2024

Securing Licensed Software Controls

The security of licensed software is essential for organizations to mitigate risks, ensure compliance,
and protect their assets. These are some best practices worth considering.

License Inventory
Create an inventory of all software licenses your organization owns. Identify license types, quantities,
versions, and associated terms.

Keeping track of license renewals and expiration dates is crucial for maintaining compliance and
avoiding disruptions. Here are some steps to help you stay organized

License inventory solutions that can help you manage and track your software licenses effectively:

LicenceOne: Ideal for small businesses looking for an easy setup solution.

OpenLM: Great for deep insights with powerful analytic tools.

Snow: Best for large-scale enterprises seeking comprehensive coverage.

Coreview: Specializes in Office 365 license management and reporting.

LicenseSpring: Perfect for software developers needing custom licensing solutions.

Soraco: Affordable option for small businesses without compromising functionality.

Altair: Suitable for dynamic data centre and cloud environments.

Invgate: Excellent for inventory tracking and PC management.

10Duke: Best for cloud-based licensing and user authentication.

AssetSonar: Focuses on asset tracking and lifecycle management.

These tools offer various features like compliance management, detailed license records, and
automated tracking to ensure you stay compliant and optimize your software investments.

Centralise Information
Create a centralised repository (such as a spreadsheet or document) to record license details.

Include columns for license type, vendor, purchase date, renewal date, and any other relevant
information.

Set Reminders
Use calendar reminders or task management tools to alert you about upcoming renewals.

Set reminders well in advance to allow time for processing and negotiations.

Automate Notifications
If possible, configure automated notifications from vendors or licensing platforms.

These notifications can remind you of approaching expiration dates.

Review Regularly
Schedule regular reviews (e.g., quarterly or annually) to assess license status.

Check for any licenses nearing expiration or requiring renewal.

Vendor Communication
Maintain open communication with software vendors.

Inquire about renewal options, pricing, and any changes to licensing terms.

Document Renewals
When renewing licenses, update your records promptly.

Keep copies of renewal agreements and receipts.

License Procurement
Acquire licenses through authorized channels (directly from vendors, volume licensing agreements,
or SaaS subscriptions).

Avoid using unlicensed or pirated software. Here’s a brief overview of each channel.

Directly from Vendors

Purchase licenses directly from software vendors or authorized resellers.

This approach allows you to negotiate terms, receive official licenses, and access vendor support.

Volume Licensing Agreements

Ideal for organizations with multiple users or devices.

Examples include Microsoft’s Volume Licensing Service Center (VLSC) or Adobe’s Creative Cloud for
Teams.

Benefits include cost savings, centralized management, and simplified deployment.

Software as a Service (SaaS) Subscriptions

SaaS models provide software on a subscription basis.

Access applications via the cloud without worrying about individual licenses.

Examples include Microsoft 365, Google Workspace, and Salesforce.

Software license procurement management solutions that can help streamline your processes:
Offers comprehensive IT asset management and license tracking
SolarWinds Service Desk
capabilities.
ManageEngine A web-based tool that helps manage and track software licenses
AssetExplorer efficiently.
Provides robust software license optimization and compliance
Flexera FlexNet Manager
management.
Ideal for large enterprises, offering detailed insights and compliance
Snow License Manager
tracking.
Ivanti License Optimizer Focuses on license compliance and optimization.
A digital workflow platform that includes software asset management
ServiceNow
features.
A SaaS management platform that helps with procurement and
Zluri
license management.
A cloud-based IT service management tool with strong license
Freshservice
management features.
Matrix42 An enterprise-grade software license tracking tool.
Alloy Software Provides IT service management and software license tracking.

These tools can help you manage software procurement, track licenses, ensure compliance, and
optimize your software investments.
License Tracking
Monitoring license deployment and usage across your infrastructure is essential for effective license
management. Here’s how to achieve real-time visibility using Software Asset Management (SAM)
tools. Remember that SAM tools provide insights into software usage, helping you stay compliant
and avoid unnecessary costs.

Choose the Right SAM Tool

Research and select a SAM tool that suits your organization’s needs.

Look for features like license tracking, compliance reporting, and automated alerts.

Install and Configure the Tool

Install the chosen SAM software on relevant servers or workstations.

Configure it to scan your network and discover installed software.

Inventory and Discovery

The SAM tool will create an inventory of installed software.

It identifies licensed applications, versions, and usage patterns.

License Compliance Monitoring

Set up compliance rules based on license agreements.

Monitor license usage against purchased licenses.

Receive alerts for potential violations.

Usage Analytics
Analyse usage data to identify underutilized or overused licenses.

Optimize license allocation based on actual needs.

Regular Audits
Conduct periodic audits using the SAM tool.

Verify compliance and address any discrepancies.

License Compliance
Ensure the number of installations matches purchased licenses. Adhere to vendor-defined terms and
conditions. Respect license restrictions and limitations.

Matching Installations to Licenses

Why It Matters: Ensuring that the number of software installations aligns with purchased licenses is
crucial. Overuse can lead to compliance issues, while underutilization wastes resources.

How to Achieve It:

a. Conduct regular audits to compare installed instances with licenses.

b. Implement controls to prevent unauthorized installations.

Adhering to Vendor Terms and Conditions:

Vendor Agreements: Every software license comes with terms and conditions set by the vendor.
These define usage rights, restrictions, and obligations.

Compliance Steps:

a. Read and understand the license agreement thoroughly.

b. Educate users about compliance requirements.

Respecting License Restrictions and Limitations

Types of Restrictions:

a. Concurrent User Licenses - Limit the number of simultaneous users.

b. Device Licenses - Tied to specific hardware.
c. Geographic Restrictions - May restrict usage to certain regions.

Mitigating Risks
Monitor compliance continuously. Address any violations promptly.
Security Considerations

Encryption for License Keys

a. Purpose: Encryption ensures that license keys remain confidential during transmission and
storage.
b. Symmetric Encryption: In symmetric encryption, the same key is used for both encryption
and decryption. It’s efficient but requires secure key distribution.
c. Asymmetric Encryption (Public-Key Cryptography): Asymmetric encryption uses a pair of keys
(public and private). The public key encrypts, and the private key decrypts. It’s secure but
slower.
d. Best Practice: Use asymmetric encryption for transmitting license keys securely. Store them
encrypted (using symmetric encryption) in your database.

Symmetric vs. Asymmetric Cryptography:

Symmetric

a. Pros: Fast, suitable for bulk data, simpler.

b. Cons: Key distribution challenge, less secure.

Asymmetric:

a. Pros: Secure, key distribution easier.

b. Cons: Slower, resource-intensive.

Hardware-Based Protection Mechanisms:

Hardware Security Modules (HSMs)

a. Dedicated hardware devices for key management and cryptographic operations.

b. Protect keys from unauthorized access.
c. Used in critical systems (e.g., payment gateways).

Trusted Platform Modules (TPMs):

a. Embedded in computers or servers.

b. Securely store keys and perform cryptographic functions.
c. Used for disk encryption, secure boot, etc.
Governance and Policies
Define roles and responsibilities for license management.

Establish approval processes for software acquisition.

Educate employees on compliance and usage best practices.

Remember that securing licensed software isn’t just about legal compliance—it’s also about
maintaining transparency, trust, and ethical standards within your organization