Click to learn more about author Victor DeMarines.
It’s a complex time to be a compliance manager.
You must combat the speed and sophistication of hackers who are so good, cracked versions of software often appear to be legitimate ones to unwitting customers in search of a discount. At the same time, you must ensure entitlements are in compliance, something made more complex with our heightened climate for business events like mergers, acquisitions and divestitures. What’s more, if you’re a vendor of on-premise software, you must also consider the licensing impacts of, for instance, the manner in which your software is being integrated with or accessed through virtual machines or Cloud-based applications.
To gain a better picture of licensing entitlements, overuse and misuse, many compliance managers are looking to combat this increasingly complex landscape with technology – layering in software usage intelligence to report accurate data and turn raw data into actionable knowledge. In deciding whether to build a custom solution or buy a packaged one for this task, there are several key questions to consider.
- Does the Data Collection Method Allow Me to Answer Crucial Questions?
There are two key questions any compliance intelligence software program must address:
- Has a meaningful threshold of usage been met, to ensure that the product has truly been adopted, and the infringement is valid to pursue?
Your solution should be customizable to trigger only when a minimum threshold of usage has been reached, indicating serious usage by a potential customer. Triggers might include files of a certain size, the use of certain features, or the number of saves performed.
- Do I know who is infringing?
When software is pirated, license identity data is usually anonymized or unavailable.
To accurately match software usage to an organization, you need to capture a host of data – from machine level user, time zone, organizational IP address, country of origin, company domain-level data, environment and architecture information, and more, all without impacting application performance.
- Is My Solution Scalable?
By capturing the full spectrum of unlicensed use—pirated copies and overuse of licensed copies across all of your products—you can maximize your leverage and the size of your recovery. But this is only practical if your software intelligence solution can scale massively.
Effective software intelligence requires exceptional scalability, both in the amount of data you can capture, manage and report on, and in your compliance program
itself. Many software providers have found that sending basic telemetry data to a log file may allow you to store data, but such an approach will fail miserably when your sales or compliance organization attempts to leverage that data to support a growing compliance program.
- Does the Solution Ensure Compliance with Privacy Regulations?
Given the sensitivity of infringement data, security, and privacy are crucial.
Your software intelligence solution should incorporate strict granular limits on who can see data and perform analyses, protected by well-tested, up-to-date security APIs.
- Can the Solution Easily Integrate with Enterprise Systems?
To simplify compliance, your software intelligence portal should integrate with data from your CRM system, either natively (for example, integrating with Salesforce.com via the Force.com platform) or via flexible web services reporting APIs. It should also provide closed loop tracking to measure conversion rates from lead to close. That harmonized data should be easily exposed through a centralized dashboard for ease of decision-making and insight. In more advanced scenarios, can you configure automated or semi-automated alerts, actions, and workflows to identify new opportunities more rapidly, and move them along to the professionals responsible for approaching customers and making sales.
Implemented properly, compliance intelligence software goes far beyond telemetry to integrate data management, analysis, processes, workflows, and organizational skillsets. It is fully transparent to legitimate customers, and to software protection measures already in place. Above all, when implemented as part of a flexible layered strategy, it has been proven repeatedly to work, and work well it does.