The Whats and Whys of Software Asset Management


Published on

  • Be the first to comment

The Whats and Whys of Software Asset Management

  1. 1. Software Asset Management (SAM) <ul><li>ITS Offsite Workshop 2002 </li></ul>
  2. 2. Software Asset Management (SAM) <ul><li>The Whats and Whys </li></ul><ul><li>Of </li></ul><ul><li>Software Asset Management </li></ul><ul><li>By </li></ul><ul><li>Kevin Yau </li></ul><ul><li>Senior Computing Officer </li></ul><ul><li>Information Technology Services Office </li></ul>
  3. 3. Agenda <ul><li>What is Software Asset Management (SAM)? </li></ul><ul><li>Global Piracy Raids </li></ul><ul><li>Copyright Law in Hong Kong </li></ul><ul><li>PolyU Real Cases of Software Abuse </li></ul>
  4. 4. What is SAM? <ul><li>Simply put, SAM is the enforcement of the use of legal software through the use of software management tools </li></ul>
  5. 5. What is Software Asset Management ( SAM ) ? <ul><li>SAM is a set of </li></ul><ul><li>policies , procedures , technologies , and culture within an organization </li></ul><ul><li>to manage the software assets </li></ul>
  6. 6. SAM is an on-going process Initially compliant  compliant forever <ul><li>SAM is a </li></ul><ul><li>Management </li></ul><ul><li>Issue, not a </li></ul><ul><li>technical </li></ul><ul><li>issue </li></ul>
  7. 7. Benefits of SAM <ul><li>Software licensing is an investment. </li></ul><ul><li>An organization typically invests thousands, if not hundreds of thousands of dollars, each year in software acquisition, distribution and use, yet few people recognize its impact on the organization’s mission and goals. </li></ul>
  8. 8. Benefits of SAM <ul><li>Besides reducing the risk of copyright infringement, proper SAM can maximize the benefits from IT investment </li></ul><ul><ul><li>Control software acquisition cost </li></ul></ul><ul><ul><li>Avoid unnecessary hardware cost </li></ul></ul><ul><ul><li>Control software support cost </li></ul></ul><ul><ul><li>Ensure software quality and reliability </li></ul></ul><ul><ul><li>Increase employee productivity </li></ul></ul>
  9. 9. Global Piracy Raids <ul><li>A large-scale synchronized action was taken in Dec 11, 2001 as part of a global crackdown on software trading </li></ul><ul><li>Three separate multi-agency US Federal operations, along with law-enforcement counterparts from other countries, executed over 100 search warrants nearly simultaneously worldwide on Dec 11 </li></ul><ul><li>Seizures were conducted in at least 27 US cities and 6 other countries </li></ul>
  10. 10. Global Piracy Raid at US universities <ul><li>Piracy raids were carried out at :- </li></ul><ul><ul><li>Massachusetts Institute of Technology , </li></ul></ul><ul><ul><li>University of California at Los Angeles, </li></ul></ul><ul><ul><li>Purdue University, </li></ul></ul><ul><ul><li>Duke University, </li></ul></ul><ul><ul><li>University of Oregon, </li></ul></ul><ul><ul><li>Northeastern University, and </li></ul></ul><ul><ul><li>Rochester Institute of Technology </li></ul></ul>
  11. 11. Piracy Raid at MIT <ul><li>MIT’s Economics Department system administrator was alleged to have illegally distributed computer software from the file servers which he had control </li></ul><ul><li>Federal agents seized 3 computers from the Economics Department </li></ul><ul><li>US Customs Service investigators questioned the alleged and seized 1 computer from his apartment </li></ul>
  12. 12. Piracy Raid at MIT <ul><li>The investigators searched through records kept on the seized computers and might charge the individuals who were frequent software buyers as indicated by the server logs </li></ul><ul><li>The alleged was reported to have resigned on Jan 4, 2002 </li></ul><ul><li>Might risk up to 3 years of imprisonment under the Federal Law </li></ul>
  13. 13. Piracy Raid at MIT <ul><li>The above information is taken from the Tech – MIT’s newspaper on web , Jan 16, 2002, Volume 121, Number 68 </li></ul><ul><ul><li> </li></ul></ul>
