Is your License Management Flying below your Risk Manager’s Radar?

Most organizations have a well-developed risk management practice. The most mature organizations practise enterprise risk management, which is process-based and cross-functional. Other companies are still on their way there, but do at least manage operational risk and project risk. Within these companies, most IT business units practice IT asset management (ITAM) and software asset management (SAM). What is disturbing is that SAM risks are generally missing from the organizational risk register, and are only visible at IT level, or come under annual scrutiny at license renewal time. What can happen under these circumstances is that an audit by the software vendor can identify non-compliance and make a huge hole in the company’s annual revenue. We are not talking small or medium businesses here, although they are also at risk.

SAP on the Warpath

When SAP saw its revenues flagging, a decision was made to tighten up on compliance.  It decided that APIs that allowed other software such as Salesforce to access the SAP database were “users” and were breaching their agreements with customers. It confronted some of its largest customers, like Diageo and AB (Annheuser Busch)-InBev and won. The claim against AB-InBev was for $600-million – even the world’s biggest brewer cannot afford to cough up such a totally unexpected and unbudgeted expense. There was an out-of-court settlement, which would have been at a lower sum, but it would still be material enough to feature in the next annual report.

SAP’s aggressive policy is open to dispute, and Diageo recently won an appeal against the judgement passed in 2017, but it raises some serious questions. If these massive organizations cannot manage their compliance effectively, what hope is there for the rest of us? The next question is whether the risk of non-compliance is listed as an organizational risk, and not merely the CIO’s nightmare?

It is not Just about Compliance

While every CFO understands licensing issues around SAP, Oracle, Microsoft and Adobe, because this software is used throughout the organization, they are often in blissful ignorance of the same threats that specialized engineering and scientific software represent.

  • the licensing costs per user are usually very high, so overspending is easy
  • some of the products are not managed by the IT department, but rather by the engineers and researchers who use them, such as network planners, transmission engineers and even environmental impact assessors in an energy company. They may even be in the hands of third parties.
  • The software vendor provides the licensing software that estimates how much the company owes (a case of the wolf watching the sheep).
  • Asset management policies are often not in place or monitored.
  • Good license administrators are hard to find.
  • Major vendors are discontinuing perpetual licenses, which have always been the cost-efficient way to minimize costs and maximize productivity.
  • Digital disruption is bringing new complications to licensing. This includes cloud computing and SaaS, virtualization, BYOD (bring your own device), the IoT and artificial intelligence.

While most of these issues appear to be something that can be relegated to IT, in fact, each of them can affect the bottom line. While they can be managed by IT, understanding these risks and their mitigations is critical at executive and even at board level. After all, most companies are totally reliant on proprietary software to function on a daily basis. A dispute which invalidates all the CAD licenses and removes access in a manufacturing organization would cripple it.

What Should be in Every Risk Register

Each one of the items listed above is a discussion in itself, but here are a few risks we believe should be listed in every company risk register and actively monitored by the CRO.

  • Risk – We do not manage and monitor compliance for every one of our software assets.
  • Implications – financial and reputational risk
  • Mitigation – fix this. If you don’t believe that there are companies who are in this position, Gartner ran a webinar on ITAM risk management and 10% of the audience admitted to not only not managing compliance, they were not even planning for it. And while 40% of the audience had an asset management strategy in place and working, the rest of the audience were still working on it.

There is no quick fix, as all the following risks contribute to the overall vulnerability.

  • Risk – There is no IT asset management policy in place
  • Implications – financial, cyber and governance risk
  • Mitigation – Structure a policy that covers all types of computing, from on-site to cloud and mobile, and implement the processes that support and monitor adherence. Train all employees and create awareness, as well as imposing penalties for infringements.


  • Risk – We do not have centralized control of our software licenses.
  • Implications – financial, compliance and operational risk
  • Mitigation – Try and centralize control as much as possible, although this can be n issue for multinationals. At least ensure that the asset register is complete.


  • Risk – We do not know if we are using all our licenses to their maximum potential
  • Implications – financial and operational (productivity) risk
  • Mitigation – Become active in license management, with centralized control and your own license administration and management which you can use as a yardstick against vendors’ claims.


  • Risk – One or more of our vendors is sunsetting perpetual licensing
  • Implications – financial – subscription licensing on average is 1.8 times more expensive than perpetual licensing (Gartner), business continuity.
  • Mitigation – Decide whether to remain on perpetual licensing, move to subscription licensing or discontinue the relationship and move to another vendor.


