Entitlement and Compliance Management: Software Compliance

Software Compliance

03/18/2010

What Licensing Technology is Most Effective—To Dongle or Not?

The interesting aspect of using dongles for software licensing is that most Independent Software Vendors view them as providing portability, not necessarily more security. Licensing systems allow the software to attach the entitlement rights to a specific machine or user. The core question is, how do you identify the machine and/or user in such a way that is reliable (reduces revenue leakage) but at the same time does not create a negative user experience (reduce customer acceptance and drive up costs). Dongles play a role in this balancing act and it is this balance between revenue and customers satisfaction that independent software vendors and high-tech manufacturers should explore when evaluating a software licensing and protection solution.

There are two general classes for this license identification process, the traditional certificate file based and the more recent license activation style. In the certificate file based systems one or more identifying characteristics are listed in the file, along with a description of the entitlement rights that the customer has. The file is then digitally signed so that it can’t be altered. The licensing system reads the file and checks to see if the signature is valid and then makes a determination if the identifying characteristics listed in the file are the same that it finds in the environment. If so, then the licensing system serves out the entitlements as they are described. The identifying characteristics that are commonly used are items such as the Ethernet MAC address, the host name, the display name, or in some cases the ID from a dongle.

A MAC address or host name can easily be modified by a malicious party. A dongle is stronger but not that much stronger since dongle emulators have been in existence just about as long as the dongles themselves. What a dongle gives the independent software vendor and the customer is greater portability. Unlike an Ethernet MAC address, the dongle is easily disconnected from one machine, transported to a second, where the licenses are easily served from that second machine. The dongle is as strong an identifying factor as any other single characteristic so the entitlement rights are not significantly more secure but they are much more portable. To increase security independent software vendors and high-tech manufacturers should look at an activation style licensing system.

Using a single identifying characteristic presents an easy method for a malicious person to defeat. If an independent software vendor increases the number of characteristics then the solution must account for a concept called “machine drift”. Over time any given machine will change. Hardware is replaced, components are upgraded, and configurations are modified. When that happens if the machine drift is not accounted for the licensing system simply refuses to work until new license rights are issued. Activation style licensing accounts for machine drift by providing a much higher level of confidence on securing the entitlement rights but also by delivering a strong customer experience.

Activation style systems keep a record of both the current machine configuration and past configuration. The independent software vendor or high-tech manufacturer does not specify any characteristics, it is handled entirely by the licensing system. If the configuration has changed a little bit but has not changed too much over the past several days, weeks or months, then the drift of the machine is allowed to occur and the license rights continue to be accessible without issue. Only if the machine drifts too far, too fast does the licensing system require the entitlement to be “repaired”. In the activation style licensing, dongles don’t play a role since the activation style licensing is looking at the overall machine.

There are several vendors, each with their own twist on the above concepts but the concepts are consistent in what you will find in both commercial solutions and home-grown implementations. If you are looking for portability, Dongles might be good for you. But if you are concerned about revenue assurance, high customer satisfaction and low cost, an activation style licensing solution should be considered.

What is your experience with Dongles? Do you use Dongles or other methods for software licensing and protection?

Posted by Flexera Software on 03/18/2010 at 03:37 PM in Dongles, Grey Market, License Models, Software Compliance | Permalink | Comments (0) | TrackBack (0)

02/22/2010

Stop by and see us at the European ISV Convention in London on 25th February, 2010

By: Vincent Smyth

For all of our European followers, later this week Flexera Software will be at the European ISV Convention at the Tower Hotel in London on 25th February, 2010 as a platinum sponsor. Be sure to stop by and see us along with other leading software vendors, high-tech manufacturers, service providers, systems integrators and solution providers. It is a great opportunity to hear what is going in the software industry and marketplace and join in panel discussions as well as engage in one-to-one business meetings and network with industry peers.

