Entitlement and Compliance Management: Software Compliance

Software Compliance

08/18/2010

Software Entitlement Management & the Compliance Burden of Proof

If you buy software licenses, you will probably be presumed guilty until proven innocent for ensuring that you are using software in compliance with your software license agreement. The burden of proof of evidence is place upon the user of software. If an audit occurs, you somehow must match the deployment and usage of software to some combination of documents to show entitlement rights.

However, if the burden of proof were placed on the shoulders of the software vendors, then the story may be different. This is especially true in the world of B2B enterprise software.

As a colleague of mine once said, "compliance is like the sound of hands clapping – one hand is usage reporting and software asset management from the customer, while the other hand involved in the clapping represents the software vendor's entitlement management systems." In most cases, the hand representing the software vendor's entitlement management system would be missing, or at least missing a few fingers.

Many software vendors will readily admit that their records of what software licenses customers are entitled to use are so bad, that they often call their customers to find out what the customer should own. In fact, I think that every software vendor over $1M in annual revenue has dirty data in their entitlement management systems.

How can this be? There are several problem areas that seem to contribute to an ever-worsening situation. Below are some of those problem areas:

Non-standard agreements with little auditability: Many software vendors derive the lion's share of their revenue from large ELAs (Enterprise License Agreements )– deals designed to meet the specific needs of their customer, but they are often non-standard in nature and include many terms that cannot be tracked without spreadsheets, and knowledge inside of people's heads. One example is the "remix" – an approach to allowing customers to remix their licenses annually, based upon a formula that involves the list price of the software, and, the percentage of the total software purchased.
Fuzzy license models: Some software vendors sell concurrent licenses, but aren't clear on the distribution of those concurrent users – are the users all local to one building, or, can they be dispersed geographically? The issue arises when licenses are being used on a worldwide-basis (24 hour usage), but the pricing intent was for the licenses to be used locally.
Product packaging changes: Over time, software entitlements change because the underlying software product packaging changes. As the result of M&A, market re-branding, or end-of-life processes, customers may be "migrated" from one set of products to another, using a method that is customer friendly, but difficult to track or audit in an entitlement management system.
Using ERP systems as entitlement management to track license rights: ERP systems were designed to track the manufacture and delivery of physical goods. Upon delivery, the product is shipped, and the role of the ERP typically ends. With software, the trouble usually starts after the software is delivered, as exact mix and version of software, including who exactly is entitled to use the software evolves over time due to upgrades, updates, moves, M&A, and product repackaging. Over time, software vendors often lose track of which customer is entitled to own a product. A true entitlement management system is needed, and must be properly integrated with an ERP system to effectively manage software entitlements.

Next week – How to approach improved entitlement management…

Posted by Flexera Software on 08/18/2010 at 11:29 AM in Entitlement Management, License Models, Software Compliance, Software Licensing | Permalink | Comments (1) | TrackBack (0)

08/05/2010

Software Licensing, Monetization and the “Build vs. Buy” Decision

By: Jim Geisman, Software Pricing Partners

Don't wait too long to make decisions about software licensing and monetization like one of the entrepreneurs at a meeting I recently attended. This entrepreneur was about to launch an innovative mobile application and was asked "How are you going to monitor and monetize your offering?" He had this deer-in-the-headlights look and said "We don't know but we're going to build our own system."

I suppose there are some things that you can leave until the last minute but it's not smart to do this when it comes to making money. You can make more money if you monitor application usage but some things need to be done in advance:

Choosing which metric to use for your product and which functionality will go into the various packages of an offering
Building "hooks" into an application to monitor and ultimately monetize certain features or user attributes using these metrics
Knowing the usage information needed so the right price levels, discounts, and products are included in a billing or credit card transaction

If you do these things in advance, the system(s) that monitors and monetizes and application activity can be used more effectively in generating revenues that arise from the metric and packaging parts of your pricing model. This system is also critical to fulfilling – literally and digitally – the value that is promised by your application.

Because this system is so critical to your financial success, think twice before spending "core" development dollars on this "non-core" activity, applications monitoring and monetization. In general, in-house developed non-core applications don't work out well because companies tend to overestimate the benefit they get and underestimate the time and ongoing effort such a development requires.

