By Lisa Guerriero
Independent software vendors (ISVs) face a myriad of threats to revenue streams—intentional and unintentional, from both licensed and unlicensed users. Licensing management is critical to safeguarding intellectual property (IP) and preventing revenue loss. No licensing solution promises 100 percent protection, but third-party solutions can reduce an ISV’s exposure while handling the complexities of asset management and customer experience.
Build-your-own remains an effective option for some software providers, but it is difficult to avoid vulnerability when piracy and hacking continue to evolve.
“IP theft by software piracy and competitive reverse-engineering are still a real threat to ISVs. The sales of knock-off versions of software eat directly into ISVs’ revenue streams, and the use of pirated software also increases exposure to security risks and malfunctions within the organization using it,” observes Shlomo Weiss, senior VP, software monetization, Gemalto.
ISVs faced challenges when they only had to deal with perpetual licenses for desktop applications (apps). They’re now under additional pressure to adapt licensing for cloud, mobile, Internet of Things (IoT), and virtual machine (VM) deployment.
A successful license management strategy ensures compliance across multiple platforms while maintaining security. Third-party solutions address these goals without alienating authorized users, who are often frustrated by inflexible enforcement methods and limited licensing models.
“ISVs need a flexible licensing solution that enables them to customize their software to meet dynamic market demands. It is critical that their licensing solution provides the flexibility to take advantage of these new business models and monetize their software,” notes Marcellus Buchheit, president/CEO, Wibu-Systems USA.
Dealing with Threats, Complexity
Market demands make it increasingly difficult to protect software. Customers expect an array of licensing options, such as concurrent, floating, node-locked, and subscription, as well as usage-based models like pay-for-use, pay-for-burst, pay-for-overage, and metering. When an ISV expands its menu of licensing options, it typically requires new measures to prevent, detect, and enforce violations.
Some enterprises can effectively administer an in-house approach to licensing, but development teams and IT departments are often unprepared for the complexities of preventing and detecting noncompliance—including misuse and overuse—and intentional software theft.
“Before any ISV goes down that path they should ask themselves, ‘If I were in the market for an enterprise accounting system, I wouldn’t build it, would I?’ Absolutely not, they would look to acquire a proven, stable, and scalable platform that is already built and readily available in the marketplace,” points out Mathieu Baissac, VP product management, Flexera Software.
Dynamic solutions present the biggest benefit, one that reflects usage patterns and responds to new threats to software providers. On the usage side, the solution should evaluate functions and pricing—not only at purchase time but as part of an ongoing management system. New licensing models can add value to software offerings and enable the ISV to reach new markets.
With IP threats, the advantage of a third-party solution is specialization—the ability to track and adapt to new tools and techniques for tampering and hacking. This frees up the ISV to focus on core competencies.
“Threats arise from new legitimate deployment options that end users are embracing, including use of virtual machines and cloud services. These environments complicate software licensing because some traditional licensing models are made ineffective,” says Bob Reynolds, director of sales, Reprise Software.
Implementation and Review
When adopting or upgrading a licensing strategy, software vendors consider how to integrate and utilize the management solution. Seamless integration with back-office systems—including enterprise resource planning (ERP), content resource management, and financial systems—is important. ISVs also need to consider how much automation they want when it comes to creating, updating, and delivering software licenses.
The customer experience is also important. As a customer-facing technology, licensing ease of use is tied to an ISV’s ability to compete. If it’s too difficult to activate or upgrade a license, customers will go elsewhere.
Enforcement requires a proportionate response. Automatic lockout stops non-compliance and is appropriate for severe cases, but it may not be the best way to handle an authorized user’s violation. Instead, many ISVs prefer a scale of enforcement measures, starting with notification and escalating to lockout.
“Licensing strategies could vary depending on the ISV’s customer base and their set of requirements. They should have flexibility and provide a balanced approach, such that it provides both the business and enforcement flexibility to meet customer demands,” suggests Fred Rastgar, head of marketing, Runtime Design Automation.
While ISVs should examine usage patterns consistently, they benefit from a broad review of the vendor’s licensing strategy. This may occur on a quarterly, biannual, or annual basis depending on the scale of the ISV and the breadth of its current licensing solution. Product launches and the addition of new platforms should trigger licensing reevaluation.
Aidan Gallagher, CEO, InishTech, recommends ISVs look at licensing as part of senior-level planning and decision making.