We will be hosting a panel session as well as a couple of boardroom sessions:

Software Rights Management solutions – this panel session highlights how three different software vendors found ways to increase revenue and decrease costs by using software licensing and entitlement management
Missing revenue opportunities because you cannot track what licences customers are entitled to? – This “Best Practices” session looks at the areas where software vendors leave money on the table because they struggle to understand what licences their customers are actually entitled to
Electronic Downloads and Automatic Software Updates - Deliver a better service for everyone – This “Best Practices” session focuses on enabling software vendors to reduce cost, deliver a better service and drive revenue when they are able to identify and address problems associated with manually sending licence keys, software and software updates to customers

Flexera Software’s FlexNet Producer Suite has also been nominated as a finalist in the SaaS category in the IT Excellence Awards which will take place at the gala dinner after the conference.

You can find more information on the event at http://www.isvconvention.com/. We hope to see you there.

Posted by Flexera Software on 02/22/2010 at 05:00 AM in Electronic Software Delivery, Entitlement Management, SaaS, Software Compliance | Permalink | Comments (0) | TrackBack (0)

02/03/2010

Cloud Computing is Raining Results on Entitlement Management

By: Cris Wendt

Cloud Computing is beginning to deliver results for a software company’s entitlement and compliance management (ECM) solution. It’s also fitting that the company is based in cloudy Seattle.

Too often, I hear of companies wanting to "Create a SaaS Strategy" or "Move into the Cloud" as though by simply embracing these technologies a company is somehow going to achieve some results or reach the Promised Land. So it was refreshing to visit a customer recently who is realizing the benefits of cloud computing because cloud computing was a means to achieving a business objective, and not an end in and of itself. What was especially gratifying was helping the company put the plan in place and seeing it deliver on its promise!

The company is driven by a strong strategic vision of what it means to succeed in its market. They encapsulate some of their vision in the mantra "Freakishly Friendly". They believe that, above all else, the success of their products and business depends upon a very easy-to-use product, and a very "easy to do business with" experience for all facets of the customer relationship.

As we worked with the company, they said that they wanted their entitlement management and licensing and compliance experience for the user to be as "Freakishly Friendly" and as automated as possible. After the initial purchase experience, all activities such as viewing the entitlement status (what did I buy, what’s left, etc), product upgrades, and product updates should be as transparent as possible, or, done with only a few mouse clicks in the product GUI. They wanted to avoid emailing special codes, or, requiring the customer to go to a self-serve portal.

To this end, we connected the customer product to the company through "the cloud." The product calls home on occasion to retrieve updates, upgrades, and new license rights. In addition, software can be moved with a few mouse clicks. All of this is done with both the software company and the customer are able to keep close tabs on compliance. In addition, the back-office entitlement systems are also in "the cloud", ensuring that the high availability and reliability of the entitlement management systems don’t interfere with the customer experience. The result is a total customer experience that is "freakishly friendly"

Oh, and I forgot to mention. We went to visit them because their business was growing at such a rapid rate, and they were looking at new ways to improve their product (with enhanced licensing and compliance management techniques), that they wanted to ensure the the cloud solution could handle a 3x expansion in throughput.

The question for this company wasn’t "how to use cloud computing" but rather "how we can use more?" While some may argue this isn’t pure-play cloud computing, who cares? Results are raining!!

Have you considered taking entitlement management and compliance into the cloud? How do you think it would affect your customer experience and your business?

Posted by Flexera Software on 02/03/2010 at 01:00 PM in Entitlement Management, License Models, Software Compliance | Permalink | Comments (0) | TrackBack (0)

12/17/2009

SaaS / Software + Services: What Happens to Software Licensing?

By: John Frame

Independent software vendors are looking at the software industry and realizing that it is changing rapidly. From software licensing we are now talking about SaaS/Software + Services. What does this all mean? Before we attack the subject in this latest blog, I wanted to congratulate all readers who came up with iTunes as the answer to my previous blog. Many of you provided comments and as Christopher Painter pointed out in his comments there are many other aspects of software licensing that do not go away simply because you are using a SaaS or Software + Services deployment model.　 The list that we could come up with is very long, lets toss out just two examples to illustrate the various aspects of the software business you might want to be thinking about as part of your SaaS / Software + Services strategy.　

