You’ve poured time, effort, and money into developing great software, and you’re ready to bring it to the market. Now it’s time to think about how you’re going to protect it.
What do you need to protect your software against?
- Piracy, illegal copying, or other unauthorized use of your software that can harm your revenue
- Security breaches that put your data or your customers’ data at risk
If you were selling a physical product, keeping it protected would be more straightforward: you keep it under lock and key, ensuring that no one with harmful intentions will be able to reach it.
Software is different. Unprotected software is incredibly easy to copy, reproduce, and use on multiple devices without authorization. It’s also easy for hackers to penetrate to extract any sensitive data your customers may be storing using your software.
Good protection of software means that your customers can rest assured that their information is safe when they use your product.
Let’s take a look at three types of software protection:
Software Copyright Protection
Copyright is the right to copy a creative work — a type of intellectual property that protects the creators of an original work against theft of their creation. Note that copyright does not protect ideas or concepts, just the expression of those ideas or concepts. When it comes to software, that means the actual code.
What is software copyright protection?
Software copyright protection is ensuring that no one will copy your software and use it illegally.
In theory, the software is protected under copyright law as soon as the code is fixed in a tangible medium, so the law provides a sort of automatic software copyright protection. However, practically speaking, it’s not particularly effective. All it means is that other people aren’t allowed to copy your software. In the U.S. at least, you can’t even sue someone for infringing your copyright unless you register with the U.S. Copyright Office first.
Even if you have registered, using litigation as your only software copyright protection is not a great strategy. It means you have to actually catch the people who have copied your product, sue them, and spend considerable amounts of money and time proving in court that they copied your software illegally.
This is especially an issue for small software developers seeking software copy protection for Net applications or others of open-source-developed programs on a tight budget. These developers simply don’t have the means to monitor for copyright infringement, let alone take legal action when they identify it.
So what are some strategies for more effective software copyright protection?
Planting redundant code
One way to make it easier to prove copyright infringement is to purposely plant redundant components within the code. If you suspect someone has copied your code, finding those redundant components serves as strong evidence that that’s what happened. Once again, this strategy for software copyright protection involves the need for litigation, but at least it makes the legal team’s job easier.
Be cautious about who sees your source code
Software vendors should always follow best practices to ensure that only authorized and trusted people can access the source code. Carefully vet your staff and get high-quality references when outsourcing.
Use an identity-based licensing solution
Even if you can’t prevent end-users from accessing the source code, if you use an identity-based licensing solution, you will at least have as much information as possible about who is using a given program.
Identity-based licensing solutions grant access only to users using specific credentials, such as a username and password. With a licensing management system like Sentinel EMS, you’ll have access to plenty of data that can help you keep track of who is using what products and when.
SaaS, or Software as a Service, is an increasingly popular model of software delivery. Instead of purchasing the software once and installing it to use only on a given device, users can purchase the software as a subscription and access and use it via a remote server. This model tends to be more cost-effective and flexible: customers can access the software from multiple devices, and always enjoy the most up-to-date version of the software.
What is SaaS Protection?
SaaS protection includes two components:
1. Preventing unauthorized use of the program itself — protecting the vendor from piracy and theft
2. Securing the data entered by the end-user into the program — protecting the customer from data breaches
SaaS protection is a bit more complex than that of on-premise software because aside from those two components to consider, there are more “points of entry” hackers could exploit. Until recently, many organizations that handled very sensitive data were wary of using SaaS programs due to concerns about security. The fact that the data must be uploaded to the cloud and stored on a remote server made the model seem much more vulnerable to data breaches.
Fortunately, the technology available today is able to keep SaaS data extremely secure.
Establishing solid SaaS protection
As a SaaS provider, ensuring potential customers that their data will be safe is essential and establishes trust in your product. Besides, in some countries, there are mandatory requirements regulating the security of customer data. You may need to comply with these regulations in order to operate your business.
So how do you go about protecting your SaaS?
Educate your end-users
The first thing to understand is that SaaS protection must go both ways. You should provide the best security on your end, but if your end-user is blasé about security, there’s only so much you can do to prevent their data from being breached. It’s important to do what you can to educate users about securing their data.
Encrypt all data
Data encryption is an essential step in SaaS protection. Encrypting your data means that even if it’s leaked somewhere along the process, it will appear in a form that’s impossible for an unauthorized party to interpret.
Require strong passwords
People complain about the growing complexity of passwords over the years, but there is a reason providers have been requiring more complex passwords: they’re much harder for hackers to guess. According to security expert Brian Krebs, the ideal password:
- Is as long as possible — at least 8-10 characters long
- Contains a string of words — numerals, uppercase letters, and special characters are nice, but length is more important, and a sentence is easier to remember
- Avoids common words like “password,” keyboard combinations like “1234” or “qwerty,” or details that may be discoverable from social media or other contexts, such as your birthday, phone number, pet’s name, etc.
Hire a cybersecurity firm
When in doubt, it’s always a good idea to consult the experts. Thales Sentinel provides a package of cybersecurity and license management solutions specifically tailored to the needs of SaaS providers.
One of the best ways to protect your software against theft, piracy, and unauthorized access is by using protection keys.
What are protection keys?
Protection keys are a type of code that prevents unauthorized users from accessing or copying software. When software is protected with a key, only users who have the key can run the software on their device.
There are three types of protection keys:
Hardware protection keys
Also known as dongles, hardware protection keys are small devices that must be plugged in to activate access to the software. These are less convenient than the other solutions listed below, because you need to issue a physical device to the end user, and the user can only run the software if they have the device. However, some users prefer this type of protection key for its security advantages.
Software protection keys
Software protection keys are a kind of software you can install on a given device that provides access to the software they protect. Users can simply download the key along with the software and access it instantly.
Cloud-based protection keys
With this model, rather than download and install the protection key on the user’s device, the key can be delivered to the end user’s device upon request, and then returned to the remote server when the user is finished with it. This allows for a larger amount of flexibility because the key can be used on multiple devices and by multiple users at different times.
Thales Sentinel Software Protection Solutions
Thales Sentinel offers a wide range of flexible and customizable software protection solutions — whether it’s software copyright protection, SaaS protection, or protection keys. Discover how Thales Sentinel can help protect your software with our software monetization tools.
Defend and Protect Intellectual Property Against Threats
Defending Against The Quadruple Threat to Intellectual Property - White Paper Technology and innovation have never moved faster and most of it involved software in form or another. Learn how Thales can help you protect against the quadruple threat of intellectual property...
Improve Efficiency while Protecting Software like Air Infotech - Case Study
AIR InfoTech Improves Back-Office Efficiency and Protects Software with Thales Sentinel AIR InfoTech realized it needed to digitize their publications and create software databases, in order to best server their customers. AIR InfoTech selected Thales Sentinel solutions to...