  14. 14. A Recent Hong Kong Case <ul><li>A Hong Kong Court ruling on 10 October 2002 </li></ul><ul><li>Microsoft awarded damages in the amount of HK$ 35,832,570 </li></ul><ul><li>Against HK computer dealer Able System Development Limited (Able) for selling of unauthorized software </li></ul><ul><li>Ref: </li></ul>
  15. 15. Copyright Law in Hong Kong <ul><li>Earlier Law </li></ul><ul><ul><li>Copyright was previously protected in Hong Kong under the United Kingdom Copyright Act 1956 and the Hong Kong Copyright Ordinance (Cap 39) </li></ul></ul>
  16. 16. Copyright Law in Hong Kong <ul><li>Copyright Ordinance 1997 (Cap 528) </li></ul><ul><ul><li>The HKSAR’s new copyright law came into effect on 27 June 1997 </li></ul></ul><ul><ul><li>It provides comprehensive protection for recognized categories of literary, dramatic, musical and artistic works, films, television broadcasts and cable diffusion, and works made available to the public on the internet </li></ul></ul><ul><ul><li>Only those involved in the commercialized use of infringing works would face criminal charges </li></ul></ul>
  17. 17. Copyright Law in Hong Kong <ul><li>Loophole in the law </li></ul><ul><ul><li>A business, for example, that sold clothing but used an infringing accounting software might escape conviction as the possession of the infringing software was not for the purpose of trade of the infringing work </li></ul></ul><ul><ul><li>To plug this loophole, the phrase “for the purpose of trade or business” was changed to “ for the purpose of, in the course of, or in connection with, any trade or business ” in the next law </li></ul></ul>
  18. 18. Copyright Law in Hong Kong <ul><li>Copyright Ordinance as amended by Intellectual Property (Miscellaneous Amendments) Ordinance 2000 </li></ul><ul><ul><li>Came into effect on 1 April 2001 </li></ul></ul><ul><ul><li>One of the main aims of the amended law is to combat corporate copyright piracy activities ( according to an unofficial estimate, about 50% of all computer software used in business is pirated ) </li></ul></ul>
  19. 19. Copyright Law in Hong Kong <ul><li>Copyright (Suspension of Amendments) Ordinance 2001 (Cap 568) </li></ul><ul><ul><li>To address public concern that the amendments had hampered the dissemination of information in enterprises as well as teaching activities in schools </li></ul></ul><ul><ul><li>Came into effect in June 2001 </li></ul></ul>
  20. 20. Copyright Law in Hong Kong <ul><li>Copyright (Suspension of Amendments) Ordinance 2001 </li></ul><ul><ul><li>As a result, the criminal provisions in the recently amended Copyright Ordinance will continue to apply, with a slightly narrowed scope, to computer software , movies, television dramas and music recordings only </li></ul></ul>
  21. 21. Effects of Copyright (Suspension of Amendments) Ordinance 2001 <ul><li>Criminal liabilities </li></ul><ul><ul><li>Anyone who knowingly possesses an infringing copy of computer software , a movie, a television drama or music recording for the purpose of or in the course of any trade or business may be criminally liable </li></ul></ul><ul><ul><li>The maximum penalty of the offence is a fine of $50,000 per infringing copy and 4 years’ imprisonment </li></ul></ul>
  22. 22. PolyU Real Case 1 <ul><li>The PC of a PolyU RA was found to scan the http ports of other users and generate massive traffic on the campus network </li></ul><ul><li>When ITS helped the RA to clean the virus on his PC, the PC was found to have installed Simplified Chinese Windows 2000 server which is not licensed </li></ul><ul><li>Upon advice from ITS, the CLO of the department warned and asked the RA to remove the unlicensed software </li></ul>
  23. 23. PolyU Real Case 2 <ul><li>Three PCs used for demonstration to the public were bought without the operating system , but Windows (the OS) was installed </li></ul><ul><li>The department was advised by ITS to acquire the operating systems for the PCs </li></ul>