“Too many ISVs see licensing in the context of a defensive strategy rather than a business enabler that allows them to attack new market segments, generate new revenue streams, and up-sell with in-app purchases,” he says.
Licensing solutions are as diverse as the software vendors they serve. While some vendors offer comprehensive products and services, others focus on a particular need, such as IP theft risk or integration and customer experience.
Agilis serves enterprise ISVs, cloud service providers, and embedded system vendors. It offers several licensing scenarios designed to enable seamless scaling with the vendor and its revenue growth. It focuses on providing protection while addressing complex licensing requirements. Agilis offers multiple licensing models and deployments and is compatible with several programming languages. Features include back-office integration options, technical support, and in-depth auditing and reporting.
The company designed its Nephele solution to be an affordable cloud licensing service for enterprise ISVs and cloud service providers on all major platforms. Available as a monthly subscription, its capabilities include product activation, Internet-based floating license, enterprise license pooling, and complex license configurations for Internet-connected and disconnected systems. Product features include proactive alerting and self-service offline capabilities and comprehensive auditing and reporting functionality.
Agiloft’s license lifecycle management solution focuses on accessibility for the end customer, bridging the gap between security for the ISV and ease of use. “When ISVs lean too heavily towards enforcement, with overly restrictive controls and a lack of flexible licensing options, they may end up with frustrated customers, diminished sales, and an overall loss of customer goodwill,” explains Colin Earl, CEO, Agiloft.
The solution automates the license lifecycle, including generating individual licenses, creating license bundles, and managing discounts and promotions. Its customizable end-user portal allows ISVs to serve customers 24/7, while reports and dashboards provide actionable insight into purchasing trends, renewal rates, and revenue forecasts. Available as an on premises, cloud, or hybrid software as a service (SaaS) solution, it enables integration with back-end systems.
CrypKey offers several solutions to protect against hacking, cloning, and abuses like leakage—such as when a customer purchases one copy of a software product but deploys multiple copies. Enforcement controls include hardware locking, reverse engineering protection, and online or offline activation of software. “Sophisticated hardware locking of software licenses is a must. Systems such as CrypKey’s Intelligent Hardware Sensing lock to multiple unique hardware identifiers to eliminate revenue leakage,” notes Barry Schneider, GM, sales, CrypKey.
The firm has multiple licensing models, including perpetual, day limited, use limited, USBkey, and floating network. It also has several automated solutions that enable 24/7 software activation and tracking of activations with a complete reporting interface.
Flexera Software’s solutions cover monetization strategies, entitlement management, and address threats and compliance violations. The company offers options for capturing, reporting, and monetizing—whether on premises, cloud, or virtual. Its capabilities span the lifecycle and support multiple licensing models. Compliance options range from trust-based to strict enforcement.
The FlexNet Licensing option provides layers of security to prevent leakage, ensures apps only run on a customer’s hardware or run a maximum number of concurrent times, and includes cloning detection and reporting. The firm also offers a Software Monetization Maturity Model that helps ISVs evaluate their strategy and develop a plan for growth.
Gemalto’s Sentinel Software Monetization portfolio offers software licensing and entitlement management solutions for the entire lifecycle, enabling monetization of any type of software—including installed, embedded, and cloud services. It uses cryptography, encryption, and obfuscation technologies to prevent unauthorized use and distribution while protecting IP from tampering and reverse engineering.
The Web-based Sentinel EMS provides flexible, feature-rich solutions for entitlement generation, tracking, and ongoing management. Sentinel Cloud allows SaaS and other technology companies to leverage the benefits of the cloud to define, provision, control, and track service offerings down to the feature level. Gemalto’s IoT offering provides tools for embedded device and equipment manufacturers to protect their products from tampering and reverse engineering, while creating new packaging and licensing opportunities to maximize profitability.
InishTech’s Software Potential is a cloud-based solution that offers licensing, software package/edition management, usage metering, analysis, and compliance and code protection. Targeting developers of all types of Microsoft .NET-based software apps, it supports all deployment models, including on premises and SaaS. The company’s on premises customers benefit from integration with ecommerce, ERP, and customer relationship management systems. Payment models range from seats and servers to pay as you go.
Utilizing patented code transformation, InishTech protects against software reverse engineering and offers license protection. It provides every customer unique permutations for each of their apps to ensure it is impractical to attempt an across-the-board attack. The firm provides usage tracking to assist in compliance management and metering for billing. It supports high-end business apps as well as affordable or free consumer apps.
