Understanding Software License Compliance and the Best Practices That Can Help
Most businesses acquire the right to use software through licensing agreements rather than purchasing the software outright. This means they don’t own the software itself but obtain permission to use it according to the terms of the license. These terms include complex clauses describing the software’s usage and are written to mostly protect the vendor’s rights to restrict duplication, modification, and transfer of the software. The agreement lays out the rules for use of the software and typically covers a wide range of aspects, including the following:
- Permitted use
- User rights
- Maintenance and support
- IP rights
- Liability and warranty
Software license compliance is about verifying that the software is used within the permitted scope and that any limitations on user numbers, deployment, or usage are strictly observed. The maturity of an organization’s software asset management system is often argued to directly impact its ability to maintain compliance. At the same time, a decentralized and fragmented view of software assets is common among mid-sized to large enterprises. Can they adapt to optimize software usage and avoid the risk of noncompliance despite this decentralization?
In one of our earlier articles, we discussed the full lifecycle of software licenses and how understanding the lifecycle helps enterprises consolidate, optimize, and save money on software. In this article, we discuss the complexities of software license compliance and the practices for mitigating common compliance risks and agreement oversights.
Summary of software license compliance best practices
| Best practice | Description |
|---|---|
| Engage in continuous license reconciliation | Continuously check software usage against license entitlements using SAM tools and data normalization to optimize licenses and ensure compliance. |
| Optimize licenses based on vendor-specific requirements | Analyze vendor agreements for complex licensing metrics, indirect use, bundled offerings, and geographic restrictions to optimize costs and ensure compliance. |
| Assess virtualization and cloud license management | Review virtualization and cloud licensing carefully—including core usage, license mobility, and vendor-specific terms—to ensure compliance and cost optimization. |
| Use a software asset management (SAM) maturity model | Adopt a SAM maturity practice to progress from basic software inventory toward proactive automation and compliance. |
| Proactively audit readiness | Ensure audit readiness by proactively identifying high-risk applications, conducting mock audits, and understanding your license entitlements. |
How a software asset management practice helps with license management
A software license grants permission to use specific software, outlining usage rules and restrictions. Most licenses require periodic renewal to maintain compliance. This, along with other crucial details, is defined in the software license agreement (SLA). The SLA is a legally binding contract between the software provider and the user, with established rights and obligations for both. Once signed, licenses are activated and managed through software license enforcement technology.
While distinct, software asset management (SAM) and software license management (SLM) are intrinsically linked. SLM focuses specifically on administering license compliance and track usage. SAM, on the other hand, provides the overarching framework for managing software assets, encompassing aspects like procurement, deployment, utilization, and disposal.
A SAM strategy assesses an enterprises’ technology footprint and then provides direction on the acquisition, deployment, and disposition of software assets, including licenses. Because of its broader scope, it is also common for some companies to only have a single SAM practice (eliminating the need for a dedicated license management practice) that handles both asset and license management functions.
More details on how a SAM strategy helps organizations manage assets can be found here.
Managing software licenses with Device42’s IT asset management system
Discover assets automatically including hardware, software, and cloud infrastructure
Match the assets against your software and hardware license agreements
Comply with your service license needs comprehensively and confidently
Engage in continuous license reconciliation
It is possible for a single software license to grant different rights to different users. A license’s validity might also depend on the virtual environment where it’s deployed, such as virtual machines (VMs), containers, or cloud instances. A key aspect of license management is knowing who’s actually allowed to use each license and how the software interacts with other systems.
Although discovery tools can scan networks and reveal what software is installed, they do not necessarily help you know whether you’re using it within the terms of your agreements. Comparing software inventory with your license entitlements is a completely different feature that many discovery tools do not offer out of the box.
License reconciliation falls under the domain of software asset management and focuses on:
- What you have, as discovered by your tool
- What you’re allowed to use, based on purchased licenses and agreements
- How you are using it, so you can identify optimization opportunities and potential compliance issues
Manual reconciliation involves running a discovery scan, gathering authorization data, and then comparing the two. Naturally, the process is tedious. A software asset management (SAM) tool can automate much of this process, automatically discovering software installations and comparing that data against your license inventory.
