Showing posts with label Software Audit. Show all posts
Showing posts with label Software Audit. Show all posts

Monday, April 20, 2020

Software Contracts - in a Pandemic led Recession

OK, so I am not a financial expert - but if our current world-wide pandemic (COVID-19) does not put us officially into a recession then I will be extremely surprised.

Frankly, I think we are already there - experts are debating.  I'll leave it to them to figure out and in the meantime speak to you about your software contracts and what to think about them in a recession.

As we all know, the US was in a recession just a few short years ago and it was a doozy!  But at that time many companies still had not made the transition to subscription based licensing for most of their business productivity software.

Think about your companies software contracts today - Adobe, Microsoft, Autodesk, Oracle and others on your productivity software are probably all heavily subscription based today.  On your infrastructure/platform software they are also probably heavily "hosted" or subscription based.

Why is this point important in a recession?  Old licensing models were perpetual licenses with maintenance. In most circumstances you could continue using the software regardless of whether or not you maintained the maintenance. So in a recession, if you could get out of the maintenance contract you were arguably still in business. If you are tasked with saving money on software costs your options are more limited in a subscription world.

Subscription licensing models is a pay as you go model.  While that is useful in moving costs to the expense line rather than amortizing it also means you must continue paying or you can no longer use the software.  Your software vendors are now in the drivers seat (although here is a very interesting read on the financial impact of this for software companies by Gavin Baker which I thoroughly enjoyed and you might,too).

So, here are some keys to consider:

  • Are your subscription users going to be reduced?
    • Inventory your existing contracts to know specific clauses and dates:
      • Many multi-year software contracts have an option to reduce subscriptions on an annual basis as long as you do it by the prescribed deadline. 
      • Some also have an option for reduction based upon a reduction in force.
    • When are your contract expiring for those that do not have a built in reduction option?
    • How will this impact your hosted infrastructure/platform needs? Make sure you are aware of those contract terms and dates as well.
  • If your user base is not expected to be reduced, will you be asked to cut costs regardless?
    • Look for the fat in your current contracts.
    • Identify critical vs nice to have suites
    • Ensure you are leveraging your legacy licensing benefits when available in your hosted environments.
  • Those software audits that have slowed down over the past 2-3 years, expect them to gear back up in different fashions:
    • Microsoft - do not be surprised for a server focused "assessment"
    • Adobe and Autodesk - I expect to see them come back around to see who still has old on-premise software that is not covered under the existing subscriptions.
    • Micro Focus - remember all that software they picked up in the deal with HP Enterprises? They have already been an active auditor, expect that to continue or pickup.
We know the pandemic is hitting us hard, but we cannot afford to be so distracted by life or death news (she says, sadly and somewhat sarcastically) that we get caught by surprise by the longer term economic impact we will all be facing.  If you need a refresher just go back to my blogs from 2007-2010 such as this one.

While each turn is unique, there are aspects that are the same...with over 21 years in the Software Asset Management business Cynthia Farren Consulting can help. Reach out to schedule a conversation with me to discuss a game plan for your organization.

Stay safe and stay well...



Tuesday, January 26, 2016

Deploying Microsoft Office 365 ProPlus - Important Licensing Information Before You Start

Several of my clients are starting their implementation of Microsoft Office 365 ProPlus and I'm seeing a key misperception that could lead to expensive license compliance issues down the road.

Microsoft Office 365 ProPlus is licensed per user (Yeah! Something many of us have wanted for years) but Microsoft Office Professional Plus 2016 (or 2013, 2010, 2007, etc) is licensed per device. 

The change to "per user" licensing is one of the key reasons many organizations have licensed the Microsoft Office 365 ProPlus, but by using the incorrect installation bits a company can quickly become out of compliance.

These are two different products - they may contain the same feature set but just like you cannot install Microsoft Office Standard when what you own is Microsoft Office Professional, you also cannot install Microsoft Office Professional Plus 2016 when what you own is Microsoft Office 365 ProPlus!

In order to maintain compliance (and benefit from the "per user" licensing) you need to make sure that any deployments of Microsoft Office 365 ProPlus are done with the Office 365 bits, not the volume (or otherwise provided) licensing bits for Microsoft Office Professional Plus.  While years ago there was a short-term exemption to this requirement that exemption has since expired and if you install with Microsoft Office Professional Plus bits then you are installing a device based license.

This information used to be spelled out in the Microsoft licensing briefs but in my latest search I could no longer find reference to it, however; the thing to remember about Microsoft licensing is that they only tell you what you can do - not what you cannot do so the absence of this clarification does not mean they've changed the requirement. This Microsoft TechNet article on "Getting started guide for deploying Office 365 ProPlus" provides some guidance to consider.

