Revulytics Blog

Reducing Legal Exposure in Software License Auditing, a Data-Driven Approach

December 4, 2018

Over the years, the software vendors conducting the most licensing audits haven’t changed much, according to the most recent survey by the International Business Software Managers Association (IBSMA). Microsoft, Adobe and IBM still top that list. But what has changed, according to the survey, is how those vendors are approaching audits.

“What we’ve seen in the last year among the tier 1 vendors, such as Microsoft, Adobe, and HP, is a softening of their approach to compliance and audits,” Steven Russman, executive director at IBSMA, wrote on his blog. “There’s a shift toward working with customers with existing compliance programs to help them fine tune their software asset management processes—certainly not in all cases but we’re seeing it more frequently.” For example, he writes, Adobe, “has phased out most of its U.S. and European compliance program, shifting it to more of a soft-sales approach.”

At the same time, the survey reveals, the number of audits is increasing for both large and, especially for, smaller companies – the latter of which is up 40 percent since 2015.

The lesson for ISVs here is this: Companies are dealing with more licensing audits than ever before, and vendors who reduce the need for the traditional audit altogether will be at a very clear advantage, in terms of reducing their own legal exposure and building partnerships with customers that will pay dividends longer term.

One very effective way for ISVs to do this is by bringing together usage and compliance analytics to reliably pinpoint misuse – and remedy as much of that as possible before overt legal action is necessary.

Leverage compliance and usage analytics to reduce the audit need

Compliance analytics gives the ISV actionable data to address overt piracy or misuse of software. ISVs can determine what organizations are using the software, where they are located, and the scope of misuse.  Software usage analytics lends detailed, anonymous information on feature usage and adoption. Taken together, they are a powerful way to both identify where software is being misused, and get deeper information on how and why that can actually help us simultaneously boost revenue and build our customer relationships.

Take an inside-sales approach to compliance

By bringing this data together and exposing it in a format that is easily consumable by sales (picture integration with a Salesforce.com dashboard), we provide a foundation for data-driven conversations about compliance and evolve an audit into a value-driven partnership.

With data, the ISV can take an inside-sales approach that allows infringers the least painful and easiest way to ensure their technology landscapes are legal. Piracy business intelligence data guides an inside sales engagement, and the vendor knows there is illegal use. Perhaps a US-based customer thinks its overseas subsidiaries are leveraging software in line with entitlements, but compliance analytics makes it apparent that there is misuse in piracy hotspots like Russia and China. Without an accurate picture of the software landscape, the customer can’t optimize usage, ensure efficiencies borne of integration and of course protect itself from risks, such as those borne of cyber-attacks.

By coupling compliance data on misuse with usage data on legitimate deployments, the ISV can use an inside sales approach, not an audit, to help bring entitlements into compliance by offering packages that recognize unique usage needs in those particular regions. This not only recovers previously undiscovered revenue but also positions the ISV for upsell and continued partnership.

Decrease liability as a vendor

The costs of litigating piracy can be measured both monetarily and in terms of brand reputation. The data-driven approach decreases the risk of wrongly accusing customers or prospects of infringement, or even correctly accusing them, and all of the implications that stem from such actions. Consider the example of SAP and its lawsuits against customers like Diaego and InBev for so-called indirect access. While the rulings and settlements were in SAP’s favor, the resultant widespread media coverage and “feedback” from the customer community was not as favorable, and ultimately, the vendor changed its licensing policies in response.

Get started on data-driven compliance

With the growing threat and risk presented by the malware that unlicensed software introduces into the enterprise landscape, CIOs are more willing to partner on bringing entitlements into compliance than ever before. One software vendor even reported receiving a letter from a customer thanking him for alerting them in a non-confrontational way and working to resolve the noncompliance.

A 20 percent increase in software compliance can improve a company’s profits by 11 percent, according to IDC research quoted in the BSA’s annual global software survey. (be sure to read our thoughts on the 2018 BSA survey, too).

The time is right to take a data-driven approach to compliance. It reduces your risk and that of your customers, and positions both of you for increased revenue.

Download “A Layered Approach to License Compliance”

Activate Your Data-Driven Compliance Program

Add new license revenue by detecting, identifying and converting unpaid users into paying customers.

Victor DeMarines

Post written by Victor DeMarines

Vice President, Products & Strategy at Revulytics

Victor DeMarines brings extensive security product management and marketing experience to Revulytics, where he is responsible for product strategy and direction. He is a frequent speaker and author on topics including piracy, reverse engineering and the protection of intellectual property.

Subscribe to Our Blog