At least annually.
Who doesn't want to save on IT costs and keep your organization out of court? Often, organizations pay for software licenses on a "per seat" basis, allowing a predetermined number of users access to the software at any given time if you don't have a site license. In your organization, you want a mechanism that identifies and, ideally, redeploys available seats of a software license agreement. This prevents over-purchasing and loss of seat licenses when laptops, desktops or servers are retired or returned to the leasing agent. It will also help your organization avoid potential penalties for "over-utilization" of software assets. Additionally, some applications stop working when the licenses expire, potentially affecting the "availability" of your system.
For automated tracking, there's a multitude of products; if you want to do it manually, keep a copy of the license purchase and a copy of the End User License Agreement (which should always be kept on file). Set up a tickler file to remind you when to renew and consider a "discovery" tool that will go through your network listing executables on the workstations. This way, you'll know what's on each system, and depending on the amount of purchased software, you can decide whether you need automated tracking for licenses as well.
Using your favorite search engine, enter "software license management" or "seat management" in the search box. Free software audit tools are available from the Business Software Alliance (BSA) to help determine whether a company is using unlicensed software. BSA is a watchdog group "dedicated to fighting software piracy and educating computer users about software copyrights and cybersecurity." Since 1997, BSA has collected more than $37 million from U.S. companies that have been caught with illegally copied software. If there's good reason to suspect that your company is using unlicensed software, the BSA and U.S. Marshals could show up at your door, unannounced, to do an audit. If you can't prove you own the software, your firm could be liable for restitution and fines up to $150,000 for each copy of illegal software found in use.
About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to firstname.lastname@example.org.
Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.
Last week: Disaster recovery/business continuity plans, part 2 --- Hardware
Next week: Your infosecurity education, training and awareness program