Some software vendors are warm and fuzzy when you're signing contracts and writing checks. But when the moon is right, they won't hesitate to rip out your trachea -- or, worse, call for a software audit, says Rob Scott, managing partner of Scott & Scott LLP, a law firm specializing in software and intellectual property disputes.
"This is what really should be keeping IT managers up at night," says Scott. "It's not when the data center goes down, it's when a third party comes along with a big compliance complaint and you're facing litigation. Those are the kinds of things that get people fired."
IT managers are the ones who end up howling when the Business Software Alliance, the Software and Information Industry Association, or a Big Four accounting firm wants a look at their books. Even for companies in compliance, a typical audit process takes a year or more, says Scott, and many publishers don't specify what they'll accept as proof of compliance until an audit is already under way.
Organizations like the BSA, which offer bounties to employees who rat out their current or former employers, add to the horror, he says.
"Oftentimes the whistle-blowers are the ones who were responsible for keeping the company in compliance in the first place," he says.
Your best defense: There is no silver bullet, says Scott. Stay in business long enough and a software audit is virtually inevitable. But having your records in order helps a lot, he adds, and cloud-based services are typically easier to manage.
Large companies need to implement a software asset management system and reconcile their records at least once a year, if not more. But the best defense is to negotiate for a clean slate when signing any new licensing agreements, Scott says.
"When you draw up the new agreements, make sure you get a release of any backward-looking claims," he advises. "At the time you're writing the checks, everyone needs to be comfortable with your counts, your documentation, and any potential compliance issues."
IT monster No. 2: Keyboard ZombiesHow to identify them: They move slowly and eat brains, but rarely display any.
These creatures plod along, day by day, mindlessly copying sensitive data to USB drives or attaching them to email messages, where they are promptly lost, creating a huge security and legal mess for their employers.