*This post originally appeared on the AppSense blog prior to the rebrand in January 2017, when AppSense, LANDESK, Shavlik, Wavelink, and HEAT Software merged under the new name Ivanti.

Three Simple Tips

As July begins, many organizations have just wrapped up their financial year. At this time of the year, we speak to many clients who are in one of two positions: 1) Some money left over at the end of the year – spend it or lose it, and 2) Unbudgeted software licensing compliance bill – where will I find the money for that?.

So, being a helpful sort of person, I thought I would share three simple tips I've picked up over many years helping customers solve the the “I’ve been audited and need to find cash” challenge.

Cards on the table first: AppSense has been helping our clients solve this challenge since 2004 in the Terminal Server/VDI world. License compliance has been a great way for us to add value and save money for organisations around the world. I've personally been involved in hundreds of these, and there are common themes that create happy client every time.

So here they are: my three simple tips for avoiding massive software license blowouts:

  1. Implement Whitelisting on the Desktop

Now I know what you’re thinking: that’s security, dude, not license compliance. I know, I know. But the reality is that one of the easiest ways for license costs to get out of whack is for an employee who has a valid need for a software package to share the key and install with a friend who would also like to use the package. When an audit eventually occurs, you are licensed for 100, but 150 copies are installed!!! Most software vendors consider installation of the software consumption of a license, so get your credit card out and pay up.

Whitelisting by nature will ensure that ONLY valid and approved software packages can be installed and run. Therefore, it provides an excellent mechanism of control. Protection from zero day attacks and the current crop of "ransomware" is a side bonus of whitelisting. Just make sure that your whitelisting mechanism of choice is simple to maintain on an ongoing basis. For example, many customers like the the Trusted Ownership feature of our Application Manager product for this reason.

  1. Audit Application Installs

Here’s a radical concept: put some responsibility back on the user. I’ve spoken to many IT departments lately who are sick of bearing the brunt of responsibility for “protecting the user - no matter what they do”. Rather than allowing a user to simply click on an app to install, try making them save the file in a specific area (fully audited of course), and then require them to make a conscious decision and answer a prompt before the application can be installed or run. Of course, you need to elevate the application’s rights as well so it will install, but all of this can be achieved simply and in a centrally managed way.

How does this help? They know they are being audited for every application install. We know and they know we know that they were the ones who made the decision to install the app. Once users know they are being audited, and are therefore held to some level of accountability, behaviour changes, and the end result is less software licensing creep and  compliance risk.

  1. Match License Control to Licensing Models

If your organisation changes the way you choose to deliver the applications to the user, that doesn’t change any of the product use rights you are bound toby from your friendly software vendor. So, in cases where applications are delivered as part of a Virtual Desktop/Terminal Server/ Streamed Application deployment, be sure to check your product use rights for your applications.

Most desktop applications are licensed per device. Office 365 and other cloud-based applications are typically licensed per user, so they are no issue as long as you stay within the guidelines. But traditional desktop applications are a challenge. Most vendors have a definition of “Run” or “Install”, so you need to check that out and understand what they mean.

For example, any application included as part of a virtual desktop build will be licensed, not by the image it is part of, but by the number of devices that can connect to that image and control/run/install the application. If you stream applications to the desktop based on a user group, be aware that if one of your users logs onto a new PC, and the application then streams down to that device, that may incur an additional license fee.

These are all things to be aware of and things that AppSense has been helping clients with since 2004. Microsoft Project and Visio are the key applications that many organizations miss when they move through a process like this.

I know they are boring, but get someone (maybe a boring person) to read the product use rights to make sure you are covered, regardless of how the applications are being delivered to your users.

So there you have it: thee simple ways to avoid that “please explain” when it comes to software compliance conversations.

I hope these have helped, and if you would like any further advice or just to ask some questions, feel free to reach out. My door is always open.