Why is device based licensing and access control important for license compliance?
In the third of our articles on the factors that can cause problems during a software vendor audit, Certero consider the role of device based licensing and controlling access.
Device based licensing
Certain vendors, like Microsoft, license their software (such as Microsoft Office, Project and Visio) on a per-device basis, rather than by user. This requires a license for every device that has the ability to access the application – even if they never do.
A device can be anything from a PC, PDA, notebook, thin client, terminal, workstation or any digital electronic device. Normally, this isn’t a problem. But, if you have implemented a thin client environment such as a Citrix farm or Terminal Services, if not properly managed, it can cause costly license compliance problems.
Access Control: Locking down at user level does not ensure compliance
Many organizations assume that by locating down a software application, such as Microsoft Project, at a user level via group or software restriction policies, it will ensure licensing compliance. This is not correct.
As a result, publishing an application to a restricted user group is not an effective approach to license compliance. This is because these users have the ability to access the application from any device, thus breaching the licensing agreement.
If, for example, you have implemented a Citrix server farm to deliver application access to 1,000 devices in your organization and one user needs Microsoft Project, you will still need to buy 1,000 licenses to remain compliant. This is because that one user has the ability to access this application from all 1,000 devices within your organization.
So, if Microsoft Project costs you $200 a licence, you will need to pay $200,000 to remain compliant – just for one user!
Faced with this problem, organizations have 3 options:
Option 1. Choose to install such software on individual user’s PCs, avoiding the Citrix infrastructure. Whilst this may seem to be the obvious choice, if only a few users require access, it would in effect, mean circumventing the policies and procedures put in place to control software acquisition and potentially leave a security hole for future patching and updates. In addition, if you are using thin client devices across the organization, you will need to invest in fat clients for these few users. This will also cause problems for your overall IT strategy as well as increasing cost.
Option 2. Buy licenses for all users in the organization – irrespective of whether they will ever use the software or not. This is an expensive option.
Option 3. Utilize one of the few software solutions that are capable of managing this problem.
Reduce the impact device-based challenges on software audits
Organizations needn’t feel that they are unable to tackle the challenges associated with device-based licensing and controlling access. There are tools and functionality available to support you and ensure you can reduce the risks to non-compliance highlighted above.
Find out how the access control feature of Certero for Enterprise SAM can help you prevent these problems.
Don’t miss the other articles in the series: