License management: a challenge for the IT department

Publié :

01/2023

| Mis à jour le

-
Articles
>
Automation
Software licenses represent a significant cost in a company's budget, mainly because this cost is not controlled at all. Each user adopts what seems effective for them without considering cost, security, and collaboration metrics. The IT department faces a significant problem; fortunately, solutions exist to better manage licenses.

Summary

It is difficult to address the problem of unused licenses without embedding it in another problem, that of shadow IT. These two major drawbacks for IT departments are intrinsically linked.

Unused licenses are a major concern within companies.

The costs resulting from this unknown are enormous, and IT managers as well as CIOs need to fine-tune licenses in order to recover budget on other items.

Shadow IT also joins the party.

License management is a real challenge for the IT department.

In business, the key to success lies in the tools used. Give a good employee poor tools, and they will waste time and produce mediocre work. Provide them with good tools, and they will overperform.

Let's focus more specifically on tools such as applications and examine the challenges. The IT department is committed to contributing to employee productivity, with strong pressure from management focused on the company's competitiveness.

It is very easy to install a solution in SaaS; users do it every day. They go to their app store, and the application is installed with simplicity, responsiveness, and efficiency.

Why would they change their work habits? They feel more efficient this way. They install an application, test it, and if it doesn't meet their needs, they try another one. Often the first one is not uninstalled.

According to a study by the firm Frost & Sullivan, 80% of users use solutions without the IT department's approval.

The IT department, for its part, is stuck. It must manage software licenses, respond to user needs, and, above all, manage a significant lack of user knowledge.

Users install applications in their private lives without asking questions about settings: next, next, I validate, next, I consent, and presto, the application is installed!

However, for the IT department, this is a disaster because the default settings cannot be applied in the corporate world.

Users are not at all able to configure the applications they download or use because they do not have data protection or the company's IT policy in mind.

So the IT department provides applications configured by its own care to the users.

From this, two problems arise:

  • How to know the real usage of applications?
  • How to find unused licenses from departed users that have never been reassigned and from current users who are not using them?

Study on the use of licenses

Conducted with 200 IT managers in the United States, Europe, the Middle East, and Africa, the Nexthink study shows the ambiguity in which IT managers navigate.

What are the consequences of poor license management?

  1. Increased costs: Poor license management can lead to expenses on unused licenses and the purchase of licenses for similar software whose contract has not been negotiated by the company. For example, a company with 5,000 employees that has a solution at €100 per month with 500 employees who do not use it, i.e. 10% of the payroll. This represents a loss of €600,000 per year.
  2. Security vulnerabilities: a license can be used by multiple users with a shared account. The account becomes very fragile due to password knowledge and the limited protection applied. Shadow IT* is also the source of a security breach since it introduces third-party software, unsupervised by the IT department, into the company's perimeter.
  3. Missing updates: if licenses are not managed correctly, critical updates and security patches may not be applied, which can lead to vulnerabilities and security issues.
  4. Legal liability: Poor license management can also lead to legal problems if copyrights or patents are violated.
  5. Loss of productivity: Poor license management can lead to a loss of productivity, as employees may not be able to access the tools they need. Another aspect also lies in the use of different software covering the same aspect, which are therefore incompatible between teams within the same company.
  6. Increased tickets: Third-party SaaS applications represent a very large number of tickets, and these are not quick to resolve since the IT team is not familiar with them.
  7. GDPR: The use of applications that do not comply with the GDPR rules in force within a company can jeopardize the company's compliance with the law.

*Quick reminder of what shadow IT is:

All software and applications that are used by users in a professional context outside the control of the IT department.

This creates:

  • a significant threat to the company's data security
  • access rights management that is impossible to achieve
  • errors and duplicates since everyone uses their own solution
  • hidden costs because the employee will often use software to the detriment of another 'official' one.

Why is it problematic to have consumer applications used for professional purposes?

Public applications do not have the same business model as private applications. While the latter are compensated through the pricing of their product, the former collect their users' data to resell it. And that's where security and confidentiality issues rear their heads!

Worse, if public solutions are hacked, because they are often less rigorous in their security than professional applications, the data becomes public.

Why is an application not used?

