Software protection is an essential capability for any software vendor as it helps ensure that customers can only unlock the programmes and data that they’re meant to be using. However, many software vendors simply leave the doors wide open. No-one should have permanently privileged access to your software – not even with a perpetual software license.
If you’re a software vendor and you’re good at your job, you’ve created a software solution that provides significant value to your customer. Your software will provide them with new capabilities, increase their capacity to undertake new work, streamline their processes or create operational efficiency. You can rely on your customers to contact you when they want a new perpetual software license or product update, because without them they may not be able to do their job – or at least not as efficiently. But how likely is it that your customers will contact you to ensure that they can’t use your software? How do you get access to a perpetual software license back? Can you get a license back – even with a license key?
Even with hardware-based ID’s, there’s no way of reliably knowing where and how your software is being used. Hardware can be cloned and license dongles can easily be passed from one user to another. In the case of decommissioned machines, you usually have to simply trust that your customer is only using newly issued product keys and that their old licenses have been reliably decommissioned with the hardware.
Ensuring that access rights reconcile with actual software usage and that those records are kept up to date is important for any organisation in order to ensure that they’re not only operating efficiently but also that they’re remaining compliant with the terms of a perpetual software license. Mergers and acquisitions within customer organisations, changes in deployment practices, lack of license management and simple misunderstandings about license requirements can easily cause an organisation to be incorrectly licensed.
Over time employees accrue access rights as they evolve within an organisation and often access to software under a perpetual software license will never be revoked. An employee can continue to use a software application even if their role no longer requires it. Given that generally software over-use is accidental due to not having the correct practices in place to ensure supervision, you don’t want to create or allow this headache for any of your customers.
Your customers don’t want to suddenly discover under audit that they are overusing software. Three employees with access to a single perpetual software license is a big problem. Being under licensed means that your customer doesn’t have enough software licenses to cover the amount of software that they have deployed across their organisation. Skyskit estimates that a software licensing violation could cost your customer in the region of $100,000 per non-compliant software license. On the other hand being over-licensed means that your customer has a perpetual software license for more software instances than they are using – therefore overspending on their software assets. If you think that this sin’t your problem then you should think again. However, tracking and monitoring software can be a huge drain on resources for both software vendors and their customers. Cser suggests that access review for every 2,000 to 3,000 users consumes approximately one full-time-employee salary equivalent per year.
There are tools on the market that claim to have the built-in knowledge needed for software license management, but this is not really the case. The work is either done manually in the form of spreadsheets that are imported into a tool and then presented to customers – or a slightly more streamlined (automated) version of this. A glorified list of software users and a computational comparison with a stored license file isn’t enough if you’re the person accountable for software license reconciliation. Even with an expensive audit you have no way of tracking hardware and employees that are no longer associated with a particular company.
Software license management is often a manual and very time-consuming task for you and your customers. Being able to reliably revoke access rights is essential for software developers in order to provide complete software protection. However, you can also add considerable value to your customers by helping them effectively and securely manage access rights. Helping them understand how they’re using your software within their end-user environment not only ensures that they remain compliant but also ensures that you aren’t missing revenue.
Customers these days license software from multiple software vendors and require much more flexibility than a perpetual software license. An IT asset management market review recently concluded that ‘cloud-based subscription licensing will be the most popular method of licensing software in the future’ and this is supported by IDC Futurescape which predicts that eventually, 100% of organisations will migrate from a perpetual software license to more consumption-based pricing.
It’s no longer financially viable for software vendors to offer a ‘one size fits all’ perpetual software license model. If you’re an ISV you need to offer multiple license types from the same software product – potentially even offering several different license types to the same customer. You also need to be able to reliably revoke access to your software when the rights and entitlements of your customers change.
Of course, it’s possible to include an expiry date in a license or LIC file, which effectively disables access. Temporary LIC files with expiry dates are great for providing trial versions of your software, but what about further down the line when your customers require more complicated licensing models like floating licensing?
The use of floating licenses can help your customers optimize software licensing by ‘re-harvesting licenses’ or moving them from one employee to another. However, you can’t send a license file to every end user that needs access to your software and then simply trust that an organisation will not exceed their concurrent user limit.
You also can’t ask your end users to manually request a licence file every time they want to run an instance of software and then ask them to delete or return the file somehow when the software exits so that the license becomes available for other users. For more information about floating licensing and how it works read our blog post ‘What is a floating license?’.
One way to partially overcome the concurrent user problem is to use a license server to assist with managing the licensing process. Effectively a license server is just automating the process of issuing and recovering license from a central license pool, but in practice, such an approach still offers no real control over who can access your software.
While it remains the responsibility of your customers to ensure that they comply with the terms under which they have licensed a product from you, in today’s world, customer’s expect this to be as simple and as automated as possible. With the current shift away from perpetual licensing ISVs need to offer greater flexibility. This gets even harder as your software business grows – organically or through acquisitions – and new products are added.
Introducing variety into your licensing model means having to have even tighter control over access rights and user entitlements. You can’t effectively control software licensing with outdated software licensing solutions. You can’t reliably revoke access rights using hardware locked software license keys or even with license servers.
Software licensing is currently undergoing a dramatic transformation in order to meet the new expectations and needs of business customers. Traditional, license key-based solutions are simply not up to the task of providing the granular control required to service these new requirements. So how can your company become more software-centric in its approach to licensing? How can your software company drive revenues, efficiency and flexibility though licensing?
A simple way to solve this is to implement identity-based access control, which links access rights to a user’s role and corresponding entitlements. With 10Duke everything is driven from the cloud. You simply set up product packages, which are combinations of your core applications and product features. Your customers can then easily assign these product packages to individuals, roles, groups or entire organisations and 10Duke enforces identity-based access to your applications on your behalf, based on the licenses you have granted.
For example, let’s say that an organisation wants to license your product that has 10 features in total. However, not all users of the customer want or need access to all 10 features. Some employees need access to the first five features (we’ll call this Group A) and some need access to the remaining five (Group B); three management employees need access to product features 1, 5, 8, 9 and 10 (Group C).
With 10Duke you simply create 3 separate product packages for these three different user groups via a simple web-based configuration tool. Your customer assigns employees to group A or group B or the management group and when an employee signs into their workspace, 10Duke authenticates their Identity and authorises access to the applications that they’re entitled to use.
In this way you have granular control over your products and your customers can easily and instantly manage employee access rights. When it’s time for access to be revoked, you (or your customer) can simply update an end-user’s entitlements and the next time they log in, they will have been downgraded to the new rights.
Using 10Duke API controls for your software licensing will free you completely from the headache of reconciling software licensing tasks and provide granular control for optimizing your software licensing.
Read the White Paper – Approaches to Software Licensing: Selling and Distributing Software Products in the 21st Century
To find out more about 10Duke products and services why not schedule a free product demo.