In this case, find an organization whose core activity is applications monitoring because a poor "build versus buy" decision can hamper your monetization strategy and revenues.

There are two reasons for doing this: focus and expertise. Companies that focus on monitoring and monetizing applications will always do this more effectively than companies that focus on doing something else – like delivering applications that meet customer needs. A focus on one area (applications monitoring and monetization, in this case) means acquiring the expertise to build products that anticipate the needs of a broad customer base – something an application developer cannot do because they can't anticipate how their needs may change over time.

The net of all this is use others' expertise to leverage your investment in product development and support. Maintain your focus on monetizing the value you deliver to your customers, if you want to maximize your revenues.

Jim Geisman is a guest blogger on Flexera Software's Entitlement and Compliance Management blog. Jim is the founder and principal of Software Pricing Partners, Inc. where he provides senior management counsel and marketing and sales consulting services. He has led consulting engagements for a broad range of clients addressing fundamental issues affecting business success.

Posted by Flexera Software on 08/05/2010 at 11:00 AM in Software Compliance, Software Licensing | Permalink | Comments (0) | TrackBack (0)

07/14/2010

Key Trends in Software Licensing and Pricing Survey

Now in its sixth year, the Key Trends in Software Licensing and Pricing survey is now open. This annual Flexera Software sponsored research project looks at the software licensing, pricing, and compliance enforcement trends and best practices around the licensing of application software as well as embedded software on devices. The survey is open to all software vendor firms, high-tech manufacturers, and enterprise customers who use and manage software and intelligent devices. The survey results will be presented by Amy Konary – Research Director, Software Pricing, Licensing, and Delivery for IDC, at the annual SoftSummit conference and will be made available to the industry at large after the conference.

The 2009 survey results found software vendors and high-tech manufacturers coming closer together with enterprise IT customers as the stakeholders in the software industry sought greater flexibility in software licensing and pricing models. A key driver in 2009 was the global economic downturn, which compelled both producers and enterprises to rethink, retool, and restructure the way they do business, control costs, and ensure compliance. Just as producers see the need to be responsive to customers through innovation in pricing and licensing, enterprise IT and procurement teams have been forced to deal with cost cutting at an unprecedented level, requiring more innovation and flexibility in what they demand of their vendors.

Be sure to weigh in on the 2010 survey so that your opinions are heard. The 2010 survey builds off the 2009 survey questions and introduces a few new questions. Specifically, the impact that virtualization, SaaS, and the "Cloud" will have on software licensing and pricing business models and policies?

Take the survey now!

Posted by Flexera Software on 07/14/2010 at 02:22 PM in Embedded Software, Software Compliance, Software Licensing | Permalink | Comments (0) | TrackBack (0)

06/28/2010

SoftSummit 2010: The Premier Software Licensing and Entitlement Management Event

By: Flexera Software

Effective immediately, registration is open for SoftSummit 2010—The Premier Software Licensing and Entitlement Management event designed specifically for Software Vendors and High-Tech Manufacturers. If you develop and/or sell software or intelligent devices, this is the event for you!

This year SoftSummit attendees will have the opportunity to analyze, dissect and discuss the newest technologies and trends concerning virtualization, cloud and SaaS, compliance and consumption licensing – while learning about strategies to help adapt your business to stay competitive and win in today's fast-paced market.

SoftSummit 2010 attendees will:

Hear analyst insights and strategies for capitalizing on the latest technologies and trends impacting software licensing, entitlement and compliance management, and device lifecycle management
Engage with real customers who have embraced the newest technologies and trends to transform their business and prosper
Network with the best in the industry—analysts and peers—while sharing and learning best practices
Hear strategies and best practices for growing and adapting your business, streamlining processes and cutting costs
Spend 1:1 time with Flexera Software executives and product management teams

Want to learn more or register for SoftSummit? Visit http://www.softsummit.com/ to view the agenda, review proposed sessions, see who should attend and register.

We look forward to seeing you at SoftSummit 2010!