IntelliProtector solution is a Web-based protection and licensing service. It offers a flexible control panel that allows ISVs to issue codes for any Windows platform, block codes, and change code settings including expiration dates and numbers of allowed computers. Protected software comes with customizable pop-ups that support localizations and skins, and an API layer allows the software to communicate with the licensing solution.
The platform provides a support network for end customers, with automatic license code recovery and integration with major third-party payment services. Vitaliy Korhzoff, co-founder/CEO, IntelliProtector, predicts that customers will request temporary licenses for as little as a week. “We are creating such functionality right now,” he says.
Obsidium Software offers a system for 32- and 64-bit Windows software apps and games. It is designed to protect from reverse engineering, unauthorized modifications, and redistribution while delivering a secure and flexible licensing system. It utilizes cryptographically secure license key verification as well as anti-debugging, encryption, and obfuscation techniques.
Obsidium targets ISVs and individual developers that need to provide feature- or time-limited evaluation versions of their products, “but also allows for the implementation of a range of custom licensing scenarios—from standard license keys to node locked licenses, floating licenses, and dongle-based licensing,” explains Martin Tofall, owner, Obsidium Software.
Reprise Software features three software licensing tool kits—Reprise License Manager (RLM), RLM-Embedded, and RLM-ez—each priced according to its level of functionality. The kits allow an ISV to build a licensing strategy for a set of app product categories. They include a licensing API with corresponding documentation, tools for license generation, and management utilities. An optional license activation and entitlement management system, Activation Pro, supports the kits. It can be self-hosted by the ISV or hosted by Reprise as a service.
Reprise solutions provide the tools that address the practical challenges ISVs face with licensing. Its flagship product, RLM, enforces terms for software deployed in VMs and in the cloud, simplifying deployment while maintaining licensing integrity. ISVs generate licenses that specify the usage rights a customer is entitled to, mapping price-books or product catalogs into enforceable license keys.
Runtime Design Automation’s LicenseMonitor solution addresses license monitoring and reporting while its NetworkComputer solution focuses on maximization of the license utilization.
LicenseMonitor is a license tracking tool that offers current and historical utilization reporting capabilities. Utilizing an SQL database, it supports license management apps like FLEXlm, RLM, and LUM.
The firm’s NetworkComputer is a high-performance, enterprise-grade job scheduler for distributed HPC environments. Designed for easy customization and management, it allows users to track license usage over the lifetime of a job as well as CPU and memory usage. It enables the implementation of fair share policies for hardware resources and software licenses to ensure that business-critical work is completed on time.
Universal Management Solutions (UMS) offers IT asset management, including reviewing licensing and usage. The firm’s assessments are designed to identify potential savings and revenue opportunities. It offers analysis and consulting to provide recommendations for licensing strategies. It takes a customer-focused approach to software asset management that is tool and publisher agnostic.
“With a focus on right-licensing and using tools and processes in place where possible, UMS has saved customers millions of dollars and enabled them to move their technology platform forward confidently and cost effectively,” explain Curtis Browne, VP and principal consultant, and Mari Petersen, VP business development, Universal Management Technology Solutions.
Wibu-Systems’ CodeMeter platform is a scalable solution for license management and enforcement—including cloud, mobile, and embedded software. The solution allows ISVs to protect their IP with encryption and integrate Wibu technology into their software with flexible APIs. Protective measures include the CodeMeter Runtime feature, which conducts intermittent checks to ensure the license is still in place. License model options include perpetual, pay-per-use, pay-per-time, concurrent, standby licenses, pay-per-feature, consumption, and in cloud.
Through its Web-based service CodeMeter License Central, the firm offers several options. ISVs create and update secure licenses that are stored on an end users’ target device via software activation—CmActLicens, or more securely stored in a USB key or other form factors—CmDongles, with secure memory on a Smartcard chip, or both. The License Central entitlement solution automates the process of creating, delivering, and managing licenses for software and digital content and streamlines the license delivery process regardless.
Strategy for Success
To thrive in the tech world, companies must quickly adapt to change, and ISVs reflect the mandate in their software and products. Licensing strategies must be fast and flexible as well.
These products offer protection from piracy and compliance violations that affect a software vendor’s bottom line. Dynamic solutions adjust to both user trends and evolving threats from software pirates, allowing ISVs to effectively manage licensing without diverting resources from mission-critical functions. SW