New BSA Survey: Organizations Can Combat Cyberattacks by Avoiding Unlicensed Software

May 25

BSA GSS 2016Organizations worried by the ever-increasing threat of cyberattacks should start by looking inward. One of the first, critical steps an organization needs to take is to ensure that all of the software running on its own network is legitimate and fully licensed.

Doing so matters, as highlighted in Seizing Opportunity Through License Compliance, this year’s Global Software Survey from BSA | The Software Alliance. As that study demonstrates, use of unlicensed software is strongly linked to the introduction of malware and all of its dangers.  And once into a network, cybercriminals and malicious hacking can do significant harm.

In 2015 alone, cyberattacks cost businesses more than $400 billion. And it’s not just the immediate fallout that’s an issue. Breaches to a company’s security can have a powerful ripple effect. Enterprises can suffer damage to their reputation, and irreparable harm to hard-earned customer confidence. Even one successful cyberattack “can do serious harm to a company’s reputation and credibility,” notes the 2016 Symantec Internet Security Threat Report.

The good news is many companies do recognize the threat. In fact, this year’s survey found:

  • Some 49 percent of CIOs identified security threats from malware as a major threat posed by unlicensed software.
  • In a survey of workers, 60 percent cited the security risk associated with unlicensed software as a critical reason to use legitimate software.

But the bad news is that knowing about the threat is not the same as effectively working to prevent it. The global business community may be aware of the dangers of unlicensed software, but companies continue to allow it onto their networks at an alarming rate.

On this front, this year’s Global Software Survey from BSA found:

  • Thirty-nine percent of software installed on computers around the world in 2015 was not properly licensed.  This represents only a modest decrease from 43 percent in BSA’s previous global survey in 2013.
  • Even in certain critical industries, where much tighter control of the digital environment would be expected, unlicensed use was surprisingly high. The survey found the worldwide rate is 25 percent – a full one in four – for the banking, insurance and securities industries.
  • CIOs estimate that 15 percent of their employees load software on the network without their company’s knowledge, but nearly double the percentage of workers say they are loading software on the network that their company doesn’t know about.

It doesn’t have to be this way. There are four concrete steps organizations can take to curtail the use of unlicensed software and avert a host of associated cyber dangers.

The first step is to gather and maintain reliable and consistent data to assess whether the software running in your network is legitimate and fully licensed. Ensure that your biggest problem isn’t already sitting in your systems.

Next, consider your current and future business needs and align them to the right software and the right licensing model. Ensure you are getting the appropriate value for your expenditure.

Third, establish and implement policies and procedures to manage the lifecycle of your software — from procurement, to deployment, and retirement. Effective software asset management (SAM) practices need to support the business and in turn management needs to support the SAM process.

And fourth, integrate SAM practice into your organization’s internal control environment across the entire business. This includes educating employees on the proper use of software and the legal, financial, and reputational impact their software related actions can have on the organization.

Effective SAM practices are particularly powerful tools because they help organizations keep an ongoing inventory of what software is on their network and guard against unlicensed software use. SAM practices can also result in significant savings by driving out hidden inefficiencies from over-licensing applications or unused software.  In fact, studies have shown that properly managing software can lead to cost savings as high as 25 percent.

To read BSA’s full Global Software Survey, including estimated rates and commercial values of the unlicensed PC software installed last year in more than 100 countries around the world, visit www.bsa.org/globalstudy.

BSA Heads to the Hill

posted by in Industry May 20, 2016
May 20

On this past Wednesday, BSA | The Software Alliance hosted its annual fly-in. Board members from BSA spent the day on Capitol Hill meeting with Members of Congress to talk about policy priorities like ECPA reform, international data flows, TPP, and computer science education. Our delegation included representatives from Bentley, CA Technologies, Datastax, IBM, SAS Institute, Siemens, Splunk, Workday, and Dell.

Fly-ins help us share our industry advocacy priorities with Members of Congress and educate them about what our member companies do. Our fly-in was also a valuable way to thank lawmakers for their leadership on issues like the Judicial Redress Act, the Defend Trade Secrets Act, and patent legislation. On Wednesday, we met with 5 House Members and 9 Senators. Meetings with leadership included Senate Majority Whip John Cornyn, House Minority Whip Steny Hoyer, and Chief Deputy Whip Patrick McHenry.

