At a time when we are all too quick to click “Agree” and share our data in exchange for access to the latest cool app (or a coupon for 10% off your next purchase), it may be time to paraphrase Bo Diddley and ask a new question: “Who Do You Trust?” What do we share when we click “Agree?” Sometimes it’s just our email address, other times it’s access to our list of Twitter or Facebook contacts. But how quickly should you and your company “Agree” when access to your software license compliance data is concerned?How do you ensure data privacy? Who do you trust?
What are we talking about when we talk about “compliance data?” It can range from entitlement data in your CRM or licensing system to actual infringing usage data and analytics from solutions like Revulytics Compliance Intelligence. It can be a profile based on behavior, and it can be forensic evidence of software piracy or overuse. Regardless of its composition, there are significant questions around trust that you and your company need to consider. This is data about your customers and users of your applications. You need to ensure that this sensitive data is “in the right hands” whether it is being used inside or outside of your organization.
To accurately match software usage to an organization, software vendors are capturing a wide range of data:
Given the sensitivity of infringement data, security and privacy are crucial. Vendors that have attempted to build their own compliance intelligence solutions have found these issues especially challenging. When choosing a partner, vendors need to look closely at where the compliance data is stored and the robustness and security of the platform. Is it a proprietary solution with a small number of subscribers that has not undergone real world testing, or is it built on industry standard platforms like Salesforce.com with millions of subscribers and significant resources to ensure its integrity? What uptime commitments are offered? What are the backup and security options? If you prefer to host gateway servers yourself, what management tools are available? Are they easy to use, and well-documented?
Your compliance intelligence solution should also incorporate strict granular limits on who can see data and perform analyses, protected by well-tested, up-to-date security. Role-based access is especially important when working with a compliance partner that will be acting on your data. In addition to the organizational trust considerations mentioned above, you should also make sure that your solution ensures that your partner can only see the data it needs to do its job. Beyond geographic and account limitations, you should also be able to restrict access to just the aggregate data that is required - very few compliance partners need access to all of the underlying infringement data specific to an account.
As long as I'm re-purposing classic quotes, I think it is fitting to end with this one. Data privacy and regulation is a hot button issue for good reason: data is power, and with access to powerful data comes a great responsibility to collect, store, manage, and share it wisely. Trusting your compliance solutions and service providers is crucial and should not automatically be given because they offer “10% off your next purchase.” Who do you trust?
Learn how ISVs that build a mature software compliance program gain a competitive advantage by increasing revenue & protecting IP.
Vice President, Products & Strategy at Revulytics
Victor DeMarines brings extensive security product management and marketing experience to Revulytics, where he is responsible for product strategy and direction. He is a frequent speaker and author on topics including piracy, reverse engineering and the protection of intellectual property.
No one likes to be audited. On its own, the word “audit” implies wrongdoing or, at the least, carelessness. Opening the books ...
It looks like a great deal. For just $189.99, you can download the latest version of the Microsoft Office Professional 2019. ...
While it may seem obvious, the best way to retain customers (and grow your footprint within an existing account) is to ensure ...