come with licenses that outline their terms of use: Licenses determine who can use the software, in what ways, and for how long. A license management system helps companies keep track of their software licenses, so they always know what software is in use and who’s using it. The system can even automatically scan your devices to see what’s installed, even if it’s not running. This helps you make sure there are enough licenses for everyone and that nobody is using any software in a way contrary to license requirements, which can lead to costly infractions.
Some argue that the initial LMS implementation difficulties and expenses can be so high that one should not even start using such systems unless they have the resources in place. While this can be true for some specific setups, the maturity of your LMS tool is always a determining factor that can influence such aspects. A mature LMS offers many advantages. Established vendors draw on their extensive experience, industry best practices, and customer feedback to build mature LMS solutions with standardized processes, templates, and tools designed for smooth implementation. Plus, with a wider range of built-in features, you’re less likely to need costly customizations.
There can also be misconceptions that simply having an LMS will automatically resolve all software licensing issues. There can be instances where businesses put a lot of money in the systems only to be disappointed that they still don’t resolve the core issues of software misuse or over-licensing. While an LMS plays a vital role in addressing these challenges, it’s important to remember that it’s a tool that functions best within a broader asset management practice.
Read one of our last articles about how a SAM practice can help refine a software license management system.
Although these viewpoints seem to challenge conventional wisdom about LMS, they certainly do not show how an ideal LMS platform can or cannot help. In the following sections, we discuss the key considerations and implementation strategies to build a mature license management program.
Discover assets automatically including hardware, software, and cloud infrastructure
Match the assets against your software and hardware license agreements
Comply with your service license needs comprehensively and confidently
Establish what was purchased
The initial success of implementing a license management system depends on close collaboration between operational and finance departments to assemble comprehensive data from all deals and software entitlements. Your license consumption might be by device, by core, etc. (as mentioned earlier) and can also vary considerably based on the terms outlined in the license agreement. Be sure to note all relevant license information, such as purchase details, license terms, and any usage restrictions on all software purchased by different units of the organization.
At the end of the purchase data collection phase, the focus should be on figuring out the details of each license’s usage. Expect initial staff resistance toward creating a manual workflow; consider educating your cross-functional teams, so they understand that the advantages will far outweigh the initial challenges.
If manually tracking users at a detailed level seems too exhausting and costly, consider developing custom normalization data scripts that can ingest and transform data from different sources. For a comprehensive scan, it is essential that you deploy either agent-based or agentless SAM scanning methods on every device—even those that are offline, disconnected, or running open-source operating systems.
The software asset management lifecycle
Read our last article on how a robust asset management strategy can enable the comprehensive tracking and management of software.
The practice should also involve documenting whether the licensing is perpetual or subscription-based. Even when your organization is heavily reliant on subscription software (like SaaS), it is likely that your IT stack will have perpetual licenses (those you’ve bought outright) that are not available on a subscription basis. Notably, every license type can potentially impact the end-user’s rights and business transactions in different ways.
Centralize your license inventory
Traditionally, many organizations have managed software licenses in a decentralized manner. In such a setup, individual departments or teams have autonomy over their software choices, purchasing, and usage tracking. While this approach offers flexibility and faster response times to changing needs, it can create challenges in maintaining a clear overview of software assets across the entire organization.
Creating a single, comprehensive inventory of all software licenses used across the enterprise is a valuable aspect of modern license management. Some traditional practices may still favor a decentralized approach only because it gives teams a higher degree of autonomy over their software choices and usage. They can even respond more quickly to changing software requirements, as they don’t need to go through a central authority for approvals or changes. But whether that is the right approach depends on how the enterprise addresses these key questions:
- How is the enterprise, overall, avoiding license duplication and waste?
- Can we leverage application dependency mapping to relate how different software programs work together in the company’s IT system?
- Is there a scope of optimizing license spend and avoiding noncompliance?
As it turns out, a decentralized approach cannot help the enterprise with solving any of the above problems.
Centralizing a license inventory improves oversight and makes procurement more efficient. Typically this would mean integrating the license acquisition process with procurement and other ITAM systems to keep a check on license downloads and transactions. A full-circuit overview lets you trace user behavior with greater precision, so you can pinpoint which licenses are underutilized and free up the ones that are not being used. Stakeholders across different BUs also get clear knowledge of the estate’s complete license utilization, which helps them perform a cost-wise comparison and avoid blind decisions.
Software entries in the IT asset register
If your license management tool allows configuring custom fields, centralization makes those fields more useful for efficient application and management. These fields essentially allow you to tailor the LMS to your organization’s specific requirements, which can be anything such as tracking software usage by department, monitoring costs, or managing compliance by user role. For instance, you can use a custom field to track software versions that are compatible for use with sensitive data. A centralized system can be particularly helpful for use cases where the business operates under data privacy regulations, and the enterprise would like to keep an eye on software versions that meet the relevant standards.
While the focus should remain on systems and processes, it is also necessary to consider the human factor: A central system is only as good as the people who are using it. When your employees perceive that their activities contribute to the broader picture, they will be more likely to get involved.