Many SaaS services have code that is downloaded by the web browser that then enriches the user experience. These might be ActiveX objects, DLLS, visual controls or Java code that is critical to the user experience you are delivering in the service. How are those files going to be installed on the various user desktops? The browser does a basic job but many independent software vendors find that they are forced to replace that installation experience with one that is more compressive and capable of dealing with all the nuances of thousands and thousands of machines. Is your service targeted at an enterprise market? If so the desktop environment at most enterprises is pre-configured and locked down.How is the IT organization going to be able to get all the various downloaded components of your service installed and included in the desktop image? How will enterprise IT keep that collection of components current?　

But what does that mean for software licensing? How about we move away from the technology and look at a business example. As we all know, some geographies or markets are effectively owned by VARs, SIs and distributors. So what is the role of the channel in the services component of a software + Services or SaaS solution? You can go down the path of trying to separate the customer from a channel partner or you can craft your services with the idea of the channel in mind. As early as possible can you have a vision in mind that accounts for the channel? For example, can your channel partners combine your services with others that do not compete but deliver something unique for that market? How will that create value and cash for the channel partner and open your solution to new markets?

SaaS and Software + Services is the latest evolution in software with previous transitions being client / server, distributed computing, mainframe / PC and so on. I think the thing for all of us to remember is that with every transition that has occurred in our industry, the various aspects of the software business changed, but they didnt go away. We have some great conversations and design efforts underway around the role of software licensing, installation, and application repackaging in SaaS and the services component of Software + Services. I would welcome the chance to include your thoughts in our conversations both internally as well as here on the blog.

If you have some thoughts please let us know!

Posted by Flexera Software on 12/17/2009 at 02:21 PM in License Models, SaaS, Software Compliance | Permalink | Comments (0) | TrackBack (0)

11/11/2009

Ramblings on Best Practices for Entitlement Management and Software Licensing

By:Cris Wendt

In the world of consulting in entitlement management and software licensing (or any other field for that matter), the term "best practice" is often used to describe the best process, method or approach for performing a particular task. It’s intended to represent the prevailing wisdom on a particular topic based upon experience and business results. It’s a term often used by both consultants and customers to describe a proven approach to solving a problem.

Best Practice is both powerful and misleading. Many best practices can be broadly applicable and should be adopted, while many are not. It’s important to realize when to use a prevailing best practice and when to not simply adopt what’s worked for someone else.

Some processes or approaches don’t need to be constantly re-evaluated as they are not important to the mission of the business. Processes like those involved in accounts receivable are not often mission -critical (and subject to audit scrutiny), so it’s most efficient to simply adopt prevailing best practices.

Over time, other best practices may evolve due to how companies manage changes in business regulations (SOX auditing, FASB compliance), technology (SaaS, Virtualization, Cloud Computing), market forces (economic conditions leading to a shift from Capital Expense or CAPEX to Operational Expense or OPEX), the competitive landscape (shift in license models by competitors), or other factors.

Having watched software licensing and entitlement management evolve for 15 years, it’s interesting to see how companies view best practices, especially when it comes to establishing powerful market positions.

Ironically, I often see companies struggle with extensive market research and analysis about what their competitors do in order to identify and adopt an existing best practice in an area where they should be looking for differentiation. We recently worked with one client who wanted to know what the prevailing best practice was for the "license metric" in their market. The license metric is the most important attribute of a software license – it’s the characteristic that drives pricing (e.g. counted user, per seat, per-minute of usage, etc). In a sense, they wanted to adopt what the market viewed as a standard way to price software, which is typically an area companies look for a competitive advantage. It really isn’t a surprise this company was not doing particularly well in the market.

On the other hand I have worked with and for companies who actually create best practices. These are the ones who are looking for specific competitive advantages or to accomplish certain strategic objectives and didn’t care too much about existing standards. I remember working with one small company who had an informal mantra of freakishly friendly - we spent extensive time with the executive leadership team developing software license models and an entitlement management process to create an extremely positive customer experience. As a result, they set a new highbar on best practices for customer experiences.