  • Risk – We do not understand the implications of all the new digital models.
  • Implications – could be anything from financial risk to business continuity.
  • Mitigation – Get to grips with what impact digital disruption will have on your licensing costs and compliance risk (it does not go away just because you are using a browser)

Building a Proactive Approach.

We mentioned above that 10% of the audience had no ITAM strategy in place. What was even more disturbing is that in the same audience, 24% of participants said they had no SAM tools in place.  This does question how effective their ITAM strategies were, even if they were still being implemented. There is no way that software licenses can be managed effectively without a good license management application. The license managers supplied by vendors were written with the vendor’s interests in mind, and focus on compliance. When the same audience were quizzed on their primary reason for asset management, only 27% mentioned compliance; 54% of the audience wanted to optimize their license usage. For that you need a license management application that will help you realise your objectives. This is why we at OpenLM founded our business, to help customers get the most out of their licenses.  It started with ArcGIS, but now we can help you with thousands of engineering and scientific and engineering applications from the world’s leading vendors. Not only do we have licensing management software, we offer consulting, support and outsourcing services to help you simplify license management. Take a trial of our software or ask to speak to a consultant, license management is our passion!

The Ins and Outs of Autodesk Global Travel Rights

Autodesk grants global travel rights to organizations who either have a subscription agreement or a maintenance plan. These rights can be very beneficial to companies who undertake projects outside the country or region in which they are based, and can result in savings costs under the right circumstances. There is one very important condition that we must mention first, because it is not explicitly stated in most of the Autodesk literature about global travel rights; there is a time limit. Where the travel rights rule applies, users are only allowed to use the software for a maximum of 90 days outside their “home country”. So, for a long-term project it will be necessary to obtain another license once the 90 days has passed.

What Constitutes a Home Country?

The home country is the country in which the license was purchased. Where the contract was entered into for a named user, the home country applies to his or her residency. Where the contract is with an organization, as would be the case of a maintenance agreement, the home country is that where the company is incorporated. For organizations within the European Union (EU) or who have signed the European Free Trade Association Agreement (EFTA), home country is any country that falls under the EU or EFTA classification. For companies subject to Brexit, they must re-examine their policies regarding user travel rights, as their freedom to use Autodesk software across the EU will be curtailed.

Which License Agreements Provide Global Travel Rights?

There are three major categories of licenses that benefit from travel rights:-

  • perpetual agreements which are covered by a maintenance agreement
  • Traditional subscription licenses
  • Cloud subscription licenses.

There are differences in which users are entitled to use software while travelling based on which license agreement has been implemented. It is also important to note that support services for the products are available during the operating hours that apply to the home country, not the company where the user is working under the global agreement.

Which Users are Entitled to Global Travel Rights?

Where an organization has a perpetual license with a maintenance agreement, all employees qualify, as well as on-site contractors. The on-site contractor must be contracted directly by the organization. Where the organization has agreements with affiliate companies to carry out the work, the employees of the affiliates and any contractors employed by the affiliate are NOT entitled to global travel rights.

Where an organization has subscription licenses in place, the same rules apply, in that only employees and direct on-site contractors qualify. The subscription users must be named users, generic users and user groups do not qualify, although it is possible to negotiate terms with Autodesk for specific circumstances. The named user should be identified as such in the license agreement and cannot share his license with any other user. If the user has his own individual license which recognizes him as the named user, he can use his license globally.

Cloud licenses have a different set of rules, which give access to a wider set of users, but this must be confirmed with Autodesk by the organization. The cloud subscription travel rights can extend to employees and contractors of companies affiliated to the parent organization, which is definitely not the case for perpetual and traditional subscription licenses.

What to Watch out for from a Compliance Aspect

Where a company has purchased licenses in their home country, use of travel rights are quite straightforward. However, the license administrator needs to guard against the following circumstances:-

  • the licenses were purchased outside the home country, for example where a project is to be executed in a foreign company. Those licenses can only be used in that country, regardless of whether the employees using them are permanent employees or contractors.
  • the travel rights apply only to the entity that purchased the license. They cannot be extended to a parent or sister company or the employees or direct contractors of those entities.
  • The usage period extending past 90 days.

For our OpenLM customers, it may be advisable to build a customized report that monitors compliance for licenses that are being used under the Global Travel Rights terms and conditions. Early warning of usage periods getting close to expiry, as well as a list of users who are operating under the travel rights agreement will avoid non-compliant usage.

Another method of managing compliance would be to tailor license allocations to include and exclude users according to their qualifying or exclusion from the global travel terms and conditions. OpenLM has recently launched a new product for managing license allocations that is available to all Autodesk customers, whether they use the OpenLM core product or not. This parameterized application allows the license administrator to tailor allocations by time, region, user or user group as well as software used down to feature level within that software product. Users can be granted access or blocked depending on the organizational policy and the license agreements in force. Please contact us for more information.

