There is an uncomfortable conversation that few companies have with themselves: do we know with certainty what software is installed on every computer in the organization? Do we have valid licenses for everything we use? Could we prove it if an audit arrived tomorrow?
The honest answer, in most cases, is no.
Not because companies operate in bad faith. But because software is installed, copied, updated, and accumulated at a pace that no spreadsheet can keep up with. An employee downloads a tool to work faster. Another copies an installer from a colleague. The design department has an old version of a software nobody knows has an active license. IT has an outdated inventory nobody has reviewed in two years.
The result is a gap between what the company believes it has and what it actually has installed. And that gap carries legal, financial, and security consequences that most executives don’t fully grasp until it’s too late.
The Problem Nobody Wants to Measure
According to BSA — The Software Alliance, the global organization representing the world’s leading software manufacturers, the percentage of unlicensed software installed on corporate computers worldwide hovers around 39%. In Latin America, that figure is historically higher.
In other words: in an average company, approximately four out of every ten programs installed on corporate devices don’t have a valid license. And the most concerning part is that, in many cases, management doesn’t know it.
26% of employees surveyed by BSA admit to regularly installing unauthorized software on company devices. Not necessarily with intent to defraud — simply because nobody stopped them, because they needed that tool to do their job, or because they assumed “the company already had a license for that.”
The result is a silent accumulation of risk that can materialize in very different ways — and none of them are pleasant.
The Legal Risks: What Can Happen If You Get Audited
Audits from Software Manufacturers
Major software companies — Microsoft, Adobe, Oracle, Autodesk, among others — have contractual rights to audit the use of their products at companies that license them. Many license agreements include clauses requiring the customer to permit periodic or on-demand audits.
When an audit detects software installed without a valid license, the consequences can include:
- Retroactive payment for all missing licenses, calculated from the detected installation date
- Fines and damages that can multiply the commercial value of the software several times over
- Legal costs arising from the audit process and potential litigation
- Out-of-court settlements that also involve significant financial outlays to avoid lawsuits
Fines calculated by BSA and manufacturers are determined by multiplying the commercial value of the unlicensed software by the number of devices on which it is installed, with additional multipliers that can exceed 150% of the base value. A mid-sized company with 50 devices and several unlicensed programs can face claims in the hundreds of thousands of dollars.
Reports from Former Employees
One of the most common audit triggers is not a random inspection — it’s a report. A disgruntled former employee who knows the real state of the company’s software has every incentive to report it. BSA even offers financial rewards for information that leads to successful cases.
The report can begin with a letter from a law firm acting on behalf of BSA or a specific manufacturer, informing the company that it is under investigation. At that point, it’s already too late to quietly “clean up” the problem.
Executive Liability
In many jurisdictions, the use of unlicensed software is not just a corporate problem — it can generate personal liability for executives who knew or should have known about it. In the United States, the No Electronic Theft (NET) Act and the Digital Millennium Copyright Act (DMCA) establish criminal penalties for software piracy. Similar provisions exist across most Latin American jurisdictions.
The Security Risks: The Part That Gets the Least Attention
The legal risk is visible and quantifiable. But there is an equally serious risk that gets far less attention: the security risk associated with unlicensed or unauthorized software.
Software Downloaded from Unofficial Sources
When an employee installs a program from an unofficial source — a download site, a torrent, an installer shared in a forum — they have no way to verify that installer wasn’t modified to include malware, ransomware, or spyware. Cybercriminals actively distribute “cracked” versions of popular software with malicious code embedded inside. The employee thinks they’re installing an image editor; in reality, they’re opening a back door into the corporate network.
No Security Updates
Software without a valid license generally doesn’t receive automatic updates from the manufacturer. This means any vulnerability discovered after installation remains unpatched indefinitely. Attackers actively know and exploit vulnerabilities in outdated versions of popular software. A system running unpatched software is, literally, a known target.
Shadow IT: The Software IT Doesn’t Know Exists
When employees install software on their own without going through IT, what’s known as shadow IT is created: applications the company uses but doesn’t manage, monitor, or control. Each shadow IT application is a potential attack vector, a possible data exfiltration point, and a source of regulatory non-compliance.
According to Gartner, shadow IT accounts for 30% to 40% of total technology spending in mid-sized companies — and that’s only the visible fraction. The invisible fraction, made up of software installed without record or control, is impossible to quantify without the right tools.
Inability to Respond to Incidents
When a security incident occurs, the IT team needs to know exactly what software is installed on every device, what version it is, and when it was installed. Without an accurate, up-to-date inventory, incident response turns into a forensic investigation that consumes critical time. Every hour of uncertainty is an hour the attacker may still be active.
The Root Problem: Nobody Knows Exactly What’s Installed
The root of the problem — both legal and security — is the same: lack of visibility. Most companies don’t have a precise, current, centralized inventory of all the software installed on their devices.
