Software Piracy pandemic needs government role, better vendor antipiracy plans

By Eric Ogren
SearchSecurity.com
May 18, 2009

According to the study's methodology, the BSA/IDC numbers include estimates for lost tax revenues and employment opportunities in addition to lost license revenue potential. The estimates feel high, likely to support the BSA mission for government action, but the methodology is openly presented and is consistent for year-over-year comparisons. The report would be stronger if it balanced the existing logic by directly surveying users about pirated software, asking member support organizations for statistics on discovered pirated software rates or even working with the Geek Squad to measure pirated software on PC's under repair. However, even if the actual numbers are only 10% of BSA/IDC findings, business software piracy is still significant and merits action by governments, vendors and enterprises.

Government interdiction is necessary to combat organized high-tech crime. Correlating with the Cisco 2008 Annual Security Report and the Symantec Global Internet Security Threat Report shows the same regions that are leading offenders in software piracy are also leading in malicious attacks for spam, phishing and identity theft. Enforcement of legislation and ethics education of the user community are the most effective practical steps.

Vendors with antipiracy plans have to be careful not to alienate customers or incur large support headaches. Vendors with Software as a Service (SaaS) or subscription approaches can authenticate licenses before delivering the service, denying access to pirated users. Protection against account sharing either by device authentication (41st Parameter, iovation) or keystroke dynamics (AdmitOne, Behaviosec) to protect revenue streams becomes important for these vendors. As a rule, a technology that embeds tags and keys in files leads to technology that removes those secrets. However, antipiracy technology from vendors including Arxan and V.I. Labs may be too costly or impractical to reverse engineer and are worth exploring for certain classes of software.

Enterprises should make it a best practice to audit corporate systems for license compliance. Documented knowledge of actual product usage can save money when negotiating maintenance and upgrade renewals with vendors. Also, a business needs to be sure it can obtain timely support and it is in IT's own best interests to ensure maintenance contracts have not expired. Use software asset management capabilities to know what is running in the enterprise, and to control valid license and maintenance agreements.

Business software piracy will always plague the industry, but its impact can be reduced with a concerted effort by governments, vendors and enterprises. It would be nice to look forward to the tenth edition of the BSA/IDC report several years from now with a piracy rate far below 41%.

---

Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to eric@ogrengroup.com.