The latest rage in virtualization is the desktop. In addition to making administration and control easier, virtualizing the desktop also offers the potential of greater security. In particular, virtualization affords businesses the ability to retain their applications and, more importantly, their data on their own servers (as opposed to having instances of the applications and data residing on individual PCs and laptops, which have a nasty habit of going missing). There is even the possibility of having a virtual desktop completely contained on a USB device, with full encryption. All of this is, of course, useful and entirely worthy of exploration for many businesses. The purpose of the discussion today is not to criticize the virtualization trend in any way, but to highlight an important legal issue that is frequently overlooked when businesses jump on the virtualization bandwagon: proper licensing of the applications run in the virtual environment. With virtual servers capable of being set up in a matter of minutes (frequently without legal review or input), businesses sometimes overlook the need to ensure the applications being run in the virtual environment are properly licensed.Ensuring applications are properly licensed for use in a virtual environment is a thorny issue, with many grey areas. Existing license agreements are generally silent on the issue. This means the individual licenses for each of the applications must be carefully reviewed to ensure there is no language that would prevent operation in a virtual environment. Since this issue will likely not be expressly addressed, limitations relating to the scope of the license, authorized operating configuration, and other terms must be reviewed. In some cases, the licensor may have to be contacted to ensure virtualization will not result in a breach of the license. We have already seen several instances in which businesses have virtualized without addressing these issues only to find themselves the subject of an audit by one or more of their licensors for being out of compliance with their license agreements. Before your business becomes the subject of one of those audits, conduct an audit of your own to ensure the relevant license agreements do not preclude use of the applications in a virtual environment. Related content opinion Finding Common Threads in Privacy and Information Security Laws. By Michael Overly Apr 26, 2013 3 mins Compliance opinion Ensure Your Data is Securely Deleted By Michael Overly Mar 11, 2013 2 mins Cloud Security opinion CIA in the Cloud By Michael Overly Dec 18, 2012 2 mins Cloud Security opinion Overreacting to Information Security By Michael Overly Dec 10, 2012 2 mins Privacy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe