How to stop losing your revenue to software piracy

Lost Revenues
Software theft happens to nearly everyone. Most prevalent is desktop software piracy, which suffered an estimated $40 billion in revenue losses in 2006, alone, according to IDC. On average, companies lose 35% of the annual software revenues to piracy as reported in a recent IDC global piracy study.  Embedded software is pirated too, to wit Cisco’s $1B loss from sales of a counterfeit router developed in Korea. 

Piracy is not only rampant, it is rapidly proliferating. Zero day postings of cracked software have become the norm.  High-tech companies in certain countries have dedicated departments of reverse engineering. Most recently, digital media software piracy has made headlines, with successful attacks on the iPhone and repeated DRM violations. Therefore, it is imperative to adequately protect software revenue streams and intellectual property (IP) before releasing the software into the market.      

Why the Pirates are Winning
Failure to incorporate software security as part of end-to-end software lifecycle management has created a window of opportunity for professional hackers to capture a significant portion of corporate revenue streams.  Software developers have historically managed major design, development, and distribution benchmarks throughout the software development lifecycle (SDLC).  Rich feature and functionality requirements and time-to-market pressures have been primary concerns, with the assumption that metering systems will be sufficient to prevent software misuse.  Security concerns have largely been defined by network and data protection technologies by the IT department, who safeguard the enterprise perimeter. 

The problem?  Once the company’s software-based IP leaves these enterprise firewalls, it becomes exposed and therefore entirely vulnerable to increasingly sophisticated software attacks.  Licensed managed applications and dongles are reverse engineered in as little as 24 hours!  DRM platforms are hacked in days.  The success of today’s professional pirates is the result of four key factors:

1. Increasingly sophisticated and extensible disassemblers such as IDA that enable hackers to systematically penetrate software applications.
2. Hacker communities, which were once confined to the underground, are now flourishing on open websites (see www.woodmann.com/crackz/index.html or http://iphone.fiveforty.net, for example), enabling hacker collaboration.
3. Cheap computing power is creating a huge appetite for popular but premium-priced software in emerging markets, in turn fueling the demand for cheap (i.e. pirated) versions of the software  
4. Low-cost, high-speed internet connectivity and efficient P2P networks to rapidly disseminate hacking tools and cracked software

Clearly, conventional software development and management practices need to be re-examined to incorporate application protection into the software development lifecycle (SDLC).

The Required Defense
A successful software protection solution must not only be durable and resilient, but must also fit smoothly into software lifecycle management requirements.  Thus, license management, copy protection and DRM systems will remain a critical part of the software distribution requirements to enforce business agreements with software customers.  However, software protection today demands a multi-layered approach that extends back into the design and development phases.  This approach should also extend forward into the deployment and maintenance phases, of the application.  

As applications are being designed and developed, CTOs and other stakeholders of the business unit, should introduce automated software protection tools, such as GuardIT™ by Arxan Technologies, Inc.  The goal is to ensure that not only is the underlying code protected, but also that the overlying license management or copy protection is fortified and bound strongly to the application.  Incorporating such a multi-layered approach to software security as part of your end-to-end software lifecycle management will result in software piracy being virtually impossible.  Arxan’s software protection solution enables developers to architect a durable and low overhead protection design at the binary layer.  After development is complete and the application is compiled, Arxan protection is deeply embedded into the binary. 

Characteristics of a Successful Software Protection Solution
Creating a software protection strategy with a multi-layered approach will effectively ensure defense against piracy, tampering or any type of threat, and thus prevent future revenue loss.  For maximum ROI, an IP protection technology must meet the following 7 criteria:

7 Key Factors to Software Protection

• Durability:  a software protection solution should interconnect with multiple layers of defense, and incorporate diversified and randomized runtime behavior, to ensure maximum strength and longevity once the application is deployed
• Active and Dynamic:  the solution must go beyond static obfuscation and encryption, to not only defend but also detect and react to all types of attacks, creating a constantly shifting landscape for the attacker that is very difficult to navigate
• Resiliency:  provide a secure yet point-click fix for breach management and software updates, minimizing any “security tax” that is incurred during deployment and maintenance phases of the SDLC
• Flexibility:  allow the user to build a solution that is tailored uniquely to their application, threat profile and business requirements
• Scalability:  have the ability to easily increase its depth, breadth, type and complexity to meet evolving security needs as the application grows in size and criticality, and as hacker profiles evolve
• Performance Friendly:  offer high-efficiency security that protects comprehensively without adversely impacting run-time performance
• Development Friendly: provide developers with fully automated protection that is implemented at the end of development, and before distribution, fitting smoothly into a conventional SDLC

Arxan’s software protection solution meets these key attributes and makes intellectual property (IP) theft virtually impossible.  Developers of software applications, including multi-media and DRM applications, can reliably safeguard their IP and revenue.

For more information on how to stop software piracy visit www.arxan.com  or contact us at info@arxan.com  / (877) 445-1350.