Feeds

Wading through the software licensing minefield

Sweat those assets

3 Big data security analytics techniques

Desktop Efficient licence management is crucial for a number of reasons, but they boil down to two: cost containment and legality.

According to an IDC survey on software pricing and licensing, conducted in 2010, almost all the respondents believed that some of their software licence expenditure went on either under-used or unused software. From full-on graphics packages to Excel add-ons, it's often hard to tell what's actually being used and by whom.

Other surveys tell a similar story, with enterprises frequently not making use of the software they've paid for via central agreements such as Software Assurance. Given the cumulative cost of software licences for a large desktop estate, this can add up to a substantial amount of wasted money.

Then there's the issue of legality. Today's clients are often hard to manage, since many are only occasionally connected to the corporate network and consist of a diverse range of hardware platforms and operating systems.

The software may be licensed on a number of bases: per user, per core, per CPU or per client machine. In some cases, the licences may be perpetual or licensed for a particular period only. And some clients may be virtual, which can result in a different set of licensing conditions.

Ensuring licence compliance in such a wide set of circumstances will be one of the more tricky jobs for IT, yet it is incumbent on IT to ensure that all this software is properly licensed. It's also one of those issues that's easy to ignore, as doing so appears to result in no immediate consequences. Too often, licence compliance is one of those issues that's only dealt with when news of an impending software audit reaches the ears of IT.

Sweating the assets

There are plenty of software and asset management packages available at the click of a mouse. The key is to find the one that fits your scenario. To cover the basics, you need a licence management tool that's able to examine each client, scan it to discover what software is installed, understand how the software is being used, and retrieve licence keys if necessary.

It should also be able to understand the terms and condition of each licence: for example, some packages allow the right of second use, so that one user can install the software on both a laptop and a desktop, provided they're not in use concurrently.

The tool should also be able to integrate with desktop management packages such as Microsoft's System Center Configuration Manager, which will be able to add the discovered software to its asset lists. Alternatively, you might find that SCCM's asset intelligence features are enough for your needs.

Up the sandbox

Things get easier if you're using application or desktop virtualisation. With the greater controls offered by application sandboxes, and by the central distribution of desktops, understanding application installation rates and usage should be a relatively simple matter, with no need for the discovery phase.

It may then be easier to apply a form of software metering so that, for example, 50 licences might legitimately be used by 100 users, depending on the licence terms and conditions, as long as only 50 of them are using the software at any one time. It's a technique that could save you a lot in unnecessary licence fees.

Licence compliance can be a complex process but the rewards can be worth it. The key is to ensure that there is a process, and that it's continuous.

One global brewing company running over 8,000 desktops and servers in nine countries is reported to have used this approach in order to ensure software licence compliance. It rebuilt its asset management processes and in the first year saved some $740,000 in software licence costs.

And as well saving money, you'll have the satisfaction of knowing that your software assets are legal, with no surprises expected during a software audit. ®

SANS - Survey on application security programs

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.