The reasons are understandable:
- Devices are numerous and distributed across different locations
- Software is installed and uninstalled constantly
- Employees have different levels of access to their devices
- Hybrid environments (office, remote, cloud) multiply the complexity
- Maintaining a manual inventory requires resources IT doesn’t have available
The result is that when an audit arrives — or a security incident occurs — the IT team has to rebuild the inventory from scratch under pressure. That is not the moment to discover problems.
Lansweeper: Complete IT Asset Visibility as the Starting Point
Lansweeper is an IT Asset Management (ITAM) platform founded in 2004, today trusted by global companies including NVIDIA, Maersk, Warner, EA, and PepsiCo. Its value proposition is simple and powerful: know exactly what’s on your network — hardware, software, devices, licenses — at all times and without manual effort.
Automatic, Agentless Discovery
Lansweeper’s most important feature is that it discovers assets without needing to install agents on every device. It automatically scans the network and detects every connected device: desktops, laptops, servers, virtual machines, cloud resources, printers, switches, and IoT devices. For each device, it captures installed hardware, software, versions, licenses, and patch status.
The result is a complete, accurate, real-time inventory — without IT having to build or maintain it manually.
Software License Management
For every piece of software detected on the network, Lansweeper allows licenses to be registered and automatically compared against active installations. This produces a clear picture of:
- Excess software: paid licenses not being used — resources that can be reclaimed or not renewed
- Missing licenses: installations without a valid license — the legal risk to resolve before an audit arrives
- Unauthorized software: applications installed outside the IT-approved catalog — shadow IT identified and quantified
With more than 450 pre-configured reports covering hardware inventory, software compliance status, patch levels, and vulnerability exposure, Lansweeper turns technical data into actionable intelligence for decision-making.
Real-Time Audit Readiness
Lansweeper maintains a continuous record of software compliance status that can be generated as an auditable report at any moment. When a manufacturer audit arrives — or when the company decides to run its own preventive audit — the information is available, accurate, and documented.
This transforms an audit from a threat into a manageable formality.
Vulnerability and Outdated Software Detection
Beyond license compliance, Lansweeper monitors the security posture of all assets: outdated software versions, unsupported operating systems, devices with risky configurations. When it detects a vulnerable asset, it generates an alert before it becomes an incident.
Integration with the IT Ecosystem
Lansweeper integrates with the tools IT teams already use: Microsoft Power BI for advanced data analysis, ITSM platforms like ServiceNow and Jira, and security and endpoint management systems. Lansweeper’s inventory data feeds these tools with accurate, up-to-date information, improving decision quality across the entire chain.
SAM Enhanced with Licenseware
For organizations that need a deeper level of license analysis — especially for high-risk vendors like Microsoft, Oracle, IBM, or Adobe — Lansweeper offers integration with Licenseware: a specialized licensing expertise layer that combines Lansweeper’s discovery data with vendor-specific analysis, delivering actionable insights on compliance and cost optimization.
What a Preventive Audit Can Uncover
A typical Lansweeper deployment at a mid-sized company tends to reveal situations nobody expected:
- Design or engineering software installed on devices in departments that shouldn’t have it, generating duplicate licenses without justification
- Old software versions the manufacturer no longer supports with known vulnerabilities
- Remote access tools installed by employees without IT authorization
- Paid software licenses nobody uses — budget that can be recovered at the next renewal
- Devices connected to the network that IT didn’t know existed
Each of those findings is a concrete action: remediate, uninstall, update, renegotiate, or revoke. Without visibility, no action is possible.
The Regulatory Framework
In the United States, the No Electronic Theft (NET) Act, the Digital Millennium Copyright Act (DMCA), and related copyright statutes establish civil and criminal penalties for software piracy. For companies handling personal data, CCPA and HIPAA (in healthcare) impose additional obligations to implement adequate technical safeguards — and running unlicensed or unpatched software on systems processing that data may constitute a compliance violation.
For organizations pursuing international certifications like ISO 27001 or working with clients that require SOC 2 compliance, software asset control is an explicit requirement of those frameworks. Without a precise, auditable inventory, those certifications are out of reach.
How to Start: The Inventory as the First Step
The solution to the unlicensed software problem doesn’t start by buying licenses blindly. It starts by knowing exactly what’s installed. That’s the first step, and it’s what Lansweeper enables.
Once the organization has complete visibility into its software estate, it can make informed decisions:
- Identify and remediate unlicensed software before an external audit does it for you
- Uninstall unauthorized software or software that poses a security risk
- Recover paid licenses that aren’t being used
- Update outdated software with known vulnerabilities
- Document the compliance status for future audits
At Aufiero Informática we are authorized Lansweeper distributors for Argentina and all of Latin America. We can advise you on implementation, manage licensing in local currency, and support you through the software audit process.
Has your company ever conducted a software audit? How long has it been since you updated your IT asset inventory? Tell us in the comments.
