Microsoft might promise free upgrades for Windows and simplify its volume licensing with a new agreement, but the influx of cloud services, new devices and mobile apps means software licensing continues to be complex. A recent lawsuit should remind you that you can't afford to lose track of what software your company is using.\nAdobe, Autodesk and Corel have sued clothing retailer Forever 21 for \u201cwillful, intentional and malicious copyright infringement" for using Photoshop, Acrobat, Illustrator, Autodesk, PaintShopPro and WinZip without paying for enough licenses, \u201ceven after being contacted by Adobe regarding the infringement,\u201d the lawsuit said.\nPirating software is usually about civil liability. Adobe, Autodesk and Corel are asking for lost revenue and damages, plus court costs. Criminal liability tends to be reserved for cases of software counterfeiting, according to Jodie Kelley, senior vice president and general counsel of BSA, The Software Alliance.\nIt can get personal\nBut it\u2019s not just the business that will have to pay up \u2014 an officer of the company can also be liable if they personally participated in the infringement or supervised it. For example, "If you could have prevented it but didn\u2019t,\u201d Kelley explains, and if you had a financial interest in using the copyrighted software. \u201cIt\u2019s a relatively high standard for personal liability, but it does exist, and the officer is liable to the same degree as the corporation.\u201d\n[Related: Here's How Much Those 'Free' Windows Licenses Actually Cost ]\nCompany liability might not end with the cost of paying for the licenses you should have bought and the statutory damages for not buying them, either. There\u2019s now an ISO standard for software asset management, which isn\u2019t required by any regulations yet. But the 2013 framework for internal controls and corporate governance from COSO, the umbrella organization for accountants and auditors, includes a chapter on software licensing that says your business needs to have \u201cappropriate controls\u2026which may\u2026verify the entity\u2019s legal right to use the technology in the manner in which it is being employed.\u201d\nMost companies have focused on the financial reporting implications in the COSO framework, but it means that software licensing now has to be considered as part of your internal regime rather than just a question for the IT department. And, Kelley warns, \u201cthe SEC has announced it will be looking to that framework when it assesses whether internal controls are adequate.\u201d That could be a problem for the 65 percent of companies in last BSA Global Software Survey who don\u2019t have written policies requiring properly licensed software.\nSecurity and piracy don\u2019t mix\nIt\u2019s not just a question of the company doing the right thing by paying for the software it uses to run the business or being efficient about making sure you\u2019re not paying for licenses you don\u2019t need. Pirated software can make you more vulnerable to security breaches. Part of that is common sense: \u201cIf you want to deal with security, the most critical first step you have to take is knowing what you have in your network. If you don\u2019t know what you have and you're not managing it, you're extra likely to have a threat.\u201d\n[Related: Free Windows, End-of-XP Spree, Drops Microsoft Revenue by $455 Million ]\nBut if users are downloading cracked software and installing it on their computers, it often brings malware along with it. And too many times even a legitimate copy of the software that\u2019s installed may not get security updates, so it won\u2019t be as licensed copies. BSA commissioned a study from IDC to look at malware on PCs that shows a correlation between the amount of unlicensed software in a country and the amount of malware on their PCs. http:\/\/globalstudy.bsa.org\/2013\/cyberthreat.html\nBring your own license problem\nPirated software and over installing is obvious when you look for it. But what about the licensing impact of the tablets and smartphones that users bring to work? BYOD, mobile devices and even cloud services make licensing more complex and confusing.\n\u201cMost companies aren\u2019t trying to cut corners,\u201d admits Kelley. \u201cThey\u2019re struggling with the complexities.\u201d\n[Related: Free Windows? Not a Chance ]\nSo when Microsoft announced in January that Windows 10 would be a free upgrade for the first year, it quickly emerged that there would be the usual licensing small print. The free upgrade is only for the base Windows 10 edition and the basic business version, Windows 10 Pro. If you have Windows Enterprise and a volume license, you'll need to pay for an upgrade or take out the usual Software Assurance subscription to get the new version.\n\n\t\n\nMicrosoft is also still working to define what "the supported lifetime of the device" means. It has clearly documented support lifecycles for operating systems, but OEMs have much shorter support cycles, which makes it hard to find out how long a particular model will be supported for.\nYou might not be concerned about whether you'll get OEM graphics driver updates in five years\u2019 time, but if you're relying on Windows 10 updates on a business PC through an OEM, you need to know how long that\u2019ll go on for. That means that even for consumer devices that users are bringing to work, you will still have to think about volume licensing, including VDA licenses that cover devices (like iPads) to get remote access to Windows desktop applications.\nThe new Windows Enterprise Software Assurance User Subscription Licenses let you license Windows for your users without counting their devices. They use virtual desktops and put Windows Enterprise on any of their devices as long as the screen is no bigger than 10.1 inches. You assign them a primary device that runs Windows 7 or 8 because, as usual, SA is an upgrade from a Windows license that\u2019s already been paid for. As the name suggests, this is a subscription you have to keep paying for.\nBack at the Office\nThings are even more complicated for Office, especially as the promised touch Office apps finally arrive on Windows tablets, with Windows 10 on some devices. But just because the Office apps come free on a device or can be downloaded free from an app store\u2014like the versions of Office already available for iPad and Android\u2014it doesn\u2019t mean they're free to use for business.\nThe apps won\u2019t stop users from opening and editing documents or creating new ones. But unless you have the appropriate Office licenses for those users, they\u2019ll be breaking the license agreement if they do that for business documents.\nThese might include a license for an Office 365 tenant like E3, which includes the client software, an Office 365 Pro Plus license or Software Assurance in your Office volume license. It won\u2019t include the Office 365 Home Premium license users could buy (and try putting on their expense claim) from inside Office for iPad.\nMicrosoft solved that problem for Windows RT, which came with a touch version of Office Home and Student that didn\u2019t have commercial use rights, by including those use rights in Office 2013 volume licensing. And at the end of 2014, it introduced the Enterprise Cloud Suite, which includes Office 365 Enterprise E3, per-user Windows Enterprise SA subscriptions and the Enterprise Mobility Suite (Intune or System Center Configuration Manager client manage, Azure Rights Management Services for protecting shared documents and Azure Active Directory Premium, which gives you tools like single sign-on, two factor authentication and security reports), all in one agreement.\nIf you\u2019ve mastered all that, prepare to prove it when you get audited. Alternatively, if you\u2019re prepared to get the ISO certification in software asset management, you can also get certified by BSA. The advantage of that is you\u2019ll get a two-year holiday from audits by BSA members. That\u2019s a laundry list of enterprise vendors, from Adobe, Apple and Autodesk to Microsoft and Symantec, so it would have kept Forever 21 out of court.