Asset relationship tracking with Device42
One methodical approach is to look beyond simple installation counts and analyze how underutilized licenses can be reclaimed or reallocated. A messy dataset can have inconsistencies and variations in software names and versions, so to ensure that this analysis is accurate, adopt normalization practices that enhance data accuracy. Some SAM tools offer normalization features out of the box, while another option is to utilize specialized normalization software.
Optimize licenses based on vendor-specific requirements
A reasonable proportion of metrics for license measurements are not limited to simple clauses of “per user” or “per device.” Instead, terms may involve economically and technically complex methods like measuring how many CPU cores are available, how powerful the processor is (with the utilization of PVUs) or charging based on the usage of specific features. How can you know whether you are overpaying or underpaying as opposed to having the correct amount of licenses, especially when the terms are complex and there are multiple vendor agreements?
To get it right, the recommendation is to go through each vendor’s license agreement fully. There are some tools that claim to auto-populate your license management system with key information extracted from the agreement, such as the number of allowed installations, permitted users, and usage restrictions. However, in practice, a fundamental part of dealing with this issue is talking with the vendor or simply employing a professional who is experienced in licensing software. Such individuals can tell you how to interpret the terms and in what situations you are going to pay more.
The cost of hiring a licensing expert can vary depending on their experience, the complexity of your software environment, and the scope of their engagement. Costs are typically subjective and can differ considerably for a basic consultation vis-a-vis ongoing support and management.
To help you determine the right level of licensing expertise for your needs, consider these general guidelines based on your annual software spending:
- Lower license spending ($50,000 – $250,000): Focus on experts who offer targeted assistance, such as license optimization reviews or contract negotiation support.
- Moderate license spending ($250,000 – $1 million): Consider a broader engagement, including ongoing license management and compliance support.
- Higher license spending ($1 million+): A dedicated licensing expert or team can provide significant value and ROI by proactively managing your software assets.
A few more things to be cautious about:
- Indirect use: The majority of software providers have policies about how their software can be used with other programs. If another tool accesses or utilizes your licensed software indirectly, you might need to pay extra. For instance, a reporting tool by another company connecting to your licensed database might trigger an indirect use clause. Read your agreements carefully and keep an eye on clauses outlining application interoperability.
- Bundled offerings: Vendors bundle their products together to save you money. For instance, instead of buying separate licenses for a database and a reporting tool, a bundled package might offer both at a reduced cost. Make sure to analyze your software portfolio and identify opportunities to consolidate licenses through bundled offerings.
- Geographic restrictions: Some software licenses may limit usage to specific countries or regions, often due to legal or regulatory reasons. If your organization has users accessing the software from multiple countries, you’ll need to buy licenses to cover all of those locations.
- Named users vs. concurrent users: Understand the difference between these licensing models. Named user licenses belong only to specific individuals, while concurrent user licenses give permission for a certain number of people to use the software at the same time. Be sure to note whether a concurrent user is defined as anyone logged in or only those actively using the software in the agreement.
Assess virtualization and cloud license management
Traditional setups have older licenses that grant enterprises the right to install the software on a specific physical server. Virtualizing that server might require relicensing the software based on the number of virtual machines or cores used.
Prior to virtualizing any software application, review your licensing agreement or contact the vendor to understand the implications of a digital transformation. For instance, some licenses might limit the number of VMs you can run the software on, while others might charge based on the processing power allocated to each VM.
Some vendors, like Microsoft and IBM, offer processor-based licensing, which means you need to license the physical cores on your server. However, with virtualization, you might not be utilizing all of those cores. Sub-capacity licensing allows you to license only the cores used by your virtual machines. Be careful, though, because some agreements may still require separate licenses for each virtual machine, even if they’re running on the same physical server, or there may be specific rules for how virtual cores are counted.
Consider a SAM tool that can enumerate data from your physical, virtual, and cloud hosts, letting you discover and track all your assets regardless of where they reside. Tools like Device42 can integrate with widely used hypervisors and cloud providers while offering the ability to leverage native vendor APIs for accurate data collection.