Proactively manage license renewals
Instead of waiting for licenses to expire and eventually rushing to renew them, consider developing a proactive approach to license renewal. However, bear in mind that automatically renewing every expiring license is not a practical approach: Vendors have different renewal processes, and you might need special approvals for certain software products. Instead, use a license management system that can handle both automatic renewals and cases requiring more attention or special approvals. That way, you can keep things organized and avoid eleventh-hour drills to keep your software running.
A pertinent question in this regard is often when the renewal process should be initiated. In most cases, the timing completely depends on the complexity and relevance of each license. For standard applications with straightforward licensing terms, starting 3-6 months before the legal term elapses gives enough time to arrange the logistics. In contrast, for complex software landscapes with massive infra arrangements, the process might start as early as 6-12 months ahead due to the time required for multiple rounds of negotiations, receiving internal approval, and drafting the required documentation.
To optimize your renewal strategy, factor in upcoming software releases and upgrades before making renewal decisions. Consider utilizing a renewal calendar that aligns with your broader IT strategy and provides all the relevant information on interdependencies between different software applications. A detailed dependency map of all software components should be integrated with the renewal calendar. Ideally, you would want to correlate a renewal with possible updates, such as the need for updating APIs, changing database schemas, or adjusting custom integrations. During such transitions, your leadership may also want to earmark dates and consider whether the renewal impacts the total cost of ownership (TCO) for each software unit—typically by analyzing factors such as revised infrastructure needs, personnel training costs, and the potential for intermittent disruptions.
Minimize license compliance risks
Internal auditing of licenses should be done in the same spirit as running a health-check of your organization’s IT estate. However, there can be several friction points when implementing a strong compliance framework, particularly in the absence of cross-functional collaboration among IT, procurement, legal, and finance. The challenge mostly is finding common ground among the various stakeholders.
Since hybrid environments are continuously changing, point-in-time audits do not suffice. How often you audit depends on the complexity of your software environment. For a relatively straightforward setup (homogeneous environments consisting of standardized software), an annual audit might be sufficient. However, for larger organizations with a constantly shifting software landscape, more frequent checks—perhaps quarterly or even monthly—might be necessary.
A detailed discovery and inventory process is usually an absolute prerequisite for an audit to work well, but a lot of companies mistakenly focus only on user access to the main portal and overlook the fact that the software can also be indirectly used through APIs, bots, or integrated systems. Make sure that your LMS can interface with the ITAM system to get a thorough mapping of data flow and integrations throughout your IT system.
Configuring an autodiscovery job with Device42
After data segregation, see if your licenses are properly entitled and match with respective software agreements. The obtained inventory and entitlements should ideally be considered the first source of an internal audit and help you identify any discrepancies with compliance. If there are discrepancies, establish the degree of the risk connected with them by figuring out potential financial penalties and/or legal implications. A larger purpose of this step is to help you build measures to monitor real software usage and enforce guidelines related to misuse. However, note that superfluous severe regulations can lead to shadow IT: Perplexed employees may take shortcuts, creating even bigger compliance risks. Instead, consider taking a different, more flexible, pro-education role.
While analysis is the first part of an audit, it is equally important to put the results into perspective. Typically this means realigning license entitlements to the actual usage of the resources, revoking licenses from inactive users/devices, or executing fair-restrictive policies and controls for software usage. If your LMS does not offer features to automate these out of the box, you can also consider developing an automated engine to reconcile the granted rights with the actual use of the programs. While doing so, take into account other licensing rules that come with the products, such as upgrade/downgrade and usage rights.
Extend license management to the cloud
One of the biggest challenges in modern license management is the consolidation of both on-premises and cloud deployments to create a single view of software assets. Ideally, the LMS should be capable of handling the cloud’s flexibility (where resources quickly scale up or down as needed) and support the different ways that cloud providers charge for their services (like pay-as-you-go or reserved instances). Despite the different ways to solve this problem, a point of argument is that true visibility is often not possible due to the differences in hybrid systems and data silos.
Cloud providers understand this challenge and allow simulations of different workloads and usage patterns to help understand how your licenses will be consumed. There are also license management platforms that can help you bridge the gap between environments more effectively now.
Different discovery options with Device42
The simplest implementation approach for this is the use of identity and access management (IAM)—which is readily available as part of all the base models of cloud service providers—to determine who can get access to which software at what point in time. This can be further combined with agents and APIs that can detect if applications are running, what features are being utilized, and who the users are.
Tools like Device42 offer auto-discovery agents that are highly effective for the vast majority of use cases. For edge cases where discovery is desired but network constraints prevent communication back to the LMS platform, an offline discovery agent can generate files for further processing by a data processing tool. These lightweight application discovery agents can capture license usage metrics without impacting system performance. For web-based applications, where traditional metering might not be feasible, you may want to obtain usage data from proxy logs or application-specific usage reports.
Conclusion
Doing your internal checks is a good way to start and find any software that’s installed on devices where it shouldn’t be, but there are several other angles enterprise practitioners should look into: renewal, compliance, cloud-readiness, and so on. CIOs understand the strategic importance of license management and thus consider it a critical part of their overall IT strategy. But it doesn’t have to be such a big deal.
Device42’s software license management system has powerful features designed to help organizations of all sizes efficiently manage their software licenses with the above goals in mind. To learn more about Device42’s license management offering and how it can maximize your software ROI, start your free trial today.