License management: a challenge for the IT department

Mélanie Lebrun

|

Youzer Marketing Manager

01/2023

Articles
>
ITSM automation
Software licenses are a significant cost in a company's budget, mainly because this cost is not at all under control. Each user takes what seems to work for them, regardless of cost, security and collaboration metrics. Fortunately, there are solutions available to help you manage your licenses more effectively.

Contents

It's difficult to tackle the problem of unused licenses without interweaving it with another problem, that of shadow IT. These two major drawbacks for IT departments are intrinsically linked.

Unused licenses are a major source of concern for companies.

The costs arising from this unknown are enormous, and IT managers and CIOs need to fine-tune licenses in order to regain budget on other items.

Shadow IT has also joined the dance.

Managing licenses is a real challenge for IT departments

In business, the sinews of war are work tools. Take a good employee and give him the wrong tools, and he'll waste time and deliver mediocre work. Give them good tools and they'll outperform.

Let's take a closer look at tools such as applications, and see what's at stake. The IT Department is keen to contribute to employee productivity, under strong pressure from management, which has the company's competitiveness in mind.

It's very easy to install a SaaS solution - users do it every day. They go to their app store and the application is installed with ease, responsiveness and efficiency.

Why should they change their habits at work? They feel more efficient that way. They install an application, test it and if it doesn't meet their needs, they try another. Often, the first one is never uninstalled.

According to a study by Frost & Sullivan, 80% of users use solutions without the agreement of the IT department.

The IT department is in a bind. It has to manage software licenses, respond to user needs and, above all, deal with a serious lack of user knowledge.

Users install applications in their private lives without having to think about the settings: next, next, I validate, next, I agree and then, presto, the application is installed!

Except that for the IT department, this is a disaster, because the default settings just don't work in the corporate world.

Users have no way of setting the parameters of the applications they download or use, since they don't have data protection or corporate IT policies in mind.

In this case, the IT department provides users with applications configured by itself.

From there, two problems arise:

  • How can we find out how applications are really used?
  • How do you track down unused licenses for users who have left and never been reallocated, and for present users who are not using them?

License utilization study

Carried out among 200 IT managers in the USA, Europe, the Middle East and Africa, Nexthink 's study shows the vagueness in which IT managers navigate.

Envie de voir une démo instantanée de Youzer ?  
View demo

What are the consequences of poor license management?

  1. Increased costs: poor license management can lead to expenditure on unused licenses and the purchase of licenses for similar software whose contract has not been negotiated by the company. For example, a company with 5,000 employees would have a €100/month solution, but 500 employees would not use it, i.e. 10% of the payroll. This represents a loss of €600,000 per year.
  2. Security loopholes: one license can be used by several users with a shared account. The account becomes very fragile when the password is known and little protection is applied. Shadow IT* can also lead to security breaches, as third-party software not supervised by the IT department is brought into the company's perimeter.
  3. Missing updates: if licenses are not properly managed, critical updates and security patches may not be applied, leading to vulnerabilities and security issues.
  4. Legal liability: poor license management can also lead to legal problems if copyrights or patents are infringed.
  5. Loss of productivity: poor license management can lead to loss of productivity, as employees may not be able to access the tools they need. Another aspect is the use of different software covering the same aspect, and therefore incompatible between teams within the same company.
  6. Increasing number of tickets: third-party SaaS applications account for a huge number of tickets, and these are not quick to resolve because the IT team is unfamiliar with them.
  7. RGPD: using applications that don't comply with the RGPD rules in force in a company can jeopardize the company's compliance with the law.

*A quick reminder of what shadow IT is:

All software and applications used by users in the course of their work outside the control of the IT department.

This creates :

  • a significant threat to corporate data security
  • impossible to manage access rights
  • errors and duplications, since everyone uses their own solution
  • hidden costs, as the employee will often use one software package to the detriment of another 'official' one.

Why is it problematic to have consumer applications used for professional purposes?

Public applications don't have the same business model as private ones. While the latter earn their income from product pricing, the former collect user data for resale. And that's where security and confidentiality issues come into play!

Worse still, if public solutions are hacked - as they are often less rigorous in their security than professional applications - the data becomes public.

Why isn't an application being used?