In some upcoming blogs I’ll be exploring some software licensing and entitlement management best practices. I’ll look at when it’s best to adopt prevailing best practices because it’s the most efficient approach. More importantly, I will discuss when it’s time to seek out and find competitive advantages by adopting and evolving best practices.

Posted by Flexera Software on 11/11/2009 at 01:00 PM in Entitlement Management, License Models, Software Compliance | Permalink | Comments (0) | TrackBack (0)

11/04/2009

Implementing Software Licensing or Software Auditing is Easy. But Do You Have a Good Design?

By: Cris Wendt

When working with software producers and high-tech manufacturer who are implementing software license technology, we use a top-down methodology to find the best fit for how that company will implement software licensing. The process is fairly straightforward: we work with product and business leaders to develop a written compliance philosophy, and then use the compliance philosophy to create one or more enforcement profiles which guide the implementation of software licensing. The result is a well-designed and consistent approach to software compliance and enforcement that balances the company’s desire to balance revenue recovery with a positive customer experience.

This approach can also be used for companies that aren’t using software licensing, but do want to evaluate what the enforcement experience should be for customers who are using software outside the bounds of the license agreement. The importance of this process is the conversation that results among the different business stakeholders who are participating in the process. It allows different perspectives to be discussed, evaluated, and integrated into the way software licensing will eventually be implemented (or perhaps, not implemented) in a product.

Without such a process, different product groups often make their own decisions, sometimes inconsistent with how other product groups implement licensing or approach software compliance, or, they may make decisions based upon one technologist’s view of how the product should behave, possibly ignoring the wider business perspective.

The compliance philosophy is meant to be a guiding statement about how a software publisher views software compliance and will guide the development and implementation of software licensing and associated activities. The compliance philosophy reads a little bit like an extended mission statement. It will need to consider factors (descibed in my previous blog), such as product, market, lifecycle, and geographic considerations, and describe at a high level, the approach the publisher will use to guide the implementation of technology, and it will trade-off revenue recovery efforts with customer experience. The software compliance philosophy is typically 3-4 paragraphs in length - less than a page.

After the compliance philosophy is established, we use a somewhat standardized template to develop a software enforcement profile. The enforcement profile lists about 10 -15 different parameters of non-compliance, such as: using software on the wrong machine, an incorrect user using the software, accessing an incorrect version of software, exceeding the allowed count, etc. For each of the parameters, we assign a specific enforcement action from a list of about 8 approaches. These enforcement actions collectively represent a range of experiences from "Do nothing – No Product Disruption", to "Message the User – Product Operates Normally", through other actions to the other extreme of "Disallow Product Operation". The collection of the 10 – 15 different parameters with its selected enforcement action is considered an enforcement profile.

We typically start by creating about 5 or 6 enforcement profiles for larger companies, based around where we think there may be some commonality for enforcement behavior. For example, we may create one profile for "mission critical" products, one for "commodity products sold into Asia/Eastern Europe", another for "Software sold in large enterprise deals", etc. As we go through the process to develop and compare the different profiles, we usually consolidate the profiles down to one or two. Typically, companies will trade off the simplicity of fewer, more powerful enforcement profiles over the complexity of too many.

After the enforcement profiles are created and socialized, the remaining steps are to implement the software enforcement profiles in standard ways (typically, creating standard implementation libraries), integrating changes to the enforcement profiles into an existing change management process to ensure that consistency is maintained over time. That is how you maintain a good design while implementing software licensing and auditing.

Does your company have a common compliance philosophy? How do you approach this issue?

Posted by Flexera Software on 11/04/2009 at 01:21 PM in License Models, Software Compliance | Permalink | Comments (0) | TrackBack (0)

Entitlement and Compliance Management

Entitlement and Compliance Management: Talking Successful Software is a resource for software producers and high-tech device manufacturers in licensing and entitlement management.