While I have not seen Microsoft actively auditing on this yet, you should expect that in the not too distant future it will probably become a compliance item so if you are planning your rollout now, it will pay to do it under the correct installation media.  Also,  your Microsoft Account team is presently financially interested in your Office 365 usage, something that cannot be measured if you are using the Microsoft Office Professional Plus bits.

Example of impact: A user has 3 dedicated devices with Microsoft Office installed (workstation, home, laptop).
  • If all of these are installed using the Office 365 ProPlus bits then the company only needs to license the user for some form of Office 365 ProPlus. 
  • However; if each of these is installed with the Microsoft Office Professional Plus bits then each install would have to have it's own license requiring the procurement of 2-3 licenses (2 if the laptop could be covered under Portable Use Rights but that is dependent upon how the license for the workstation was acquired).
So, in summary - do not use your Microsoft volume licensing MSI's for Office Professional Plus to deploy you Office 365 ProPlus.  It could end up costing your organization unnecessarily!

As a side note, for those organizations getting ready to deploy Microsoft Office 365 ProPlus 2016 please be aware that there is currently an issue with volume licensed versions of Microsoft Visio 2016 or Microsoft Project 2016 installed on the same computer (as well as 2013 versions of Visio Pro for Office 365 or Project Pro 365). For more details please refer to this Microsoft TechNet article (scroll down to the topic "Visio and Project versions that can be installed on the same computer with Office 365 ProPlus").

Update January 27, 2016 - I have been informed by Microsoft that there is a resolution planned in February 2016 for the above point about volume licensed versions of Visio 2016 and Project 2016. It is planned to come in the form of a "Click to Run Compatible Bits" (C2R-P) for the volume licensed Visio and Project. Keep your eyes open for these updated bits.






Monday, January 07, 2013

Software Audits - Be Afraid...Be Very Afraid!

OK, so I know the title is a bit "doom and gloom" - but frankly I've seen too many companies over the years get seriously bitten during software audits because they didn't have a healthy respect for the risk when they first accepted the audit (and for the sake of this article...I'm calling it an audit any time you share your installation data with a publisher or anyone representing the publisher).

First, I do not recommend going through one alone. That would be like going to an IRS audit alone - there are far too many obscure rules that can come back to haunt you. Get professional help before it starts and keep that help around through completion...very few rules are "black and white" and you need an advocate on your side who fully understands the rules and can balance the publisher's interpretation of use.

Here are a couple of things to know before heading into an audit:
  1. Not all audits are the same - know when you have the right to refuse or limit and when you've already waived those rights.
  2. Make sure the scope is clearly defined - is it all subsidiaries, all geographies, etc.
  3. Require a project specific non-disclosure agreement (NDA) be in place with any third-party gaining access to your information and follow up at the end of the audit to require disposal of the records.
  4. Understand under what circumstances you'll be billed for the cost of the audit.
  5. Ensure that the audit is being conducted under the rules of your active agreement with the publisher and the pertinent product use rights for the products in use.
There are many more, but this is a start.  The ITAM Review has a number of useful articles on this topic that you should consider reading as well.

Pitfalls to be aware of to avoid audit problems:

The best possible situation is to avoid an audit altogether.  While this is becoming more and more difficult as publishers have realized that audits are a profitable activity that helps them meet revenue goals (most of the heads of software publisher compliance groups have revenue goals much the same as a sales group), there are steps you can take to reduce your chances of an audit.
  1. Regularly conduct your own audit. Know what you own, what and how you are using it. If contacted for an audit, be sure that your executive handling the conversation can speak knowingly and authoratatively on current usage by product and the timeliness of that data.  Software publishers don't want to throw their money away on an audit that is going to produce no licensing revenue. The more they feel that you already have things under control the less likely they are to require a full onsite audit.
  2. Watch your external access, make sure you are appropriately licensing clients, vendors and partners for their access to your computing resources.
    • If your customers are using your computing resources, make sure that you are covering that usage under the appropriate licensing agreement.  Most publishers have service provider agreements (Microsoft's SPLA or VMWare's VSPP program being two of the most common) allowing for you to host their products for use by others - there is a lot of gray area in determining when you need to license under these versus when you can use perpetual licenses so make sure you have a professional help you make this determination.
    • Licensing is typically entity specific. While everyone in my organization is licensed to use a Microsoft Windows 2012 server within my organization that licensing does not cover us for when we access a client's organization.
    • There are expensive ways of handling this and less expensive ways - having licensing advice when you're setting up access can help you avoid unnecessary costs.
  3. Minimize OEM and non-volume purchases. Frankly, publishers regularly mine their entitlements data on clients to determine inconsistencies for compliance issues.  If a publisher can't see a full picture of your purchases it can increase the chances of an audit.
  4. Keep your purchasing records. If you are still using the software (or it's successor if that successors licensing is based upon the original purchase), then you need to have ready access to your proof of purchase. Consider for example Attachmate the owners of some (current and) legacy emulation software.  They audit on a regular basis - can you demonstrate that you purchased the 50 copies of KEA or myEXTRA! that you still have running in your organization?  If not, the cost to buy new licenses can include interest based upon when the software was originally released.
  5. Pay attention to country of usage rules. Most publishers have some restriction on using software in a  country other than the one purchased.  Autodesk, VMWare and Microsoft (under the Open licensing program) all restrict usage across geographical boundaries.
  6. Understand transferability rules of licenses during mergers, acquisitions and divestitures. For example, Autodesk states that their licenses are typically not transferable and have the right to refuse a request for transfer, if they do accept the transfer they can require that subscription costs be added to the license.

