• United States



Virtualization and the Desktop

Oct 05, 20072 mins
Data and Information SecurityIT Leadership

The latest rage in virtualization is the desktop.  In addition to making administration and control easier, virtualizing the desktop also offers the potential of greater security.  In particular, virtualization affords businesses the ability to retain their applications and, more importantly, their data on their own servers (as opposed to having instances of the applications and data residing on individual PCs and laptops, which have a nasty habit of going missing).  There is even the possibility of having a virtual desktop completely contained on a USB device, with full encryption.  All of this is, of course, useful and entirely worthy of exploration for many businesses. 

The purpose of the discussion today is not to criticize the virtualization trend in any way, but to highlight an important legal issue that is frequently overlooked when businesses jump on the virtualization bandwagon:  proper licensing of the applications run in the virtual environment.  With virtual servers capable of being set up in a matter of minutes (frequently without legal review or input), businesses sometimes overlook the need to ensure the applications being run in the virtual environment are properly licensed.

Ensuring applications are properly licensed for use in a virtual environment is a thorny issue, with many grey areas.  Existing license agreements are generally silent on the issue.  This means the individual licenses for each of the applications must be carefully reviewed to ensure there is no language that would prevent operation in a virtual environment.  Since this issue will likely not be expressly addressed, limitations relating to the scope of the license, authorized operating configuration, and other terms must be reviewed.  In some cases, the licensor may have to be contacted to ensure virtualization will not result in a breach of the license. 

 We have already seen several instances in which businesses have virtualized without addressing these issues only to find themselves the subject of an audit by one or more of their licensors for being out of compliance with their license agreements.  Before your business becomes the subject of one of those audits, conduct an audit of your own to ensure the relevant license agreements do not preclude use of the applications in a virtual environment.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author