Importance of software usage monitoring: Software misuse costs the company $11 million after an internal investigation
In May 2023, a WSJ report revealed that a San Jose, California-based company has suffered huge losses due to software misuse. The said company, a cloud computing software and services provider, had to bear additional expenses of $11 million as they used evaluation-purpose software for business purposes. As per the company’s statement, ‘individual departments’ were responsible for this outcome. They also observed that certain employees intentionally concealed their actions to one of the vendors.
This news created much of an uproar in the IT industry. However, this is a common practice by employees in different organizations, which brings them under the software non-compliance threat.
Here are some of the reasons leading to this threat.
- Avoiding the internal IT request processes for quick access to the software: Some employees receive special local admin access to their computers, posing challenges for IT as controlling software installations becomes difficult.
- Unreported software download/installation: For quick access to software, employees with local admin rights to their computers download and install the trial/evaluation versions as they are sometimes easily available. Whether the installed evaluation version is for evaluation or business operations gets unreported to the IT department.
- Users or departments ignoring the trial/evaluation software usage scope: Many software publishers provide a trial version of their new product to organizations. However, due to a lack of awareness about usage limitations, organizations may use them for project work and unintentionally end up in non-compliance.
- No project or department-level software usage monitoring: It is strongly recommended to monitor software usage for each project and department. With monitoring, it becomes easier to identify the usage of trial/evaluation versions for projects or business purposes.
- Absence of SAM policies: Organizations having no SAM policies and practices in place are most vulnerable when it comes to software monitoring. In such an environment, the deployment or usage of trial/evaluation versions is not tracked.
- SAM & InfoSec policies not practiced strictly: IT departments may face significant pressure from business management to grant exceptions for critical projects, such as permitting local admin rights or enabling USB ports on specific computers. However, granting too many exceptions complicates the task of IT in tracking and managing software compliance.
The following conditions are counted as ‘software misuse’ involving the trial/evaluation versions.
- Installing a trial version of an application on multiple computers without obtaining approval from the software publisher
Or
- Installing a trial/evaluation version of software for which they already have a license procured
Trial/evaluation or demo software versions pose a significant risk when not used in a controlled manner. Any misuse of these versions can lead to the following consequences:
- It can impact the financial position of the organization
- It can put the jobs of the employees indulging in the misuse at risk
- It can malign the market reputation of the concerned organization
So, as part of software compliance management best practices, it is important to note that free trial or evaluation versions of software are only meant for evaluation. One must NEVER use them for any business or commercial purposes.
