The Impact of Unauthorized Software Installations
On average one out of four employees has installed software on their business computer that was not approved by the IT department. This is not necessarily a malicious action – oftentimes, the employee himself is unaware that his actions can cause considerable damage to the company.
Consequences can be steep for those companies found to be using unlicensed software, ranging from a criminal complaint or thousands of dollars of compensation, to an injunctive relief, a comprehensive obligation to provide information and, in case of repeated offenses, a fine which can reach even millions of dollars. Not to mention, these consequences are in addition to the costs of purchasing the missing licenses.
Many companies do not even know about the unauthorized software installations on their network, commonly described as ‘shadow IT’, and what risks this exposes them to. But, ignorance does not protect against punishment. Let’s look at some ways that unauthorized software installations can enter the corporate network and what impact they have on your company.
How Does Shadow IT Begin?
In many companies, there is no formal approval process to get new software installed and employees have almost unlimited admin rights for their business computer. Some software apps and browser plug-ins, such as those for teleconferencing, don’t even require admin rights to install. As a result, unauthorized and non-business software quickly enters the corporate network without the IT department and software manager are aware of it.
Why is that? Let’s assume an employee has an urgent deadline to meet but doesn’t have the appropriate software for the task. Rather than go through an annoying and time-consuming approval process, an easier and faster way to get the software is to simply download it. However, he’s probably not considering whether this software is allowed to use for business purposes at all, and whether the internet source where he downloaded it was trustworthy.
In another example, and end user does gothrough the official approval process to get a new software but his request is rejected due to cost. Because he absolutely wants to use this software for his work, he just installs his personal version on his business computer. Even if he has no installation rights, he can just use the software at work with the help of a portable app. However, using personal software for business purposes is usually illegal as it’s not permitted by the licensing terms.
Some of the unapproved or unknown software types that are risks for your company include:
- Portable apps that allow employees to use private or non-commercial software on company PCs without needing administrative rights
> Compliance risk
- Open Source Software that is often only allowed to be used to a certain extent for commercial purposes, e.g. in context with software development
> Compliance risk
- Freeware that is free of charge for private purposes, but needs to be licensed by companies, e.g. IrfanView, Winzip
> Compliance Risk
- Peer-to-peer applications that can be used to exchange corporate data with people outside the company -> IT security risk
- Illegal downloads that often contain “additional code”, e.g. Trojans, viruses or spyware
> IT security risk
The Risks of Not Knowing and Managing Your Software
Legal risks: By purchasing a software license, you obtain a usage permission that is linked to certain conditions written in the licensing terms. For example, you can’t use a home edition software for commercial purposes. Anyone who does not comply with the licensing terms violates the copyright laws. If the breach is discovered, criminal complaints and considerable penalties may be imposed on the company.
Cost risks: If a company is found to be in violation of software copyright laws, it often faces high fines to compensate for damages and legal costs. Depending on the company’s sector, various authorities may claim for penalties, such as the tax office, enforcement and data protection authorities. In addition, the illegally installed programs must be removed and the missing licenses must be purchased. The cost for these additional licenses can often be well above the list price.
Beside the actual payments, the company’s activities are also interrupted by the potential legal dispute and the removal of the illegal software may cause additional sales losses.
Image risks: Don’t underestimate the damage to the company image when the public finds out you acted against the law. Court cases and judgments are usually followed by the public in the press, and the damage to public appearance can be severe.
Security risks: Last but not least, illegally-procured software or games from questionable sources may pose a security risk for the corporate network. Oftentimes, these can contain malicious software, such as Trojans, viruses or spyware, which can crash the IT systems or provide unauthorized access to confidential business data. Also, pirated copies downloaded from websites or peer-to-peer networks often do not provide security updates, causing security gaps in the corporate network.
How Can You Save Your Company from the Risks of Unknown Software?
A survey by the Business Software Alliance has shown that many CIOs underestimate the impact of unauthorized and unknown software, as well as the amount of unauthorized software in their network. To be fair, how would they know? The average data analysis tools don’t provide the information needed to identify risky programs. But the fact is that these software installations can cause unexpected financial consequences, which can have a severe impact on a company’s profitability and success.
The solution is to introduce professional software portfolio management, where the entire software environment is regularly analyzed regarding specific software information to identify programs carrying a risk. To accomplish this, you need to combine a complete overview of the installed software with additional information about the software license types, such as freeware, license required or free for non-commercial use, as well as information about functionalities, such as peer-to-peer networks, portable apps or online services.
Stop Fearing Shadow IT and Start Managing!
Manually combining this information would take an enormous amount time and require a deep understanding of software and licensing terms. We have an easier way. Our managed services allow you to gather this information automatically and our experts help you to implement your Software Portfolio Management efficiently, professionally and sustainably.
In a 30 day trial of COMPAREX Portfolio Management Platform you get to know how to manage your shadow IT.
Fill out the form below to contact our COMPAREX experts.