Software License Compliance Playbook

If your infringement data consists solely of “phone home” telemetry, you’ve probably realized that it is almost useless in recouping lost license revenue. Rarely is an IP address alone enough to confidently identify unlicensed users, and certainly not enough to distinguish an actionable opportunity from a true pirate. 

Ideally, you want MAC addresses, detailed module use data, specific known-pirated version data, and domain names. Also, it’s now possible to leverage geolocation data and mapping APIs to deliver aerial views of physical locations of Wi-fi connected devices. 

Think of this as live game footage of a team you’ll soon play—you’re not hypothesizing about the players, you know who is playing which positions and where. 

Additionally, you can supplement your compliance data analytics with other internal data, like customer and prospect lists, CRM outputs or third-party data feeds to develop a robust user profile of your potential infringer. This level of reliable intelligence puts your team on the road to success.

After scouting the field, you must aggregate and analyze the information you’ve collected. Your ideal data environment should assemble this data automatically, without requiring extensive SQL queries, API calls, or scarce technical resources.

Success often comes from “being in the zone,” performing at your best. This is easier to achieve when you know what an ideal performance looks like and the challenges that stand in your way. So what does this look like for a compliance manager? In essence, it involves generating leads and closing sales. And with each account, he or she may use different tactics, or rely on different pieces of data. 

An ideal start to the day, then, might mean logging onto your compliance dashboard, finding actionable opportunities, and considering how to approach them. This preparation, or scouting, helps identify what you are up against.

Compliance managers want to avoid liabilities at all costs. So when you’re considering capturing personally identifiable data, you want to be in strict compliance with the law and general data protection regulation (GDPR) requirements. Your advanced analytics tool should be able to determine on-the-fly whether data needs to be anonymized and where it should be stored. Additionally, this activity should be laid out in your client contracts and EULAs. 

Set the ground rules, obey them, help others be compliant—that’s the key to winning at compliance.

• Accidental Software Pirates are well-intentioned users who may not understand the scope of the license agreement, or have purchased pirated software from a site that seemed reputable. The accidental pirates have both the willingness and ability to pay for software. A thoughtful compliance strategy can easily bring them into compliance.
• Bargain Shoppers’ biggest priority is value, and not the provenance of the software. While they may take longer to convert, they’re still worth targeting with your conversion program.
• True Pirates have no concern that their software is unlicensed. They’re not likely to convert to paid customers so a strong compliance program approach would focus on prevention rather than conversion.

When thinking about the work ahead as a compliance manager, you need to know where your actionable opportunities are. You’ll want to identify and rank each type of infringer appropriately. Each requires a different game plan. 

This involves understanding how they’re using your software and where. Is an organization only “kicking the tires,” or is your software being given a vigorous workout in several locations? In other words, which organizations are worth focusing your revenue recovery efforts on? Since compliance data sets can get big in a hurry, you need a system that automatically performs sophisticated correlations and analyses. A compliance intelligence system that easily links to your CRM can quickly filter infringement data onto customer accounts, which is incredibly valuable information to you and your sales team. 

This enriched data set can then be used to create business rules that automatically rank leads, bubbling the most promising to the top.

You often hear about athletes playing with “heart.” They are emotionally invested in the game. But unless they channel that emotion with rational intelligence, they risk losing control of their performance. The analogy carries over to compliance. 

Having a strategy built on data makes it easy to keep a cool head. These insights can help you understand the business needs that led an organization to piracy in the first place (i.e. accidental or intentional). This can help reduce feelings of anger or betrayal, allowing you instead to focus long term on converting these leads to paying customers.

A good manager knows how his team members match up against the competition, and he knows precisely who to play and when. 

Once you’ve ranked compliance leads, you’ll want to assign them to the right members of the sales team. Is the infringement happening in one location? You’ll need someone with local knowledge. Or, is it a widespread issue which could benefit from approaching a business leader or someone in the C-suite?

Integrating your compliance and CRM systems doesn’t just help identify existing accounts out of compliance, it also helps to push that information to the appropriate team members for smooth case management. 

As the compliance manager, you’re responsible for giving your team the tools it needs for success. And you should be able to manage the case pipeline through a portal that lets you assign leads internally and externally, approve cases, review program status, and analyze results by market, geography, and more.

