Loading...
You are here:  Home  >  Data Blogs | Information From Enterprise Leaders  >  Current Article

Bring Your Own Data: Exploring a Cure for Software Licensing Compliance Ills

By   /  March 13, 2018  /  No Comments

Click to learn more about author Victor DeMarines.

Every time I travel through an airport or workout at Harvard Stadium, I am reminded of the phenomenon that is Fitbit. Perhaps the only thing capable of competing for attention that people reserve for their smartphones is the desire to sneak a peek at how many steps they’ve completed so far that day.

But as someone whose mind is programmed to always look at the meaning behind data, I’ve often wondered how much value there is in collecting data on the number of steps or amount of hours I’ve slept without much of a broader context or expertise to tell me something deeper about what it all means holistically. Sure, I can see that I met Fitbit’s defined 10,000 step goal, or slept seven hours and woke up at 3 a.m. (even if I don’t quite recall why) but what does it all mean? And how do I make it, to use a term I discuss a lot in my space, actionable?

It’s with that mindset that I read with interest a recent article in HealthcareIT news on what it called the next big trend in healthcare, “bring your own data.” With so many consumers taking charge of collecting their own data in their daily lives, health organizations are now confronting demand from those “consumers” on ways to leverage that data for deeper insight. Patients want to combine data they collect on their own with data about their medical history, best practices, trends and more to increase their overall well-being. As evidence of that increasing demand, the reporter pointed to a recent study from the American Hospital Association that said that “patient generated data and customized services” are among the top areas in which healthcare organizations are investing today.

I think we can draw many lessons from the connected healthcare space for our work in ensuring compliance in our software licensing and entitlement landscapes. ISVs monitor compliance with their own sorts of Fitbits, and have a lot of data on a lot of different metrics that have the potential to tell something deeper about compliance. But without being able to put it into context and accurately identify more infringing organizations, ISVs continue to fall short on software compliance goals (and maybe don’t even know it). What’s more, they are often forced to fall back on age-old, costly methods like audits, which have the potential to do more harm than good when it comes to maintaining customer relationships.

Let’s look at the data that software vendors currently collect to ensure compliance. Sources of the data include that generated via activation, licensing information, internal compliance and product analytics, product improvement efforts and customer support logs. These sources can provide your organization with a treasure trove of data including IP address, machine identifiers, application identifiers, serial numbers, company domain, email domain and location.

But even with all of this data, most software vendors continue to rely only on tools that map an IP address to its location. This seldom presents deep insight into infringement, and many pirates, whether they’re overt or unwilling, continue to go unidentified. What’s more, those sales and compliance opportunities wither on the vine.

Now what if you could “bring your own data,” all of that data, and combine it with deeper analysis and expertise to help provide context and insight? There is great value in leveraging a service that contextualizes the data, looks at it within the history of your business and entitlement landscape, and rationalizes it in that context along with the current trends and best practices in the space. This not only helps target infringers, but remedy infringement to create a source of revenue for the long-term.

It’s why I think the “bring your own data” model is so interesting and applicable in the software license compliance space. By automating Discovery-as-a -Service, vendors can leverage multiple, best of breed, data providers with additional investigation by analysts that brings experience and subjective decision-making. With your data and multiple, best-of-breed data services, tools for IP investigation, geo-location, social networking, and select databases, you eliminate the challenges, complexities, and expense of developing this technology and expertise on your own.

ISVs can enrich data they are already collecting through licensing and activation, product improvement, and other telemetry programs. High-match rates yield highly qualified, accurate leads, and give software vendors the confidence to pursue non-compliant organizations and over-users. In such a way, a vendor can identify and validate organizations that are using unlicensed software and represent actionable compliance opportunities.

This increases match rates that go beyond reliance on simple IP-matching services. On average, we’ve found that organizations are able to identify up to 3 percent of infringing organizations based on IP address alone. But with data enrichment as a service, organizations can identify – and most importantly remedy – as much as four times that amount.  Using this approach, ISVs can expand existing a compliance pipeline with millions worth of compliance leads – in a relatively short time after the program is launched.

With only a limited picture and limited resources, it is difficult to stamp out the root of noncompliance and keep it from proliferating. But combining an ISV’s data collection efforts with a broader service can ensure that data becomes insight, and a platform for a healthy compliance program.

 

About the author

Victor DeMarines joined Revulytics in 2006 as a founding member of the team. He is responsible for the strategic direction of the company’s broad portfolio of compliance and usage analytics solutions and its global piracy identification and deep data analytics capabilities. Vic brings his extensive product management and marketing experience in the security industry to the role. Prior to Revulytics, Vic held senior product management positions at RSA Security (now part of EMC) where he drove product strategy for the company’s strong authentication, Smart Card, and enterprise Single Sign-On client products. He has also held senior product roles at Authentica where he was instrumental in defining product strategy for the company’s enterprise rights management and secure email solutions, and at AXENT Technologies and Progress Software. Follow Vic and Revulytics at: Twitter, LinkedIn, Facebook

You might also like...

Automated Data Catalogs Allow Rethinking of Data Policies

Read More →