Beating software piracy is easier than you think

Proper management of software licences can prevent your organisation falling foul of the law. Anthony Plewes explains how to keep track of your valuable software assets.

Software piracy continues to be endemic in UK businesses. Recent research by the Business Software Alliance found that 27 per cent of PC software used in the UK in 2005 was illegal, despite high-profile campaigns to educate and prosecute the main offenders. However, while the illegal use of software by large organisations may grab the headlines, it is a symptom of a much larger problem: the lack of proper IT governance.

One of the reasons companies struggle with software in particular is because, unlike most hardware assets, software ownership is based on the curious practice of licensing. These complex legal entitlements vary between software vendors and can include a variety of exceptions and upgrade clauses. Most companies do not set out to use software illegally; they simply do not have the proper processes in place to manage their IT estate properly.

One good starting place for guidance on proper processes to manage software assets is the relevant parts of the IT Infrastructure Library (Itil) documentation. These guidelines have recently been expanded in a new standard focused on the central discipline of software asset management (SAM). The ISO 19770-1 standard was ratified in May and includes guidance on how to develop a software inventory, assess suppliers' service-level agreements (SLAs) and manage assets throughout their lifecycle.

Shaun Frohlich, chairman of Investors in Software, which played a central role in the development of the standard, says: "ISO 19770-1 creates a completely new landscape for software asset management. Whereas in the past organisations had to work out how to do this themselves, this standard has 80 per cent of what you need to do for SAM. The standard also tests the quality of your SAM, it is not just a case of whether the processes are in place - it also tells you that you have identified your licences and if there is any shortfall and whether you have rectified it."

Although most businesses are concerned that they have a shortfall in licences, it is far more likely that they actually have a net surplus. Randy Britton, product manager for SAM at software maker Novell, says: "Companies are so worried about being compliant that they tend to overbuy the software licenses, so contrary to popular opinion, most companies are over-licensed. SAM can help you know what software you have, how it is being used and who is using it." Although organisations might have initiated software asset management to keep on the right side of the law, they will probably end up saving money on licences overall.

Discovery tools play an important role in SAM. These tools go through an organisation's IT stores and return a list of all installed software products across all platforms. An accurate picture of the software should also show the parts of the organisation that use it and what it does. This allows organisations to identify any obsolete, dangerous or illegal software and whether similar applications could be rationalised.

Many companies have an alarming number of software applications on their systems. Andy Burton, CEO at discovery software specialist Centennial Software, says: "We have discovered over 100,000 discrete applications in our customers' [organisations] but only 10,000 of it is licensed commercial software. The remainder ranges from old applications that have not been removed properly through to shareware installed by users."

However, taking a snapshot of the installed software at any point in time is only part of the challenge. Organisations need to have processes in place so that they manage the entire lifecycle of their software assets. Luke Beare, principal consultant at software maker CA, says: "Asset management needs to be more than the IT guys having a list of the IT assets, it needs to be tied into the business."

Software asset management shares many goals with identity management, and Novell for one is looking at synergies between both areas. Novell's Britton says: "We are looking at how to detach the applications from the machine and link them to the individual. Then we can assess what they are entitled to use and put policies in place to control this."

Of course software is just one part of the IT estate and while companies might get immediate results from addressing their software assets, they need to think about the larger picture.

Peter O'Neill, principal analyst at Forrester Research, warns: "You should not look at software asset management in isolation. Many companies have fallen into this trap under pressure from software vendors and the fear of an audit. There are many benefits of doing IT asset management across the board and organisations should look at it holistically including other elements such as hardware and external contracts."

One place where hardware and software are intertwined is the data centre. Richard Muirhead, CEO of Tideway, a maker of software asset management tools, explains: "We wanted to understand the operation and configuration of the data centre. This includes the servers, switches, software, licences and vendor management." Muirhead suggests organisations can use Itil best practice and a federated Configuration Management Database to link this information through to the rest of the IT estate.

All the IT asset management processes and disciplines should be linked back to procurement and financial management so that service costs for IT can be charged back to the right budget. This information can also be used as the basis for strategic sourcing as organisations will be able to compile scorecards of the performance of products from all their suppliers and draw up a preferred supplier shortlist.

Despite all this, a recent report from Forrester Research found most organisations still do not use IT asset management to track software assets within their companies. Forrester says IT asset management is the foundation of full business service management. Even among the largest global $1bn-plus companies, 35 per cent still have limited formal processes for managing IT, while 44 per cent have basic IT inventory capabilities along with basic Itil processes.

However, as many companies have found to their cost, successful service management demands a pragmatic approach. For many companies, software is their biggest pain point and therefore needs to be addressed immediately. The ISO 19770-1 standard gives companies a solid foundation on which to build their SAM. This will give all companies a solid foundation on which to build their SAM and move towards effective IT governance.