Once your compliance tools are linked to your CRM, you can track performance across multiple products, channels, and partners. You can view conversion rates, revenue rollups, and more, without leaving your compliance dashboard. It’s always important to keep an eye on the scoreboard.

Coaches in professional sports may prepare hundreds of plays for any game situation. They’ve done their scouting, know player strengths, and know the resources they can deploy for the best chance to win. 

Your compliance playbook will include detailed instructions for engaging with different types of infringing organizations, given the various data points you’ve collected about them. You’ll have to maintain some flexibility, however, to deal with each unique situation. 

Since you don’t know how infringing organizations may respond, one useful play is to not show all your cards at once, and this may even mean strategically withholding some information from your sales team. Using automated templates, you can easily generate the appropriate levels of data for every account your salesperson or channel partner is responsible for to only reveal as much of your data and strategy as needed for the moment at hand.

A robust compliance intelligence system allows you to use outside resources that can leverage industry best practices and expertise to help you monetize unlicensed users. Think of these third-party players as extensions of our team—don’t lock them in a silo. Empower them with the data you already have, and allow the special skills they bring to enhance other team members’ performances.

By this step in the game plan you’ve likely identified a substantive case of infringement, identified actionable opportunities, ranked the leads, assigned them to the appropriate team members and prepared the playbook. The next step is to set your plan in motion— it’s game time. 

On first contact, give your infringing organization just enough information for it to verify that piracy does in fact exist. When it sees information like egress IP and MAC address, it will quickly discover that you know the truth—and that’s often enough to spur action. 

However, until the infringer responds, you will want to hold back what you know about the piracy’s full extent. This information can be used effectively in negotiations, or if your executive contact evades the truth or shades it in future conversations.

When possible, try to build an alliance with the management at the infringing organization. Again, 83% of infringers will pay if you can prove infringement. You can often position yourself on the side of the enterprise or its IT management, helping them self audit to uncover security risks associated with unlicensed software throughout their own organizations. 

If piracy disappeared immediately after your first executive contact, the executive may be conspiring with lower-level pirates to hide their tracks. If piracy continues, the executive may be conducting a legitimate investigation. Knowing this can help you strategize your next steps.

Unlike in the sporting arena, the ideal outcome for a compliance team is when everyone wins. As a software provider, you simply want users to pay for the effort and energy that went into producing and marketing your product. A win for your customer is having access to your software. But further than that, your compliance efforts help reduce their risk of using cracked software with potentially harmful effects.

As you develop your compliance program, you will begin creating repeatable processes your team can execute on a regular basis. However, as you expand your game plan to new geographies, industries or strategies, you may identify situations that your compliance team can’t execute alone. In this case, you should draft talent to your group in the form of additional personnel internally or externally, and technology resources. 

For instance, if you are determined to recover lost revenue through your compliance team, you may be able to bring on talent internally from other groups, such as sales or marketing. Individual, one-off systems implementations or software deployments, on the other hand, may best be handled by external consultants, who are able to leverage their deep technical expertise and dedicated compliance analytics technology, over the course of a time-bound project.

Still, if you are looking to grow your market influence, you will want to hire internal compliance team members with deep knowledge of their markets and products. However, external resources are a strong bet when pursuing unfamiliar, emerging, or foreign markets, all of which may have their own technical and legal nuances. Your compliance game plan will free them to focus on their area of expertise, instead of worrying about their ability to negotiate for the engineering or IT resources needed to monetize your compliance efforts.

The compliance game is not one for the weak-spirited or ill-prepared. You’re dealing with potentially sensitive situations such as asking users to pay for a product they believe they’ve already paid for, or possibly have knowingly implemented on too many machines. Achieving victory requires a methodical approach, a win-win attitude and iron-clad evidence of misuse. 

Strong compliance programs are built on actionable data that allows you to verify an organization’s unlicensed users, along with their locations, with confidence. Analytics provide irrefutable evidence, which when delivered tactfully can reduce the potential of confrontation or denial. It’s not only possible to turn infringers into paying customers, it’s highly likely. And that’s how the most successful compliance managers generate the most revenue and win at software compliance.