Posted by Flexera Software on 06/28/2010 at 11:38 AM in Electronic Software Delivery, Embedded Software, Entitlement Management, Intelligent Device Management, Software Compliance, Software Licensing | Permalink | Comments (0) | TrackBack (0)

06/10/2010

Why Is Software Licensing and Device Lifecycle Management Important to Medical Device Manufacturers?

In a recent article featured in Design Manufacturing Services, David Znidarsic, Vice President of Technology at Flexera Software, explores electronic software licensing management, a simple solution for medical technology manufacturers that can ensure regulatory compliance while delivering a host of additional benefits, including simplifying how companies bring their products to market and ensuring they can maximize their revenue.

Here’s a snippet of the article…

As healthcare facilities rely on an ever-growing population of medical devices controlled by FDA regulations, ensuring compliance becomes an increasingly complex challenge. At the same time, manufacturers have begun implementing more of their key features through software, turning these hardware providers into software companies that must confront issues related to software product lifecycles, version control, and software pricing. Meeting these challenges, however, should not require a massive administrative and operational effort.

The article goes on to talk about:

· The Changing Industry

· Electronic Software Licensing to the Rescue: Three specific benefits for medical equipment manufacturers

1. Compliance

2. Feature control

3. Multiple device identifier types

· Electronic Software Licensing in Action: Three Use Cases

1. Compliance

2. Capabilities

3. Generating Revenue

· Looking for an Electronic Software Licensing Solution

Read the entire article -- Managing Compliance and Software Lifecycles for Medical Device Manufacturers.

What other types of intelligent (embedded with software) devices do you think would benefit from software licensing and device lifecycle management?

Posted by Flexera Software on 06/10/2010 at 03:53 PM in Embedded Software, Entitlement Management, Intelligent Device Management, License Models, Software Compliance, Software Licensing | Permalink | Comments (0) | TrackBack (0)

05/27/2010

Software License Compliance – A Modern Day Dr. Jekyll and Mr. Hyde

By: Cris Wendt

The software licensing market is certainly maturing and evolving when it comes to the different ISV views on compliance and enforcement. In fact, there's almost a Dr. Jekyll and Mr. Hyde complex for many software companies. But, in marketing terms, this may simply be called compliance segmentation. Let me elaborate further.

For starters, compliance simply refers to the act of using a software license within the bounds of a license agreement or an entitlement right. If the user is using the software within the bounds of the agreement, then we say that usage is "in compliance". If the user is using software outside the bounds of the agreement, we say that usage is "non-compliant".

There are different philosophies ISV's have about how they approach compliance. One philosophical extreme is that out-of-compliance usage is largely non-intentional because it is performed by honest people, in honest companies, in honest regions, possibly using mission-critical software, so there is no need to forcibly stop users from using software in a non-compliant want. In these cases an "ease of use" philosophy can be adopted. At the other extreme, the compliance philosophy may be that non-compliant usage is the result of dishonest people, in high risk geographies, trying to steal and re-sell software (such as games). This is known as software piracy. As a result, for these situations, a "cease of use" philosophy may be adopted, whereby attempts to use illegal copies of software will prevent the software from being used. Of course, the philosophy toward compliance can be more nuanced, and lie somewhere between these two extremes.

As the software market matures, I am seeing trends to both ends of the spectrum, sometimes within the same company. I'll have a CFO say to me that they don't want to get in the way of their enterprise accounts using software, because over-compliance usage is really a low-cost way to sell more software. In these cases, they want "hassles free" licensing and no embedded technology. On the other hand, the same CFO will say that they are concerned with selling software through channel partners to high-risk geographies because of the threat of piracy and intentional over-usage. In some cases, CFO's find that piracy can be from 10% - 300% of their regional revenue. In these cases, they want software locked down, they want embedded protection, and potentially the software binary protected from tampering.

Seemingly there is a Jekyll and Hyde Paradox with such extreme requirements. Furthermore, the philosophy a company chooses to adopt toward compliance, will in turn drive their enforcement method and associated license technology.

