An employee uses properly licensed home software on her personal laptop. Later, she uses the same laptop and software for her work. Suddenly, her employer faces a penalty once an audit by the software vendor takes place. This is a risk that companies, often unknowingly, are operating under in the modern workplace.
New working practices, such as working from home and Bring Your Own Device (BYOD) bring many advantages for both the employee and the employer. Employees having the choice to work remotely with flexible hours and pick their own device - this can increase employee satisfaction and productivity.
As companies do not have to buy laptops or phones for their staff, it can also generate significant cost savings. However, there is also a risk factor. Once an employer allows an employee-owned device to be used for work, monitoring licensing compliance becomes more complicated. Which software does the employee use? Is this software properly licensed?
These are questions that often cannot be answered by employers, although they are responsible for it.
Employer is always liable
The main issue with BYOD when it comes to licensing is that there are often restrictions on what software can be used for. It is possible that an employee is licensed to use a piece of software at home, but needs a corporate license for any business use. The employee is probably not aware of this, and the employer has no visibility over the software used by employees on their personal devices, unless they have some kind of management solution for the devices in question.
Crucially, the responsibility here lies with the employer. Companies must always ensure they have the correct licensing of software when utilising it for business objectives. This is true not only for the software use of full time employees, but also for the licensing of the software used by freelancers.
Large vendors in particular take notice of software usage by freelancers, even if they’re not under contract at the time of the audit. Auditors do not start by counting how many people work for a company. They look at annual figures, interviews and statements from organisations. Therefore, it is wise to include the licensing of freelancers in larger contracts up-front.
Whilst consumer licenses often have a restriction on commercial use, this is often not the case the other way around. As a standalone purchase, a business license is not restricted to a particular purpose and so can be used for multiple purposes. It’s therefore recommended to try and push a business licensed software package or application to an employee rather than rely on them finding it for themselves. Mobile applications in particular, may appear to be free as they are indeed free to download, but the usage may fall under a license requirement. If a mobile application is indeed free to use, then it may be over-permissive in nature. These factors need to be considered by the employer, as they almost certainly will not be considered by the employee.
Implementing and monitoring BYOD policy
To take advantage of the benefits of BYOD without running risks in terms of licensing, companies should adopt a clear policy. All employees must fully understand how they should use their own devices in the work place and how the software they use is licensed. Furthermore, employers should be able to push the correctly licensed software to employees’ devices. This is the only way that employers can understand their staff’s software usage and respond accordingly, improving education or changing license agreements.
The liability for improper licensing belongs to the employer, so they need to have some control over it, and also fully understand what employees are using in the first place. An employer should also ensure that the right balance is struck between control and enablement of devices, particularly when they do not own the asset – as with BYOD.
Enforcing license usage in a different way
With the rapid pace of innovation in the software industry, it is almost impossible for governments to keep track of what these developments mean for business users. Furthermore, copyright laws were not designed for software. However, this does not alter the basic principle that the author must determine the conditions under which their work can be used. At the moment there is a big shift towards pay per user, away from pay per install.
Unfortunately, software vendors love ambiguities in contracts and all kinds of restrictions on use. This makes sure that there are strong restrictions on a product which, in reality, could be copied unlimited times
Mobile applications part of software audits
It is likely that auditing software on mobile devices will be standard within a few years. More and more employees use applications on their mobile devices to access business software, which requires a server side license. BYOD provides vendors a great opportunity for mobile software to become a larger part of their revenue. They will audit whether an organisation has the licenses to cover employees using mobile devices as well as more traditional computers.
One of the challenges for the audit clause in end-user license agreements (EULA) is privacy. Whether it’s looking at the personal devices of employees or auditing cloud applications, vendors will need the appropriate credentials. Cloud is growing in popularity for enterprises, but is often an essential part of mobile application delivery. This means that sometimes vendors will need to audit cloud stacks that contain sensitive data, access to which contravenes company policies on data protection.
The solutions to this impasse include using a reputable accounting firm as a guarantor of confidentiality. In other cases, a separate non-disclosure agreement can be signed to ensure that confidential data remains outside the audit.
Overall, the organisation must be able to demonstrate that it falls within the license of the vendor. It can only do this when it’s in control of its cloud infrastructure and manages the devices of all employees.
Alan Giles, Business Unit Manager – Mobility at Snow Software
Image source: Shutterstock/Rawpixel