Here are just a few highlights of our very busy day on Capitol Hill:

  • The Electronic Communications Privacy Act (ECPA) was a key focus of many of our meetings. We met with several advocates for ECPA reform, including the lead sponsors and cosponsors of the bill. We thanked Chairman Grassley for putting ECPA on the Judiciary Committee’s markup agenda, we thanked Senators Leahy and Lee for steering the effort as lead sponsors of the bill, and we thanked Senators Cornyn and Coons for their support. BSA is advocating for the passage of ECPA reform without amendment, and our conversations on Wednesday were a positive step in that direction. We thanked Chairman Goodlatte and Members of the House for moving ECPA reform legislation through the House on a 419-0 vote.
  • We also talked about the importance of the free movement of data across borders, the significant TPP provisions related to cross border data flows, and the importance of a strong Privacy Shield agreement with the EU. Board members shared compelling stories about how their companies move data around the world every day, illustrating the importance of ensuring that data can continue to move freely across borders.
  • Lawmakers were very interested in our thoughts about the importance of STEM education. BSA is a member of the Computer Science Education Coalition, a coalition of businesses and NGOs working to expand access to computer science education in K-12 classrooms across America. The Coalition is urging Congress to provide $250 million in federal funding for K-12 computer science education this fiscal year.

In each meeting, we talked about the importance of the software industry to our economy—always a topic of great interest to Members of Congress! We’ll continue to engage with these lawmakers and many others, and we look forward to promoting BSA’s data agenda throughout the rest of the year.

Is It Time to Pop the Champagne for ECPA?

posted by in Cybersecurity, Data, Privacy April 26, 2016
Apr 26

It generally isn’t a good idea to celebrate before a vote in Congress. But it also isn’t generally the case that the House is voting on a measure that is sponsored by nearly three-quarters of its Members. That is the situation this week, with a vote coming on the Email Privacy Act — a bill sponsored by a staggering 314 Representatives.

And those circumstances are why this time perhaps it’s worth celebrating — just a bit — this big step for privacy even before votes are cast.

It shouldn’t be surprising that so many have signed on in support of the Email Privacy Act. The bill makes a significant improvement in privacy protections for technology users. At its core, the legislation updates the Electronic Communications Privacy Act (ECPA) to ensure that law enforcement get a warrant in order to obtain the content of users’ email and other files that are stored online.

That change makes sense as more and more of our communications and files move from our desk drawers to our virtual cabinets in the cloud. In our homes, Americans have an expectation of privacy in their “papers and effects [ ] against unreasonable searches and seizures.” Yet, based on an arbitrary distinction written into a law that was drafted 1986 — at the dawn of the Internet Age — that expectation has not been guaranteed online. By eliminating that distinction, the Email Privacy Act will ensure digital files receive an appropriate level of protection.

So, even before the vote, there is much to celebrate about the progress made on ECPA reform this year. Reps. Kevin Yoder (R-Kan.) and Jared Polis (D-Colo.) deserve tremendous praise for driving the strong support for the bill. Building on their work, House Judiciary Committee Chairman Goodlatte should be applauded for driving a compromise proposal that the core goal of ECPA reform. Many of those involved in this debate also have pledged that they will continue to work to address other ECPA concerns. These include the rules around government access to location data and the pressing need to create a framework for law enforcement access to data held overseas.

The one thing putting a damper on this celebration? Uncertainty in the Senate. With the limited number of legislative days this year, it will be a challenge to finalize ECPA reform in the current Congress. That’s unfortunate, and the wide-ranging coalition of ECPA supporters will now turn their efforts to ensure Senate Judiciary Chairman Grassley hears the calls for further votes for privacy — and further celebrations.

More Effort Needed to Pave Way for Cloud Computing Benefits

posted by in Cloud Computing, Data, Industry April 26, 2016
Apr 26

Much has been written about the benefits of cloud computing. It’s providing consumers, businesses, and governments quick, efficient and affordable access to technology that was previously available only to large organizations. And that access is rapidly expanding opportunities in established markets and emerging economies alike.

Less attention has been paid, however, to what cloud providers need to ensure those consumers, businesses and governments can access the cloud: the right mix of national laws and regulations.

Focusing attention on that element the cloud is the purpose of a new study from BSA | The Software Alliance. That study, the 2016 Global Cloud Computing Scorecard, reveals that while many countries have made healthy improvements in their policy environments in recent years, a patchwork of inadequate laws and regulations around the globe threatens to stunt the unprecedented societal benefits and economic growth fueled by cloud computing.

This year’s Scorecard updates BSA’s rating of the cloud-related polices of 24 countries that account for 80 percent of the world’s IT markets. Launched in 2012, this series of reports is the only one of its kind to track ongoing change in global policies landscape for cloud computing. The results show an uneven picture with some countries ready to seize the technological opportunity and others trailing behind.

