Revulytics Blog

Imagining Your “Ideal” Day as a Software Compliance Manager (Part 3)

February 10, 2017

Subscribe

Refining and prioritizing your leads with exceptionally detailed information

In our previous post, we showed how you can quickly get access to large amounts of accurate and usable information about potentially infringing clients and prospects. Now, we focus on strengthening your case and setting priorities to engage first with companies offering the biggest bang for the buck.

Drilling down to even more detailed data for action

We’ve briefly discussed some of the data you need to understand new infringements. Next, we drill down to show just how much detail can be available to optimize your decision-making.

For example, organization IP addresses, device time zones and language preferences, egress IP addresses, and router IDs all contribute to strengthening your identification. Many software companies know this – but you can now do even better.

Software enabled with the latest version of Revulytics Compliance Intelligence can capture specific geolocation data through Wi-Fi access points. Revulytics Compliance Intelligence can then call Google Maps via the Google Geolocation API. All that is happening in the background, automatically. You see specific addresses – and, often, an aerial view of your infringer’s workplace. Suddenly, you know he’s at an office in an industrial park, at a real companynot casually playing around in a college dorm.

Revulytics also provides data that reinforces your compliance efforts when reaching out to infringing organizations including: 

  • Domain information and Data Optimizer classification that is used to identify the infringing organization
  • The “PirateID” signature that can be mapped to actual cracked software and can be presented as evidence to the infringing end user
  • Aggregate usage data that quantifies the number of machines, latest event dates, and other indicators of persistent use

Revulytics Compliance Intelligence also makes it easy to link key information to your license tracking systems, to quickly identify abuse or overuse. Those linkages are important because isolated key data isn’t enough to confidently assess infringement: you’d still have to manually figure out which keys are legally shared, which are non-unique, and which are illegitimately cloned.

In anticipation of a customer’s own investigation and self-audit, it can be impressive and convincing to show that you also know exactly what type of piracy is taking place. For example, Revulytics can inform you that a specific pirated USB dongle is in use, combined with a known pirated serial number and a binary signature of a specific pirated version. If a client desires, it can recalculate this binary signature for itself, comparing it to strings of data you provide for pirated and legitimate versions. Usually, we’ve already uncovered and captured pirate binary signatures; often, we can even link them to specific pirate groups who deliberately “brand” their work.

The challenges of user data

While the collection of user data could provide valuable compliance intelligence, most software companies have traditionally avoided using such data, due to legitimate concerns about privacy rules and restrictions. But more providers are concluding that this information has value – if they can safely manage it, and stay within the law. That’s difficult without the right tools – but with them, it’s actually pretty easy.

Of course, any attempt to capture user data begins with understanding the specific privacy and data protection rules and regulations affecting each jurisdiction where you operate, and adjusting licenses (as needed) to establish your right to capture such information. If you collect user-level data, you typically have to disclose that, store it securely, offer controls over modification, and demonstrate compliance via independent privacy certification (at Revulytics, we work with TRUSTe and participate in and certified compliance with the EU-U.S. Privacy Shield Framework).

When you integrate Revulytics’ library into your software, you can establish rules that specify where it’s safe to collect user-specific data. By default, user names, email addresses, and other identifiable data are hidden with a one-way non-reversible hash: you can still perform other analyses, but you can never identify an individual. However, if other data – such as egress IP addresses – shows infringement coming from a country where you’re permitted to identify individuals, the software client’s behavior can be changed on the fly to capture that data in clear text. (It’s still encrypted for protection in transit.)

To stay in scope of EU privacy rules, some software firms want to keep European personally identifiable data within Europe. With Revulytics’ new Redirect feature, all data generated in the EU can be sent to a different backend datacenter – avoiding the need to deal with Privacy Shield or complex EU-US contractual clauses.

With Revulytics’ new features, you always have access to the most personally identifiable data you’re legally entitled to, without capturing data that places you at risk. This gives you powerful new ways to target and monetize infringement.

You may find that your software is being abused by individuals you’ve already met, and are already tracking in your CRM system. Where a prospect isn’t already in your CRM database, it’s often easy to use LinkedIn or similar resources to name that individual and discover his organizational context. All these insights are now available through your Revulytics dashboard, enriched with additional information Revulytics Data Optimizer has uncovered elsewhere about the organization. Data Optimizer’s insights are helpful to any software company, but may be especially valuable to smaller software firms who can suddenly leverage all we’ve learned from millions of infringements over the past decade.

This is all the knowledge you need to decide whether to act – and how to act – right now. We’ll turn to those actions next.

Read the entire Imagining Your “Ideal” Day as a Software Compliance Manager series

1 | 2 | 3 | 4 | 5

Accelerating Your Path to Software Compliance Maturity

Learn how ISVs that build a mature software compliance program gain a competitive advantage by increasing revenue & protecting IP.

Victor DeMarines

Post written by Victor DeMarines

Vice President, Products & Strategy at Revulytics

Victor DeMarines brings extensive security product management and marketing experience to Revulytics, where he is responsible for product strategy and direction. He is a frequent speaker and author on topics including piracy, reverse engineering and the protection of intellectual property.