Really what is happening is a maturation process - software companies are learning how to segment their markets for purposes of compliance, just as they segment markets for other purposes (e.g. marketing campaigns, products, etc.), and there is no paradox at all. In fact, we work with a variety of ISV's to understand their segmentation, and apply different compliance business policies (we call these "enforcement profiles") within a single license technology and entitlement framework to meet the needs of these various market segments. This, in turn, allows an ISV to tune revenue over all market segments with a consolidated approach to compliance and enforcement.

Posted by Flexera Software on 05/27/2010 at 05:53 PM in Software Compliance, Software Licensing | Permalink | Comments (0) | TrackBack (0)

04/21/2010

Increasing the Effectiveness of Your Software Licensing Business

By: Cris Wendt

It was refreshing last week to see an IDC article on creating license policies for software licensing. Outside of creating some basic software licensing governance and management, creating a corporate policy document is the simplest and probably best investment that an independent software vendor (ISV) can make to improve their software business results. A policy document is really an operational business framework that balances the 3 elements of a software business that form the basis of a Software Profit Engine:

Product Commercialization - The intent of product packaging and license models
Product Technology - The design of products to deliver on commercial intent
Entitlement Management – The systems and processes that deploy products to customers

The reason that this is so important is because a software company actually requires more "supply chain" discipline than a business that builds physical devices, largely because software is so malleable and so easy to change. Over time there are inconsistent and ad-hoc decisions on how to sell and manage software over its lifecycle due to M&A, upgrades, updates, product repackaging, license model changes, product bundles, and transitions (typically due to product EOL). These product transformations, if not managed consistently across the business, lead to delivery problems with entitlement management systems, dissatisfied customers because of gratuitous product line differences, lost up-sell revenue, and an inability for customers to manage compliance. Over time, operational costs increase with a proliferation of manual processes.

While the IDC article contained many important elements for a license policy document, we tend to structure documents for clients that encompass more operational considerations to ensure a balance of intent and capability.

Below is a summary outline of such a document that we've developed for several large ISV's.

Key Assumptions & Requirements – Key assumptions about the business, markets, products and customers that are relevant for the document. Also included are the maintenance and support models, virtualization support, product usage models, customer segmentation, etc.
License Models & Metrics – This contains all of the revenue and non-revenue license models supported by the business, including the license terms, metrics, and SKU mapping requirements for each model.
Product Taxonomy & Lexicon – A standard set of product structures (e.g. product line, product, bundle, suite, upgrade, update, etc) and a common vocabulary are established. Included is a 360^o view for each product structure (from quote, through order, ERP representation, use-model, and invoicing). Also often considered, are the product lifecycle policies.
Product Compliance & Enforcement – A corporate compliance philosophy is documented, along with different enforcement profiles which will prescribe the framework for product behavior when it detects non-compliance usage.
Technology Design – Once an enforcement technology is selected, implementation standards are established to ensure consistent behavior across all similar products.
Prospect-to-Support Business Flows – The set of supported business transactions that channel partners and customers will have with the business over their lifecycle (from the time they are "prospects", all the way through the time that are using "support") are defined. This forms the basis for what an entitlement management system must do.
M&A Integration – Companies that are acquired through M&A should be transitioned into the business framework governed by this policy using a specified process, within recommended timeframes.
Governance & Change – The policy document and associated processes form the basis for making coordinated changes across the organization. In addition, with effective governance and leadership, new licensing opportunities can be pro-actively added to the company policies.

If you are a software ISV and don't have an established software licensing policy, it may be time to consider developing one. You may be surprised with the company you will have, and how your business results may improve.

Posted by Flexera Software on 04/21/2010 at 01:25 PM in License Models, Software Compliance | Permalink | Comments (0) | TrackBack (0)

03/23/2010

Floating Software Licensing 2.0 – Virtual Machines & Cloud Computing

By: Cris Wendt

Software licensing models evolved in the 1990’s with the emergence of the floating license model, a model still in wide scale use today, largely in technical software markets. At the time, the floating license model was an evolution of machine-locked software that was prevailing on standalone or lightly-networked personal computers. Interestingly, the floating license model is taking its next evolution, with virtual machines and Cloud Computing. However this time, floating licenses are probably going to do for enterprise software what they did for technical software the first time around.

