IT Hygiene

IT Hygiene - Software Licensing Management

Alex from AskAlex.How

13 Oct 2023 • 3 min read

As I mentioned in a previous post, every business nowadays is a technology business and software is powering operations, service delivery, finance, HR, manufacturing or any other department you might have in your business. Software is generally licensed one way or another and managing licenses comes with certain IT hygiene requirements as well. This is what I talk about in this post.

There are multiple ways to license software and this is not the focus of this post. I would recommend that prior to entering a licensing agreement with a vendor, a proper vendor selection is done and any commitments made are in line with the growth forecasted for the business and you avoid overcommitting. What this generally means is that I don't recommend contracts longer than 12 months and if possible to have the licenses paid on a monthly basis it's less of a burden on the business to support the OPEX cost.

After you have identified the right product, it's important you select the right licensing tier which covers your functional, compliance, cyber security requirements and if the software comes with individual licenses establish exactly how many users you will have, with a small buffer. Always aim to purchase software that supports Single Sign On (SSO) and Cross Domain Identity Management (SCIM) as that will reduce your overheads to manage user accounts, increase your compliance, reduce your cyber risks and overall help with managing the software better. If that is not available, have a minimum bar for 2 Factor Authentication as no mature vendor should be selling business software without 2FA nowadays.

Once you move from procurement to implementation, make sure you lay out clear requirements and outcomes, as well as identify responsible, accountable, consulted and informed stakeholders (RACI) in the team, together with a business and technical owner for the software. This will ensure that there is ownership of the software in the business and you are not procuring just another shadow IT item that will never be managed or used the right way, thus missing on the ROI opportunity.

Once the software is implemented, ensure you have a support mechanism clarified, documentation available for training, operation and administration of the software and any maintenance tasks required defined. It's the maintenance tasks which are critical post implementation and I tend to implement automated systems that create tickets for the identified maintenance tasks to ensure proper operation of the software and governance. A few examples of these tasks might include:

Ensure that any security certificates or application secrets are renewed in due time so that the service doesn't stop.
If there is no Single Sign On integration, no matter how good your offboarding process is, there will always be missed terminations that are not deactivated in the software. I suggest you conduct monthly or quarterly audits of active users in the software and remove accordingly.
If you are on a month to month plan, whenever you audit the users, you have the opportunity to remove unused license and reduce waste.
If the software is on subscription term, set a reminder 60 days before expiry to give yourself enough time to figure out if the software is still required, how many licenses do you need to renew and set that reminder in accordance with the Terms & Conditions of the software to ensure you have enough time to give cancellation notice if the software is no longer required. In general, don't buy software subscriptions with auto renewals.
Make sure you create an entry for the software in your Configuration Management Database (CMDB) which can be selected in your IT Service Desk tickets when raising requests. This will allow you to review the effort spent by your IT Helpdesk team to support this software and help you budget that in the lifecycle; this will also help pointing out if the software has high support overhead and can allow drilling down if it's documentation that is lacking, if something was not done during implementation or the software is not a match for your environment which is critical to know when it comes to renewal time.
If you manage the IT department, I suggest you set a reminder to check with a business sponsor a few months in how the software is working for them. You generally will hear if it doesn't work well, but it helps building rapport if you are proactive.

IT hygiene for software licenses will ensure you make the most of your investment, cut out any waste, reduce your cyber risk and keep your compliance in place. Don't miss on this opportunity.