Microsoft might promise free upgrades for Windows and simplify its volume licensing with a new agreement, but the influx of cloud services, new devices and mobile apps means software licensing continues to be complex. A recent lawsuit should remind you that you can't afford to lose track of what software your company is using.
Adobe, Autodesk and Corel have sued clothing retailer Forever 21 for "willful, intentional and malicious copyright infringement" for using Photoshop, Acrobat, Illustrator, Autodesk, PaintShopPro and WinZip without paying for enough licenses, "even after being contacted by Adobe regarding the infringement," the lawsuit said.
Pirating software is usually about civil liability. Adobe, Autodesk and Corel are asking for lost revenue and damages, plus court costs. Criminal liability tends to be reserved for cases of software counterfeiting, according to Jodie Kelley, senior vice president and general counsel of BSA, The Software Alliance.
It can get personal
But it's not just the business that will have to pay up — an officer of the company can also be liable if they personally participated in the infringement or supervised it. For example, "If you could have prevented it but didn't," Kelley explains, and if you had a financial interest in using the copyrighted software. "It's a relatively high standard for personal liability, but it does exist, and the officer is liable to the same degree as the corporation."
Company liability might not end with the cost of paying for the licenses you should have bought and the statutory damages for not buying them, either. There's now an ISO standard for software asset management, which isn't required by any regulations yet. But the 2013 framework for internal controls and corporate governance from COSO, the umbrella organization for accountants and auditors, includes a chapter on software licensing that says your business needs to have "appropriate controls...which may...verify the entity's legal right to use the technology in the manner in which it is being employed."
Most companies have focused on the financial reporting implications in the COSO framework, but it means that software licensing now has to be considered as part of your internal regime rather than just a question for the IT department. And, Kelley warns, "the SEC has announced it will be looking to that framework when it assesses whether internal controls are adequate." That could be a problem for the 65 percent of companies in last BSA Global Software Survey who don't have written policies requiring properly licensed software.
Security and piracy don't mix
It's not just a question of the company doing the right thing by paying for the software it uses to run the business or being efficient about making sure you're not paying for licenses you don't need. Pirated software can make you more vulnerable to security breaches. Part of that is common sense: "If you want to deal with security, the most critical first step you have to take is knowing what you have in your network. If you don't know what you have and you're not managing it, you're extra likely to have a threat."
Sign up for CIO Asia eNewsletters.