If a license is not used, it is probably because the software or application is not popular with the teams. The problem is therefore twofold:

  • there is no need and a software is present but serves no purpose. So the company pays licenses for nothing.
  • There is indeed a need, but this software is not the most popular with the teams and they use another one. This creates shadow IT + licenses paid for nothing + another paid application, not supervised by IT and rates not negotiated at the company level.

How to improve application license management?

Now, what do we do? We've seen that the situation isn't ideal. I think everyone already knew that a little bit, but how do we solve this thorny problem?

Many companies have opted for a less direct solution than trying to control shadow IT, which in my opinion is a lost cause.

Combat shadow IT

They have chosen to integrate BYOD (Bring Your Own Device) into their IT plan. The user can then, within a well-defined framework, install the solutions that suit them. The freedom granted allows for a better IT department/user relationship and does not hinder productivity. Trust is established and encourages the user to approach the IT department to install new applications.

If a company does not relax its policy on applications and software, the user will inevitably bypass the rules imposed by the company by using unencrypted applications that offer security flaws in the data processed in the company.

However, the CNIL warns against this type of practice, which blurs the lines between professional and private life, and between professional and private software.

It will then be important to have an open dialogue with the teams in order to find a good balance between needs, security, flexibility and respect for privacy.

Detection and suspension of licenses

Here we touch on a sensitive subject. Yes, the ideal would be the automatic detection of licenses, with feedback on their usage rate and the automatic suspension of all unused or underused licenses.

There are solutions that are more or less efficient and more or less effective in this work.

There is also a manual method which consists of working in collaboration with accounting to find all the invoices related to application licenses.

It may be conceivable to send a shared file to list all the applications used within each team. This can only be done in SMEs or mid-sized companies because beyond that, it becomes complicated. The risk of error is always present, however.

Each time support is contacted for assistance with an unlisted solution, it will be necessary to make it a habit to list it.

For software with an API connection, you can monitor usage patterns.

Regarding license suspension, this sometimes poses a problem. You know that a user is leaving, but you do not want to close their account too quickly because you want to keep the account data for some time.

For example, for Microsoft 365 you can suspend the account but the license will continue to run and will not be recoverable. It is therefore necessary to convert the account into a shared mailbox to archive it and recover the license.

Often, the IT department is not informed of an employee's departure, so suspending or deleting the account is not feasible.

There are IAM solutions like Youzer to perform a permanent scan of your IT and detect unused licenses of departed users, allowing you to recover the license afterward. An access management solution allows you to implement a workflow for each employee departure (departure that will be notified to you automatically thanks to a synchronization with HR data).

Training and awareness

To limit shadow IT, there's no secret: you need to have the employees who are the source of this practice on your side.

Training and awareness of the issues caused by shadow IT will therefore be on the agenda. It will not be a question of making long, soporific speeches, but rather of contextualizing shadow IT and involving employees. Finding user/IT department solutions so that everyone can find their way around. It will also be necessary to talk about the problems of license costs and the dangers of shadow IT.

For example, we can consider developing a relationship of trust with contact persons who will express the needs of each business line and report them.

IT teams will be able to support business teams on certain solutions in order to show them their full potential. They will be able to implement concrete cases that will win the support of the teams.

The IT department can also highlight that faster assistance will be provided on applications that are within the IT framework. Conversely, assistance provided on third-party solutions will be slower, not out of spite, but due to a lack of immediate knowledge.

Finally, implementing a clear policy and rapid processes for new application requests within departments would greatly facilitate compliance with the use of applications that are outside the scope of the IT department.

License management is a major issue in companies. Approximately 30 to 40% of software expenditures in a company do not come from the IT budget.

Regaining control of licenses and managing shadow IT is a necessity in companies.

Youzer can help you manage your users, their accounts, and their applications. Youzer automatically detects all licenses linked to an application and highlights unused licenses.

Besoin d'évaluer le coût d'un projet d'IAM ?

Téléchargez ce livre blanc sur le coût de l'inaction dans l'IAM :

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

Recommended Articles

How to use HR data to configure application access accounts?
How to automate user accounts on Active Directory?
Understanding Active Directory and its operation with an IAM