Managing and Monitoring Custom-built Software Licenses

While OpenLM was designed to manage licenses for engineering and scientific COTS (custom-off-the-shelf) software, many of our customers have at least one, and sometimes many, custom-built software tools. Such custom software is usually protected by a license agreement, but does not have a formal license manager application to make compliance simpler. OpenLM recognises that a customer can be using software that falls in this category and has a name for it, which is “unmanaged software”. We also have a solution for managing the unmanageable, our product, the OpenLM App Manager. This product provides the license administrator with a way of monitoring and controlling usage of any software application, enabling him to gather accurate data on that usage, as well as limiting over-usage where it creates a risk of non-compliance or incurs unnecessary costs.

What the App Manager primarily supplies is a means to automate the company’s software allocation policy. It can be used for products that are managed by the OpenLM core product, such as AutoDesk, as well as products that are commercially available but not part of the engineering software family, like Adobe Acrobat. The only requirement is that the software is executable (i.e. is in an *.exe file) and has processes for the App Manager to give you control over any software.

What Can be Controlled? – Access

You can tailor the accessibility of any software product, licensed or not, to meet the exact specifications of your environment. This is done via parameters that you set to permit or deny usage and consumption by software version, location and time.

For instance:-

  • you can limit access to normal working hours for a particular location.
  • you can block access to users in the UK from 15:00 to 18:00 EST because that is peak usage time in Boston and New Jersey.
  • you can limit usage to a specific software version for a user group where you are running more than one software version concurrently.
  • You can also permit a specific group access (because they have priority), while denying other users, or limiting their access.

What Can be Measured? – Usage

Then you can also measure and manage license consumption and get accurate values on such usage. This is very helpful even with software products that have license managers, as it provides you with your version of the truth and not the vendor’s opinion of which licenses were used and how much was consumed in time, tokens or any other measure. For custom-written software this is ideal, because you are provided with a view of how the software is being used and identify how to economize on usage. This can also help you define your policy and business rules for the software you need to manage.

Managing and Monitoring at Feature Level

One of the challenges with custom-written software is that it can include features that have their own licenses, via an API or a call to a product, such as Adobe Acrobat in order to generate a PDF. Such callas and interfaces can generate costs or even be non-compliant for your agreement with the called product. You can also set up business rules to manage these circumstances.

Overall Benefits

Limit or prevent excessive consumption, which can result in nasty cost surprises.

This could be the case where the custom software calls an Autodesk product that is managed via a token license – each call will eat away at your total token license annual purchase and may result in you having to top up during the year. The call may only require one minute of usage but costs eight minutes and at least one token. This could be a design flaw and may require a change to the custom application.

Reduce or Avoid Denials at Peak Usage

This is a common problem with all software, even with license managers. Here is a way of assuring that those who need the software the most will get it when they need it, using the time and location parameters. You can even tailor the need to a specific group or even a single user.

Use only the Appropriate Version

If there are multiple versions running simultaneously, you can tailor your accessibility to permit or deny users access to part or all of a product. For instance, let’s say that a call to AutoDesk is essential for users on a particular project. You had a design change implemented to prevent users accessing Autodesk because of the problem we identified as unnecessary consumption. However, you retained the previous version for a small group of users or super-users. Only they are allowed to access this particular version. What is more, unauthorized software running on a workstation or laptop can be picked up and reported on.

Reduce Costs and Avoid Non-Compliance Risks

You will now know the true costs of running the custom product and what you should be paying for your usage, instead of relying on your vendor/development shop’s opinion of what is owed. Where there are APIs and calls to other licensed software you can manage the costs incurred making these links.

Manage your Software Exactly as you Wish

You have the power to control license allocation and management just the way you want, that fits in with your business model and value proposition. You also have the flexibility to change the rules as circumstances require.

Comprehensive Reporting

Reports can be generated that show you exactly what is going on with the software you want to control. While your current need will be for your custom product, you can use it for any software used in your environment.

What You Need to Use App Manager

In order to take advantage of the App Manager, you must first install our OpenLM Core Product. You will also need to download OpenLM Broker (there is no charge for the Broker, but it does have a separate license). To get a bird’s eye view of what each workstation is up to, you need to install OpenLM Agent on each station, but this depends on what level of control you want to implement.

For more information on how App Manager Works, watch our short videos at:- or

We also run a webinar for more in-depth information –

For more advice, or a discussion with a consultant, please visit our website at