An area of concern is how some countries are implementing policies that impede the development of cloud computing services. Russia and China, for example, have imposed policies that limit the ability of cloud service providers to adequately move data across borders. This freedom of movement is required for cloud computing to provide the full extent of potential benefits. Countries that wall themselves off are hurting their own economies.

Also of concern are policies in India, Indonesia, and Korea that prevent the use of international standards and international certifications.

Other countries have failed to improve outdated or insufficient laws. Brazil has the potential to become a significant market for cloud computing, but its laws are in flux. Although it is working to improve security, infrastructure, and Internet freedom, Brazil is being held back by a lack of comprehensive and balanced data privacy laws and other concerns.

Other emerging markets, such as Indonesia, Thailand and Vietnam may be improving in some areas, such as strong IT readiness, but their overall rankings are dampened by weak data security laws.

The BSA study also shows that the gap is widening between countries that are cloud-ready and those that are lagging. Many countries, such as South Africa, are making healthy improvements to their cloud-service environments. Other markets are being left further behind by countries such as Japan and the United States, which already are enhancing cloud-friendly environments.

Even countries that achieved the best scores in the report can and should improve their policies to promote cloud computing even further.

Our report is a wake-up call for all governments to work together to ensure the benefits of the cloud around the globe.

The bottom line is that inconsistency worldwide means less connectivity now and in the future. And that means less productivity and competitiveness for every country.

Governments must do more to foster and promote laws, regulations and policies that embrace the connectivity of the cloud.

Laws don’t need to be identical from country to country, but they do need to work so that governments and businesses can take full advantage of the transformative potential of a global cloud marketplace. They must allow the free movement of data, robust privacy and security, promotion of free trade, and use of global standards.

The cloud is ushering in unprecedented productivity, competitiveness and job growth. If all countries welcome this technology – and do all they can to see that their policies do the same – we all will win.

A Bipartisan, Consensus Approach to Innovation Policy

posted by in Intellectual Property March 29, 2016
Mar 29

In encouraging news given today’s climate, Congress is making progress on legislation that will promote innovation.  Even more encouraging?  The legislation and process involved in this progress are both bipartisan and bicameral.

The Defend Trade Secrets Act, introduced in the Senate by Senators Hatch and Coons, and in the House by Representatives Collins, Nadler, and Jeffries, shows tremendous promise when it comes to bolstering software innovation – so important to our daily lives, and to the health of our national economy as a whole.

The reality is that our economy is increasingly reliant on cloud computing.  Businesses of all sizes, in all industries, use cloud services to improve efficiency.  Software runs the cloud, and every day software companies are investing in research and development to improve its operations – helping countless individuals and businesses worldwide.

The innovations and improvements that spring from that R&D often are the most valuable property a company owns – they may constitute the know-how that differentiates, for example, a company in the US from a competitor overseas.  And that know-how is often protected as trade secrets.

Trade secrets are often thought of as involving a manufacturing process or a sales list, but they can also be the algorithm or computer code that ensures data in the cloud is routed to a customer in the most efficient, reliable, and secure method possible.  If a company can rely on a harmonized, reliable trade secret system to protect its prized know-how, that company is more likely to collaborate in research and development – which then improves the innovation ecosystem as a whole.  In short, progress is curbed and innovation stunted without effective trade secret safeguards.

Despite the importance of trade secret protection in our culture of innovation, our outdated current laws mean that a trade secret owner has no federal civil remedy if its know-how is stolen.  The Defend Trade Secrets Act would provide that important, missing remedy, and help usher in the harmonized system that will benefit not only software innovation but our entire American economy.

Senate and House Judiciary Committee leaders have encouraged a collaborative, consensus-oriented approach toward this legislation. As a result, the Defend Trade Secrets Act has been cosponsored by more than 60 Senators and 120 Members of the House. The House Judiciary Committee unanimously approved related legislation last Congress, and the Senate Judiciary Committee recently did the same.

The Senate is scheduled to vote on the Defend Trade Secrets Act in early April.  Action by lawmakers to modernize this important area is good news for us all, and for the groundbreaking innovation of our future.

Update (April 4, 2016): Read our statement about the passage of the Defend Trade Secrets Act: http://www.bsa.org/news-and-events/news/2016/april/en04042016senatepassagedefendtradesecretsact?sc_lang=en-US

Progress in Building Trust in Trans-Atlantic Data Flows

posted by in Data, Global Markets, Privacy February 11, 2016
Feb 11

Last night, the US House passed the Senate-amended version of the Judicial Redress Act, now headed to President Obama for signature. Progress on this front matters. This needed legislation will form a critical part of a stable and trustworthy structure for free flow of data across borders – so essential for economic growth in our digital economy.