  24. 24. PolyU Real Case 3 <ul><li>A department provided 25 licenses of a software to a teaching staff who requested ITS to install them on 40 PCs in the Student Computer Centre so that all 40 students in his class can use the software </li></ul><ul><li>ITS advised the staff to acquire 40 licenses and have them installed on only 40 designated PCs </li></ul>
  25. 25. PolyU Real Case 4 <ul><li>Many staff installed a 30-day evaluation copy of WinZip on their PCs, but many used copies that were already expired </li></ul><ul><li>ITS acquired sufficient licenses to cover all staff </li></ul>
  26. 26. PolyU Real Case 5 <ul><li>Copyright Raid at PolyU Library </li></ul><ul><li>By The Hong Kong Customs and Excise Department on 6 September 2002 </li></ul><ul><li>A number of books were seized </li></ul><ul><li>Systematic download of hundreds of e-journal articles were detected </li></ul><ul><li>Suspension of Library database </li></ul>
  27. 27. Institutional Risks <ul><li>Legal responsibilities </li></ul><ul><li>Tarnish PolyU reputation </li></ul><ul><li>Pirate software may contain malicious codes and viruses with the potential to damage your PC and the attached network </li></ul>
  28. 28. Who is responsible for software? <ul><li>If an organization uses illegal copies of software, criminal charges may be made against the officers of the organization under the concept of “vicarious liability”, even if they are unaware of the actual copying </li></ul><ul><li>Also, in contributory copyright infringement instances, management is held liable because it aids or encourages the making of the illegal copies </li></ul>
  29. 29. Will the employees be liable ? <ul><li>Depending on the circumstances of the case, the following employees responsible for the infringement may also become liable: </li></ul><ul><ul><li>The IT manager of the company who knowingly installs infringing copies of software on his workplace’s computers </li></ul></ul><ul><ul><li>Employees who know the software installed in their computers is infringing copies and continue to use it </li></ul></ul><ul><li>This material is extracted from “ Frequently Asked Questions – Amendments to the Copyright Ordinance”  2001 and is used with the permission of the Government of the HKSAR. </li></ul><ul><li>http:// </li></ul>
  30. 30. What have PolyU ‘said’ to protect ourselves ? <ul><li>The following advice were included in the Administrative Note No. 12/01 issued by HRO on 31 March 2001: </li></ul><ul><ul><li>Any staff member using pirated computer software installed in a PC in the University, or in a PC at home for the performance of business in connection with the University would make both the University and the staff member liable of an offence under the amended law </li></ul></ul><ul><ul><li>And …. </li></ul></ul>
  31. 31. What have PolyU ‘said’ to protect ourselves ? <ul><ul><li>Heads of Department should ensure that sufficient licenses for the software are acquired for use by all staff in the department, and that staff members in the department do not install pirated software in their office computers </li></ul></ul><ul><ul><li>Staff members are also reminded not to install pirated software in their computers at home </li></ul></ul>
  32. 32. How to ensure compliance with the amended law ? <ul><li>Advice from the government </li></ul><ul><ul><li>Employers should implement proper S oftware A sset M anagement (SAM) measures and ensure that all employees are aware of the requirement that only authorized software should be used. </li></ul></ul><ul><ul><li>Companies should also conduct periodic software asset audit to reduce the employers’ risk of facing prosecution if the company falls under suspicion of breaking the law </li></ul></ul>
  33. 33. The Whats and Whys of SAM <ul><li>Thank You </li></ul>