Floating Licenses 1.0 – License Mobility for Vertical Software

The floating license model evolved to meet the needs of workgroup computing in the 1990’s. In the late 1980’s and early 1990’s the computing environment began to evolve with the availability of the networked workstation from Sun Microsystems and others. In a networked environment, resources such as printers and storage are shared among users in a local area network. A natural evolution was the sharing of a software license – hence the term “floating license”. With the floating license model, when the user starts their software on a machine in the network, that software will automatically check-out a license from a license server (so long as licenses are available). As long as the license is checked-out, the user is able to run the software associated with the license, and no one else can use that license. When the user is done using the software, the license is automatically returned to the license server for others to use. The license server can contain multiple quantities of different licenses, allowing entire workgroups to share licenses for different software titles. If a license isn’t available for a particular user because they are checked-out, the user can wait for the license to be available, and/or, as the system administrator to buy more licenses. The floating license has an interesting attribute - because a software license is sharable, it can be used on a variety of different machines over the course of its life. This means that the software license can’t be tied to a particular machine type as identified by the number of cores, CPU’s, or processors. The floating license model works very well in markets where customers require access to a wide variety of software titles over the course of a day.

Over time, the flexibility of the floating license model and associated license server technology provided the basis for more flexible license models in wide scale use today (such as subscription licensing, time-based “peak usage” licensing; forms of pay-per-use licensing models), along with a variety of asset management and reporting tools associated with the license server technology. This in turn, allows for more efficient usage and tracking of software, and, the capability to construct more sophisticated license agreements with both the consumer and independent software vendor understanding usage information.

Floating Licenses 2.0 – License Mobility for Enterprise Software

Fast forward to a year in the future, say 2011, or 2012. The floating license model is becoming the paradigm for the use and management of enterprise level software, for similar reasons it became popular with technical software.

With virtualization technology, enterprise software licenses previously dedicated to physical machines are increasingly being deployed in unique virtual machines. This virtual machine can be moved to the particular physical machine that is available and best suited to the requirements of the user.

With virtualization moving technology such as VMotion, the situation becomes more interesting. Now users, have the capability to dynamically move those virtual machines from one machine to another, without disruption and without delay. For now, this is a convenient method to provide a high-availability solution for enterprise software. If the machine running the main virtual machine fails, the virtual machine can be “auto-magically” moved to another physical machine.

Now, let’s extend the paradigm. Suppose an enterprise has several enterprise applications running on premise, but they are running out of machine bandwidth, perhaps due to some seasonal variability in the business. Wouldn’t it be convenient to move one or more of the virtual machines to another machine on-premise or, into the cloud and let another hosting center run the application for awhile? Alternatively, suppose an enterprise initially decided to have their purchased enterprise software hosted by a cloud provider initially, but over time, decided to move on-premise to lower costs or gain more control? Wouldn’t it be ideal to simply transfer a virtual machine (including all associated data) from the hosting provider in the cloud to an on-premise machine?

Of course, this is a reach right now with virtual machine moving technology, compliance technology, and security, but it’s not too far-fetched to think we may see it in the next few years.

Posted by Flexera Software on 03/23/2010 at 01:00 PM in License Models, SaaS, Software Compliance | Permalink | Comments (0) | TrackBack (0)

03/18/2010

What Licensing Technology is Most Effective—To Dongle or Not?

By John Frame

The interesting aspect of using dongles for software licensing is that most Independent Software Vendors view them as providing portability, not necessarily more security. Licensing systems allow the software to attach the entitlement rights to a specific machine or user. The core question is, how do you identify the machine and/or user in such a way that is reliable (reduces revenue leakage) but at the same time does not create a negative user experience (reduce customer acceptance and drive up costs). Dongles play a role in this balancing act and it is this balance between revenue and customers satisfaction that independent software vendors and high-tech manufacturers should explore when evaluating a software licensing and protection solution.

