If you’re a compliance manager, I invite you to imagine your ideal day.
Imagine logging onto your compliance dashboard and finding actionable opportunities already waiting for you. Imagine being able to confirm and act on them in as little as 15 minutes – maybe even less. Now imagine closing a major deal based on that new compliance information, the very same day you see it.
I know a one-day sales cycle doesn’t happen often. But I personally know compliance managers who’ve had that experience. And even if you can’t count on booking same-day revenue, scores of compliance management organizations have radically streamlined and accelerated the entire process of discovering infringements and transforming them into cash. This post introduces a five-part series on how you, too, can achieve something close to the “ideal” compliance management experience…no matter how “less-than-ideal” your current environment might be.
Why the compliance manager’s role is even tougher than it appears
To begin, it helps to consider why the compliance manager’s role is so difficult. At Flexera, my colleagues and I have collaborated with hundreds of professionals who are working day and night to succeed at this task. We see the same patterns and obstacles repeatedly.
Many compliance managers come to the role with deep knowledge of their markets and products. But proactive compliance managers must negotiate for the engineering and IT resources needed to monetize compliance. Who embeds the telemetry? Who builds the analytics? Who maintains and supports it all? Investing scarce technical resources in compliance is often a tough sell when there’s a huge list of customer features screaming to be built. Put politely, compliance managers rarely have as much input into product roadmaps as they’d like.
Second, even with organizational cooperation, compliance management is just plain complex. Managers are typically bombarded with scattered data from multiple disconnected sources. It’s a bit like the ancient fable about the sightless folks trying to interpret different parts of the elephant. It’s hard to know what you’re seeing, but chances are the whole picture is different – and bigger – than the tiny piece you’ve grabbed onto.
Simple “phone home” telemetry: almost useless
To address these problems, compliance managers often turn to basic “phone home” telemetry approaches. This frequently involves customizing a home-grown solution for making software contact you when it’s installed, registered, and/or activated.
This is better than nothing. But it’s not much better.
Most compliance managers are quickly disappointed with simple “phone home” approaches. Before you can do better, you need to understand why these first-generation techniques generate little revenue, and can’t scale as you grow.
To begin, “phone home” commonly returns only an IP address. In only 3-5% of cases does this identify infringers with sufficient confidence for software companies to act. Typically, basic “phone home” can’t accurately identify IP addresses associated with access through hosted providers, cloud services, VPNs, or proxy servers; addresses protected by privacy services, or address blocks owned by ISPs. And, of course, you generally can’t even use IP addresses for compliance unless you’ve already claimed your right to do so, typically in your EULA.
Even if you can figure out who’s infringing with reasonable confidence, you’ve discovered little or nothing about the level of misuse. Without machine-specific data, you don’t know how many unique devices are infringing. You have no way to profile how infringers are actually working with your software. Are they just kicking tires? Or are they in there all day, using multiple modules, aggressively profiting from your intellectual property in their own high-priority projects? You don’t know. So, too, it’s often difficult or impossible to prove overuse or abuse of paid licenses via IP addresses alone.
Building alliances with the infringer’s senior management
There’s one more problem. A surprisingly large number of infringers will pay if you can prove infringement. As sophisticated compliance managers know, you can often position yourself on the side of the enterprise or its IT management. You can help them self-audit to uncover security risks within their own organizations – and, as they’ve increasingly realized, cracked software is a major security risk. Occasionally, they’re even appreciative.
But you can only help them self-audit if you have detailed, actionable data to share. Not just an IP address.
Your ideal day: from generating leads to closing sales
We’ve now outlined the challenge. The next four posts will guide you through overcoming it.
First, we’ll show how to integrate and automate compliance management that goes way beyond collecting just IP addresses. You’ll learn how to build efficient workflows for uncovering potential non-compliance. Next, we’ll guide you through confirming that a potential infringement is real, determining whether it’s worth pursuing, and prioritizing your efforts. Then, we’ll present techniques for quickly moving compliance cases to action, whether you’re a one-person compliance shop or you’ve got partners, sales teams, distributors, and legal specialists to collaborate with. Finally, we’ll discuss managing your cases in progress, so you can track sales performance – and optimize it.
By the time we’re done, you’ll know how to establish infrastructure and processes that make your “ideal” compliance day possible – and just might deliver the occasional one-day sales cycle!
Read the entire Imagining Your “Ideal” Day as a Software Compliance Manager series