The chain of events set in motion by SAP’s actions against so-called “indirect access” (where 5,800 users utilized SAP’s software engine on a single license through a third party application) was front-page news in the world of enterprise software compliance.
But when the dust settled on the lawsuits, customer controversy and ultimately, SAP’s development of new licensing terms, one of the most interesting things to come out of the situation was the compliance-related organizational changes the vendor said it would put in place in response to customer feedback. SAP said it would separate sales and auditing organizations, and announced plans to roll out features that will enable customers to measure their own usage and license consumption in a self-service manner.
For compliance professionals, that part of the story laid bare quite well the many challenges we have in driving compliance with software entitlements, and, ultimately, fighting piracy. Carefully balancing the need to recover revenue that is legitimately owed with customer relationships and expectations is complex – and is becoming more so as customer demands increase: those customers have more channels to voice opinions and ultimately have other options than sticking with your product.
The takeaway is that today’s competitive software landscape demands that vendors evolve compliance strategies to more closely align with their customers’ business and innovation strategies. That will mean lots of things – from evolving licensing policies in place for decades (as SAP did), to moving away from more traditional auditing practices or those that are overly sales-driven, to actually sharing data on software use with customers, all in a move toward a scenario where a sort of regular check-up is essential to the well-being of the customer and the vendor.
Are you ready for that?
Most organizations are not. Here’s where, in our experience, many small to mid-sized ISVs start (and for the most part, remain) on the compliance journey: they are monitoring entitlements with existing customers with some sort of homegrown tool or a SAM platform. That’s a good start, but ultimately the solution will bump up against two major issues. First, it doesn’t tackle instances of overt piracy that eat up potential revenue and introduce security risk to all customers. Second, an over-reliance on generating licensing revenue from a few customers taxes those relationships.
Traditional approaches to target unpaid use, such as anecdotal evidence or profiling, do not offer reliable forensic evidence of infringing use. And even that “phone home” functionality built into applications does not easily provide actionable intelligence for the teams responsible for software piracy or license compliance.
Instead of taking this limited view of piracy, the most successful companies develop a compliance strategy that starts at the product level, to ensure that compliance is a part of the very product itself. This approach democratizes compliance efforts, starts to soften negative associations, and begins to move them toward becoming collaborative efforts.
BSA surveys consistently estimate that for every three seats of paid software, there are two unpaid seats. A software usage analytics solution that delivers machine-level and environmental data on how and where your product is being used and misused is invaluable in enforcing license compliance. This information is critical for quantifying the scale of the piracy problem, and provides actionable insights your compliance team can use to reclaim lost revenue from license violators.
With compliance analytics, the ISV can reliably identify and generate actionable leads from unlicensed usage – whether that occurs through overt piracy or license overuse. In addition, the data generated often shows there is still a large and active community of unlicensed users despite coordinated licensing efforts and rigorous legal response. Armed with this actionable intelligence, you can start tapping a previously unidentifiable market and adding to your top line revenues with new and expansion license sales.
By developing a product-wide licensing strategy, compliance becomes an opportunity to get closer to customers and generate actionable leads.
Vice President, Products & Strategy at Revulytics
Victor DeMarines brings extensive security product management and marketing experience to Revulytics, where he is responsible for product strategy and direction. He is a frequent speaker and author on topics including piracy, reverse engineering and the protection of intellectual property.
Be sure to start with Episode 4 for part 1 of this conversation! In part 2 of this interview, Michael continues his conversation ...
In part 1 of this interview, Michael talks to former Dassault Systemes Anti-Piracy and Compliance Head Andy Clarkson about ...
Jason and Michael take advantage of the International Trademark Association’s (INTA) annual meeting in Boston to speak with Anand ...