It is often the case with SAM; when it comes to managing software licences, that many organisations focus their attention on the software that is purchased at a cost to the organisation.
In some cases, as we all know, the cost for just software licences can be millions of pounds. This could potentially increase if an organisation is found non-compliant in a Software Publisher Audit.
Senior level management are now starting to understand and become more aware of the importance of the SAM program in the organisation. This is mainly due to the large financial footprint, which is highly visible in their budgets. This, in turn, invokes management buy-in to support the management of these assets to obtain the best ROI, but they are failing to understand the need to resource this program.
One of the many key process areas for the Software Asset Manager is Software Acquisition.
A common misconception by employees is that Opensource, Freeware and Trialware can be freely downloaded (where a user has admin rights) into the corporate environment as and when an employee sees fit, as it does not incur a cost to the company to do so. So there’s no issue right?
Wrong, SAM best practice should be about all software licences in the organisation, regardless of whether there is a cost to purchase.
What’s the difference between Opensource, Freeware and Trialware?
Opensource (OSS)– is computer software with its source code made available with a licence in which the copyright holder provides the right to study, change and distribute the software to anyone and for any purpose. Opensource software may be developed in a collaborative public manner.
Freeware – is software that is available for use at no monetary cost. Although this software can be used without payment it is most often proprietary software and as usual modification, re-distribution or reverse engineering without the author’s permission is prohibited. Every Freeware publisher defines their own set of rules on how the software can be used stated in the licence.
Trialware – is software that can be run for a limited period before it expires. This is used to evaluate a software program to see if it is suitable for the customers’ needs, before purchasing the full product licence. In order, to keep running the application, a registration key must be purchased and entered into the trial version, or a new full version must be installed.
Just because Opensource, Freeware and Trialware software don’t have a cost, doesn’t make them risk free. As with all software licences, there is also risk which has to be managed. This risk is the licence obligations.
We have all heard about the recent Equifax Apache Struts security vulnerability which was down to failed SAM policies and processes. Failure to identify and fix vulnerabilities in your Opensource estate, leaves your organisation at risk from being hacked which is the ultimate security breach and damaging to your brand with regards to reputation.
Another area that you may be not aware of, is that software publisher Quest, state in their T&Cs for Toad for Oracle, the Freeware version may be used for a maximum of five (5) Seats within a customer’s organisation and expires each ninety (90) days from after the date of its initial download (Freeware Term). Therefore, if you have more than five (5) users in the organisation using Toad for Oracle Freeware, then you are required to purchase however many additional licences of Commercial Toad for Oracle.
Risk has just as much impact on an organisation as cost does and if left unmanaged can ultimately cause financial loss and loss of confidence in the business from a consumer view point.
Therefore, all software licences should be in scope of the SAM program, with the appropriate policies, procedures and workflows implemented across the organisation to identify, manage, communicate and educate employees on these risks in the corporate environment.
ITAMS has over 15 years of experience in IT & Software Asset and Licence Management. Our expert SAM Consultants can advise your organisation on the best practices that you should implement and the many SAM tools that are available on the market; such as tools that cater for Opensource, which can be used to help monitor and fix vulnerabilities before they endanger your systems, can provide notifications of licence issues or when a new version or patch that fixes one of the vulnerable components is released.
Enhancing your SAM program and implementing best practices can help to lower the risk of your organisation becoming the next victim of a cyber-attack or being hit with a high non-conformance bill in your next Software Publisher Audit.
Speak to one of our consultants today by calling 03704 050508 or emailing firstname.lastname@example.org with your enquiry.