Software Licensing Featured Articles

Companies Put IT Security at Risk in Response to Complex Licensing Agreements

By Christopher Mohr, TMCnet Contributing Writer

Software licensing for the enterprise is, at best, a challenging process. It has become so complex that many IT departments have to purchase software to make sure the other software it uses complies with licensing terms.

One segment of the software market where licensing can be especially difficult to deal with is security. Many vendors will not budge an inch on licensing terms for the solutions they sell. Others have terms that are so complex that compliance becomes prohibitive. As a result, many companies choose to punt when it comes to security software. They either do without the solution altogether, or get unapproved software that can introduce greater risks.

In all fairness to security software vendors, some licensing complexity was unavoidable. It was much simpler in the early days of the PC when all you had to do to be compliant was purchase one license per machine. It became more complex when LANs and other networks came along and only got worse with cloud hosting and BYOD. How do you determine what’s fair? Do you license by the number of concurrent users, unique users, workstations or CPUs?

A recent article written by TechTarget contributor Rob Lemos illustrates the frustration many companies have with licensing security software. Yale New Haven Health System (YNHHS) attempted four years ago to implement a single sign-on system that lets users login to without requiring separate credentials for every application they use.

The problem? YNHHS wanted licensing based on the number of concurrent users while the vendor wanted to license by the number of unique users. With the latter being too costly for its budget, YNHHS chose to do without the single sign-on solution, leaving it open to security breaches.

Another tactic that many businesses have resorted to is shadow IT, where some part of the company purchases software without the approval of IT, often out of frustration with inflexible licensing terms. While it may give those who use it some satisfaction that they at least have some solution that addresses their needs, this software is often installed by people who are not IT experts. They don’t know if it has vulnerabilities and in worst cases, may introduce malware to their network.

There is no magic pill that will solve the problem of costly security software and its inflexible licensing. Companies will need to dedicate some staff to complying with licensing and managing its costs to not only pass audits but also avoid licensing software that sits unused. If there are any vendors that offer more flexible licensing, companies need to vote with their feet and work with those providers instead of the difficult ones. It’s not a problem that is easily solved, but doing without is no option either.