The A, B, C’s of Software License Compliance and Enforcement

Sometimes the topics of software license compliance and enforcement seem twisted, very much like one of those M.C Escher drawings popular in the 70’s and 80’s that show complex physical objects connected in impossible ways though the optical illusions created by his drawings.

To this end, I thought a few blogs on the subjects of enforcement and compliance would be useful and interesting topics.

Let’s start with some basic definitions: software license compliance is a broad term to describe the behavior – whether or not software is being used within the bounds of a software license as established by the license agreement or the software entitlement the customer purchased. Software license enforcement is the mechanism or the mechanisms that are used to manage software license compliance. An enforcement mechanism will usually result in some experience to the user of the software to let them know if they are using the software outside the bounds of the software license agreement.

An enforcement technology and associated implementation method are designed to balance the needs of the software producer and the software consumer. In general, the software producer uses enforcement to grow revenue in one of two fundamental ways:

1. By making software easier to use so customers use and buy more than anticipated (making this a lower cost way to generating increased sales);

2. Or, by eliminating revenue leakage caused by software piracy and usage of software outside the bounds of the license agreement.

The software consumer doesn’t want unnecessary barriers to adoption of the software, in most cases, but they also don’t want to be out-of-compliance for any extended period of time, because that increases potential liability and risk.

Software license enforcement can be designed to create a continuum of possible outcomes for software that is used outside the bounds of the software license agreement. This continuum can vary from a "do nothing" approach on one extreme of the continuum, all the way to preventing the software from operating at the other end of the continuum. Within this range are a number of possible results such as messaging, enabling overdraft, warning customers that they’re approaching a limit, reduction in quality-of-service, and queuing requests. In fact, the outcome can vary by the specific type of software license compliance condition. For example, you may elect to prevent your software from starting if the customer does not have a valid license, but you may only want to give the customer a message if they are using the wrong version of software.

The software license enforcement methods that software producers employ don’t have to be a one-size-fits-all approach. The enforcement method can be tuned by a handful of key factors:

Market

– Software that is sold primarily to large enterprises and data centers where corporate governance and financial controls are stronger can utilize an enforcement method that is more liberal and tends more toward messaging users or "Nagware." On the other hand, if you are selling games to a consumer markets, piracy and intentional over-usage are probably the problems that you need to address. A stronger enforcement experience may be required.

Geography

– Software sold to the U.S. and Europe, where financial accountability and auditing practices are stronger, can also tend toward a more liberal enforcement policy than software sold to emerging markets with very weak intellectual property laws.

Product Type

– On one extreme, for example, enterprise-level software that is carefully deployed by an IT department and manages data integrity may never shut down due to out-of-compliance usage. On the other hand, desktop design software may be able to sustain a denial of service if the product is out of compliance.

Product Lifecycle

– Products that are early in their lifecycle and provide a lot of value may need stronger enforcement mechanisms to enable secure demos of the new technology, and to protect access to leading edge algorithms (especially with vertical application software such as design and CAD). On the other hand, a company with a wide portfolio of mature products that wants to block competition may want to lessen the enforcement approach as a way to make it easier to use their software and block the use of a competitor’s software.

While the implementation of a software license compliance and enforcement technology has technical implications, it’s very critical that the whole business is involved in defining and articulating a software compliance philosophy that will drive the implementation.

Next Time – Creating a Compliance Philosophy and Enforcement Profile

Categories: Entitlement Management, General, License Models