Setting up virtual machine auto discovery with Device42
License mobility is another critical feature that gives you the right to move software licenses between physical or virtual environments. Some licenses allow for free mobility, while others have restrictions or require additional fees. Specifically:
- If you’re moving on-premises software to the cloud, you need to ensure that your licenses allow for this and understand any associated costs or limitations.
- In a disaster recovery scenario, you might need to instantly spin up virtual machines in a different location. Does your vendor offer temporary/project-based license support to avoid compliance issues during a crisis?
Use a software asset management (SAM) maturity model
A SAM maturity model signifies a highly optimized SAM program that provides clear visibility into entitlements, license compliance, inventory, and consumption across both on-prem and cloud environments. A higher level of maturity is only attainable after significant time and effort have been invested in auditing and maintaining your software estate. Although the SAM maturity model by Gartner is a popularly used framework, there are specialized asset management platforms that can deliver real improvement of IT maturity when used for asset discovery, tracking and management.
The table below highlights the broader phases of SAM maturity.
| SAM maturity stage | Purpose | Focus areas |
|---|---|---|
| Early stages | Building the foundation and establishing core processes | Organization, basic processes, and visibility |
| Later stages | Refining processes, automating tasks, and using data for decision-making | Efficiency, optimization, and informed decision-making |
| Final stages (optimization and automation) | Achieving a proactive and predictive SAM program | Continuous improvement, automation, and risk mitigation |
Since each level within a SAM maturity model builds upon the previous one, it is important to assess your starting point and then implement the next line of action.
Typical stages of a SAM maturity model
A typical maturity model goes through the following stages, though it is important to note that some of these activities are interconnected and might happen concurrently or iteratively:
- Set up a software procurement process that aligns solutions with core business needs.
- Evaluate and audit how deployed solutions are used, by whom, and their effectiveness.
- Optimize licensing based on use and necessity, ensuring that the organization has the right number of licenses and is not at risk of noncompliance.
- Monitor and administer software updates.
- Retire outdated solutions.
Proactively audit readiness
Though it is not always the case, audits usually happen around the end of the agreement cycle—when contracts are about to end or be renewed, or when your company is going through big changes. That said, random audits irrespective of scheduled cycles are also common.
Auditors know that companies often prioritize compliance for their most expensive or widely used software products. Prepare an audit readiness strategy by identifying your company’s high-risk applications or those with complex licensing terms first. These could be your most expensive or mission-critical software assets, where noncompliance can have significant financial and operational impacts. Then gradually do the same for less-common applications.
Iterative internal mock audits can identify potential areas of noncompliance. A SAM framework can establish mock policies for purchase, installation, and tracking and can be aligned with recognized standards like ISO 19770-1 or IAITAM best practices. Although most internal teams are capable of handling internal audits, bringing in external auditors can provide a fresh perspective and uncover issues where there are chances of internal teams missing due to inherent biases.
When it comes to an actual audit, software publishers may request access to your usage data early in the audit process. A common tactic that publishers use is to request a broad range of usage data, hoping to find any potential noncompliance. It’s important to understand your entitlement position before providing usage data, though: Do not hesitate to challenge the request if it seems overly broad or unreasonable.
Begin by clearly assessing the scope of the audit, including which parts of your organization and which specific software products are being reviewed. Expert practitioners argue that the scope of the audit should be negotiated rather than simply accepted. Once a baseline is established, you can move on to verifying the software licenses and discussing any purchase records or usage calculations. If you have already established a confidentiality agreement with your software publisher, note that any sensitive information shared during the audit remains protected.
Final thoughts
The responsibility to ensure that software is used legally is shared between vendors and customers. Noncompliance can be a costly affair, and it’s the customer who ultimately foots the bill for any licensing violations. The good news is that the IT industry is now well-informed, and there are emerging technologies to handle the challenges of remaining compliant.
If reduced compliance risk is the objective, a robust asset management practice should be the strategy to achieve it. To learn more about how Device42 can identify overlicensed, unlicensed, and expired licenses while flagging prohibited software in your tech environment, start a free trial today.