There are two general classes for this license identification process, the traditional certificate file based and the more recent license activation style. In the certificate file based systems one or more identifying characteristics are listed in the file, along with a description of the entitlement rights that the customer has. The file is then digitally signed so that it can’t be altered. The licensing system reads the file and checks to see if the signature is valid and then makes a determination if the identifying characteristics listed in the file are the same that it finds in the environment. If so, then the licensing system serves out the entitlements as they are described. The identifying characteristics that are commonly used are items such as the Ethernet MAC address, the host name, the display name, or in some cases the ID from a dongle.

A MAC address or host name can easily be modified by a malicious party. A dongle is stronger but not that much stronger since dongle emulators have been in existence just about as long as the dongles themselves. What a dongle gives the independent software vendor and the customer is greater portability. Unlike an Ethernet MAC address, the dongle is easily disconnected from one machine, transported to a second, where the licenses are easily served from that second machine. The dongle is as strong an identifying factor as any other single characteristic so the entitlement rights are not significantly more secure but they are much more portable. To increase security independent software vendors and high-tech manufacturers should look at an activation style licensing system.

Using a single identifying characteristic presents an easy method for a malicious person to defeat. If an independent software vendor increases the number of characteristics then the solution must account for a concept called “machine drift”. Over time any given machine will change. Hardware is replaced, components are upgraded, and configurations are modified. When that happens if the machine drift is not accounted for the licensing system simply refuses to work until new license rights are issued. Activation style licensing accounts for machine drift by providing a much higher level of confidence on securing the entitlement rights but also by delivering a strong customer experience.

Activation style systems keep a record of both the current machine configuration and past configuration. The independent software vendor or high-tech manufacturer does not specify any characteristics, it is handled entirely by the licensing system. If the configuration has changed a little bit but has not changed too much over the past several days, weeks or months, then the drift of the machine is allowed to occur and the license rights continue to be accessible without issue. Only if the machine drifts too far, too fast does the licensing system require the entitlement to be “repaired”. In the activation style licensing, dongles don’t play a role since the activation style licensing is looking at the overall machine.

There are several vendors, each with their own twist on the above concepts but the concepts are consistent in what you will find in both commercial solutions and home-grown implementations. If you are looking for portability, Dongles might be good for you. But if you are concerned about revenue assurance, high customer satisfaction and low cost, an activation style licensing solution should be considered.

What is your experience with Dongles? Do you use Dongles or other methods for software licensing and protection?

Posted by Flexera Software on 03/18/2010 at 03:37 PM in Dongles, Grey Market, License Models, Software Compliance | Permalink | Comments (2) | TrackBack (0)

02/22/2010

Stop by and see us at the European ISV Convention in London on 25th February, 2010

By: Vincent Smyth

For all of our European followers, later this week Flexera Software will be at the European ISV Convention at the Tower Hotel in London on 25th February, 2010 as a platinum sponsor. Be sure to stop by and see us along with other leading software vendors, high-tech manufacturers, service providers, systems integrators and solution providers. It is a great opportunity to hear what is going in the software industry and marketplace and join in panel discussions as well as engage in one-to-one business meetings and network with industry peers.

We will be hosting a panel session as well as a couple of boardroom sessions:

Software Rights Management solutions – this panel session highlights how three different software vendors found ways to increase revenue and decrease costs by using software licensing and entitlement management
Missing revenue opportunities because you cannot track what licences customers are entitled to? – This “Best Practices” session looks at the areas where software vendors leave money on the table because they struggle to understand what licences their customers are actually entitled to
Electronic Downloads and Automatic Software Updates - Deliver a better service for everyone – This “Best Practices” session focuses on enabling software vendors to reduce cost, deliver a better service and drive revenue when they are able to identify and address problems associated with manually sending licence keys, software and software updates to customers

Flexera Software’s FlexNet Producer Suite has also been nominated as a finalist in the SaaS category in the IT Excellence Awards which will take place at the gala dinner after the conference.

You can find more information on the event at http://www.isvconvention.com/. We hope to see you there.

Posted by Flexera Software on 02/22/2010 at 05:00 AM in Electronic Software Delivery, Entitlement Management, SaaS, Software Compliance | Permalink | Comments (0) | TrackBack (0)

Entitlement and Compliance Management

Entitlement and Compliance Management: Talking Successful Software is a resource for software producers and high-tech device manufacturers in licensing and entitlement management.