If a license isn't being used, it's probably because the software or application isn't winning over the teams. The problem is twofold:

  • there's no need and the software is there but it's useless. So the company pays licenses for nothing.
  • there's a need, but this software isn't the most popular with the teams, so they use another. This creates shadow IT + licenses paid for nothing + another application paid for, but not supervised by IT, and prices not negotiated on a company-wide scale.

Would you like to receive our white paper on identity and access management?

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

How can you improve application license management?

So what do we do now? We've seen that the situation isn't idyllic, and I think everyone already knew that to some extent, but how do we go about solving this thorny problem?

Many companies have opted for a less frontal solution than trying to control shadow IT, which in my view is a wasted effort.

Combating shadow it

They have chosen to integrate BYOD, Bring Your Own Device, into their IT plan. Users can then, within a clearly defined framework, install the solutions that suit them best. The freedom given to the user enhances the relationship between the IT department and the user, and does not hinder productivity. Trust is built up, and users are more inclined to go to the IT department to install new applications.

If a company does not relax its policy on applications and software, users will inevitably circumvent the rules imposed by the company by using unencrypted applications that offer loopholes in the security of data processed within the company.

However, the CNIL warns against this kind of practice, which blurs the boundaries between professional and private life, and between professional and private software.

It will then be important to have an open dialogue with the teams to find the right balance between needs, security, flexibility and privacy.

License detection and suspension

We're touching on a sensitive subject here. Yes, the ideal would be automatic detection of licenses, with feedback on their usage rate and automatic suspension of any unused or under-used licenses.

There are solutions that are more or less efficient and effective in this job.

There is also a manual method, which involves working with the accounting department to find all the invoices linked to application licenses.

It may be possible to send a shared file listing all the applications used by each team. This can only be done in SMEs or ETIs, as it becomes complicated beyond that. The risk of error is always present, however.

Each time support is contacted for help with an unlisted solution, it will be necessary to get into the habit of listing it.

For software with a PLC connection, you can monitor usage patterns.

You know that a user is leaving, but you don't want to close his account too quickly because you want to keep the account data for some time.

For example, for Microsoft 365 you can suspend the account but the license will continue to run and will not be recoverable. You'll need to convert the account to a shared mail box to archive it and retrieve the license.

Often, the IT department is not informed of an employee's departure, so suspending or deleting the account is not feasible.

IAM solutions such as Youzer enable you to carry out a permanent scan of your IT and detect unused licenses for users who have left, enabling you to recover the license afterwards. An access management solution enables you to set up a workflow for each employee departure (which you will be notified of automatically, thanks to synchronization with HR data).

Training and awareness-raising

To limit shadow IT, there's no secret: you need to have the people behind the practice on your side.

Training and awareness-raising on the issues generated by shadow IT will therefore be on the agenda. It's not a question of making soporific speeches, but rather of contextualizing shadow IT and getting employees involved. It's about finding user/IT department solutions so that everyone can find their way around. We'll also need to talk about licensing costs and the dangers of shadow IT.

We could, for example, develop a relationship of trust with intermediaries who would express the needs of each business and pass them on.

IT teams can work with business teams on certain solutions to show them their full potential. They will be able to apply concrete cases that will win the support of the teams.

The IT department may also point out that faster help will be given on applications that are within the IT department's scope. On the other hand, support for third-party solutions will be slower, not out of vengeance, but because of a lack of immediate knowledge.

Finally, implementing a clear policy and rapid processes for new application requests in the departments would greatly facilitate compliance with the use of applications that are outside the scope of the IT department.

License management is a major issue for companies. Some 30% to 40% of software expenditure in a company comes from outside the IT budget.

Companies need to regain control of their licenses and control shadow IT.

Youzer can help you manage your users, their accounts and their applications. Youzer automatically detects all the licenses attached to an application and highlights unused licenses.

Récap'IT the IT Newsletter

Get the best of the month's IT news.
Market developments, IT trends, cyberattacks in France... a digest of the month's IT news.

We have been unable to confirm your registration.
Your registration is confirmed! You'll receive your next Récap'IT at the end of the month 😊

Recommended items

Discover Youzer, the first
platform for easy management of your users and their access.

Hey! you know the drill :) We use anonymous data analysis cookies. By "Accept all cookies", you help us understand (anonymous) page views. Learn more about our privacy policy.