When enterprises begangiving employees the freedom to use their own mobile devices in the workplace,it opened a Pandora’s Box crammed with software licensing complications. Not that software licensing was ever simple to begin with.
But in this era of BYOD (bring your own device), the risk of business owners—or their IT providers—unwittingly violating licensing rules skyrockets. Especially since “easily 60 percent of the companies we speak to are audited annually,” says Patricia Adams, a research director at Gartner Inc. “Anyone who has installed software from such vendors as Microsoft, Adobe, IBM, Oracle, Symantec, and SAP—all very big auditors—needs to carefully watch what their compliance situation is.”
For example, a company may not consider an employee’s personal smartphone or iPad to be an official corporate asset. But if that employee brings it to work and uses it to access, say, corporate Wi-Fi or business email, new risks arise. If that company has signed, for instance, a Microsoft Enterprise Licensing Agreement committing to license “any device used for the benefit of the company,” then it better have licensed whatever Microsoft software that employee is utilizing on his or her personal device at work.
Ignorance Is No Excuse
Most of the time compliance problems are due to ignorance, says Adams, but that’s no excuse when the auditor comes knocking. “People may not realize they can’t just share their software with the person sitting at the desk next to them,” she says.
At Pica Communications LLC, a Camano Island, Wash.-based Microsoft licensing consultancy and training firm, principal consultant Paul DeGroot says one of the least-understood licensing issues is the Microsoft Client Access License (CAL). “Microsoft is trying to extract as much money from BYOD devices as from PCs,” he says, “so you shouldn’t assume that just because you are only running Apple products on your iPad you are somehow escaping your licensing liabilities to Microsoft.”
Indeed, if a company is using, say, Microsoft Exchange for its corporate email or Microsoft Office for documents or spreadsheets, Microsoft wants an employee’s smartphone to be licensed if the person interacts with those products in any way.
“It’s not uncommon for a mobile device to require six CALs if it accesses multiple pieces of software,” says DeGroot, who estimates that only about 5 percent of organizations even understand the concept of a CAL.
Experts say their best advice is to follow these five steps to bring BYOD-related software violations under control:
- Don’t permit access to business software by anyone or any device unless the enterprise knows and approves it.
- Keep strict records of personal devices used within the organization. You need to quantify the exposure.
- Have a process in place for managing usage. This will be important when the auditor drops by.
- Employees must know that using a personal device for any work creates a software licensing liability, and they should clear it with someone familiar with the rules and policies.
- Build compliance into daily operations, which will be less costly and more efficient than panicking when you suspect the auditor is coming.
Most important, experts say, is that channel pros who don’t advise their clients on how to be software license-compliant are missing out on a huge opportunity. These IT providers ought to:
- Make certain that clients incorporate licensing into their BYOD strategy.
- Give clients guidance about software vendors that are particularly aggressive about auditing.
- Work with clients involved in mergers, acquisitions, or divestitures to ensure licensing is right-sized.
When companies hire system administrators, they rarely ask in the interview whether they understand how software licensing works, says Pica’s DeGroot. “A person with the best of intentions can inadvertently create a $1 million licensing liability just by installing something incorrectly or putting it in the wrong place,” he says.
“Channel pros can use licensing compliance as a differentiator, a chance to show off their stuff, and to save clients from those $1 million liabilities,” DeGroot says. “It’s the perfect way to become that much more valuable to your customers by keeping them out of trouble.”