Automatic License Enforcement - Best Case

jlopez - Wed, 2008-08-13 13:44

Earlier I mentioned a distaste for hard license enforcement schemes for mission critical software. An unmentioned side of the coin is the sheer usefulness of soft license enforcement schemes for ensuring that a company is in compliance with the licenses they have purchased.

A long time ago, I took over the CIO position at a company that was well respected and (by the standards of the city it was in) a large privately owned company. One of the first things I did (and still one of the first things I look at, both in consulting and businesses I have been more directly involved in) was review the licensing and found it woefully lacking. After some discouragement from the other leaders at the company, we finally got the green light to bring everything up to specification. It was expensive, annoying and required running audit software across all locations to inventory what we had, while cross checking it with purchase orders and on file license information.

After many months of making POs for various packages, from operating systems, office suites to ultra expensive industry specific software and minor utilties, we were compliant.

Not long after I had moved on to other projects, I got a panicked call, asking for any information about the licensing info on various packages. It turns out that they churned through several "network administrators" very quickly, and the old regime of license compliance rapidly fell into disuse. By the time the dust had settled, they had millions of dollars in fines, probably precipitated by a disgruntled employee calling the anonymous tip line the BSA provides.

License compliance in a large organization is hard work. Soft license enforcement via license servers that count authorizations vs use make that job immensely easier. Personally, I far prefer a soft enforcement license server that allows the requisite fixes to be made in a timely, but not panicked manner to either a hard enforcement or no enforcement.

As an aside, I find packages like those provided by Centennial to be worth every penny spent. They not only track commercial software, but let you know what freeware and open source products are in use, which is essential to understanding the entire operation as it actually works. It is not surprising to find "guerrilla development" within organizations, where small one off applications are created by departments or individuals to work around perceived or real deficiencies in the corporate standards. Finding these helps identify the deficiencies, which is a step towards resolving them.