Following last week’s agreement between the United States and European Union on the Privacy Shield, a successor to the Safe Harbor Framework as a mechanism for protecting the flow of personal information in the commercial context, enactment of the Judicial Redress Act will further harmonize US and European privacy protections as well.

The Judicial Redress Act calls for granting foreign nationals protections that US nationals enjoy under the 1974 Privacy Act – notably, the right to sue for intentional misuse of their personal information contained in US law enforcement records. This addresses a long-standing complaint from EU stakeholders that they lacked a right to judicial redress in the United States that already exists in Europe. The new law thus removes a discriminatory feature of U.S. law that has no place in today’s world of globalized communications.

Signing it into law will help clear the way for the US and EU to sign the Data Privacy and Protection Agreement, which protects individual privacy rights when law enforcement agencies cooperate on a trans-Atlantic basis. The Agreement will provide a solid basis for law enforcement agencies to share information when it is necessary to prevent, investigate and prosecute serious crimes, including terrorism.

We and our member companies commend Representatives Sensenbrenner, Goodlatte and Conyers, together with Senators Hatch, Cornyn and Murphy, for their strong leadership on this groundbreaking initiative, and we urge President Obama to swiftly sign it into law.

How the Software Revolution Is Changing Our World

posted by in Industry January 19, 2016
Jan 19

Software will dramatically change our lives and our society. We are in the midst of dramatic societal changes driven by software — a revolution propelled by software innovation.

As chair of the World Economic Forum’s Global Agenda Council (GAC) on the Future of Software and Society, I work with experts from business, academia, and development backgrounds to identify and analyze how today’s advancements in software are shaping the world around us. Our Council has released a new report, “Deep Shift: 21 Ways Software Will Transform Global Society.” The report describes software innovation and highlights predictions about the many ways in which software will change our lives and our world. So much of what we do is enabled by software: From building smarter cities by analyzing traffic patterns, to providing rural farmers from Indiana to India with real-time mobile data to improve their harvests, the software revolution is transforming the way we live.

These developments do not come without challenges. Our Council’s mission is to help society navigate these changes, both positive and negative. How can we best address societal impacts related to privacy, security, and job disruption? Greater collaboration between industry, policymakers, academia, and citizens of the world will help us chart our course through these software innovations that are poised to dramatically change our lives.

To read the entire “Deep Shift: 21 Ways Software Will Transform Global Society” report, click here.

A Call for Creative Solutions

posted by in Cybersecurity, Privacy November 24, 2015
Nov 24

The November 13 attacks in Paris were tragic, and our hearts and thoughts are with the people of Paris. We stand ready to work with law enforcement to prevent future such horrific incidents. Such efforts will require creative solutions that benefit public safety as well as online security.

There has been a good deal of discussion in recent days suggesting that encryption is the single factor that enables terrorists. That is not the case.

(more…)

Software and Data Helping Overhaul Conservation

posted by in Data, Industry November 18, 2015
Nov 18

Today, I gave the keynote address at the World Wildlife Fund’s 2015 Fuller Symposium. This year’s theme, “Wired in the Wild,” explores how software is helping address some of the planet’s greatest challenges. Our future successes in conservation, as in many realms, depend upon scientific inquiry, and so many of the scientific history-making breakthroughs we are seeing increasingly rely on software and data.

From complex modeling of ecosystems to 3D modeling that enables more accurate and complete measurement data, software enables us to learn more and do more. The innovative companies that make up BSA | The Software Alliance understand the importance of preserving our environment and natural resources. They are producing software and data that’s bolstering conservation efforts in truly amazing ways. Here are just a few examples I highlighted in my address:

(more…)

Seize the Opportunity for a Sustainable Path

posted by in Data, Privacy October 22, 2015
Oct 22

In “The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik’s Cube,” Microsoft’s Brad Smith provides insight on ways to ensure European consumers and enterprises can continue using data services in the manner they chose and from the best providers of such services. In today’s world, it is a well-known policy truism that technology will advance much more quickly than tech-related law and that regulations can hobble both innovation and the economy. While we need to address immediate issues to address the collapse of the Safe Harbor, our future and the policy decisions which shape it require enduring and sustainable solutions.

Today, we have the opportunity to improve citizens’ lives, businesses and governments by creating a long term framework to ensure that privacy is fully respected while permitting new software technology to thrive. These solutions must be global and crafted to better fit the digital world in which we live. A failure to embrace this opportunity is a failure for us all.

(more…)