Already in an audit:
Regardless of what stage the audit is in, get help.  Make sure you have someone working as your advocate that has experience in software audits, strong knowledge of the publishers current and historical agreements and product use rights and the frankness to give you an accurate picture of where you stand (this is not the time your management team wants anything sugar coated...they need to know the reality so they can prepare).

Double check everything the auditors present to you - math errors and mis-interpretation of product use rights and licensing terms are frighteningly common.

Thursday, March 22, 2012

Software Audits - Beware of the Unknown!

While most of our business is focused on helping companies optimize their licensing and avoid compliance risks there are times a company comes to us when they are in some stage of being audited (whether it's called an audit or not for purposes of this posting I will refer to it as an audit anytime a third party is reviewing your licensing not at your behest).  We come across a number of areas that "surprise" customers to find out it's a compliance issue.

Take a look at the following - if any of them apply to your company, take steps to resolve these:
  • Own one edition but a different edition is installed.  Do you own Microsoft Office Professional but have Microsoft Office Standard installed?  If so, you are out of compliance (and no, don't count on them to look the other way). 
  • Changing the hardware that you run your Oracle database on without checking to see what it does to your core factor in determining processor licenses required. Did you move to a Sparc 4 from a Sparc 3? You just doubled your core factor...Oracle US License Agreements
  • Not understanding the minimum number of users that need to be licensed (contractual requirement versus actual usage). What did that (above mentioned) increase in processors just do to the number of users you're required to license?
  • Server mobility in a virtual environment. For example, did you reassign your Microsoft Windows Server Standard licenses to your virtual environment? That's fine (assuming they weren't OEM licenses) as long as you are not using VMWare's V-Motion (or similar technology).  You can only reassign licenses once every 90 days in the Microsoft server operating system world - you might accidentally be drastically increasing your licensing needs by "harvesting" that Standard license versus appropriately licensing the virtual environment.
  • Did you turn on enterprise functionality in your Microsoft SharePoint Server? If so, are other instances of SharePoint inheriting that enterprise functionality without your knowing it?  The enterprise functionality in Microsoft Sharepoint requires a Microsoft Sharepoint Enterprise CAL (client access license, this CAL is also contained in the Microsoft Enterprise CAL Suite).
  • Do you have Mac's in your environment? Are they accessing a Microsoft Windows OS? How are you licensing that?
  • Are you on an Enterprise Agreement (Adobe, Microsoft, Oracle, etc) and not including all devices in your environment? Check your agreements, unless it specifically allows you to exclude something these agreements typically require you to license all devices - read your fine print!
  • Re-imaging devices using the wrong media. The quickest way to get out of compliance in a material way is to have the wrong media loaded to your image. Make sure this is in alignment and that a change control process is followed for any changes to the image including a licensing review.
  • Are you assuming downgrade rights? For example, most Attachmate products do not have downgrade rights unless you have maintenance. Don't assume this right.
If you are asked (or told) that someone will be reviewing your licensing - get help before it starts. This is not the time to rely on your internal team unless they are licensing experts and stay current on all the publishers in your environment.

The ITAM Review has a great article series on the topic of "What REALLY Happens During an Audit", I recommend reading it whether you're going through one or just looking for more information.

Monday, February 28, 2011

Software Asset Management - 2011

What is it about 2011 that makes me think...we have officially reached "the future"? 

Is it just that I'm now so old that when I thought forward to the future it was anything after 2010? Probably...but since old age seems to keep growing further and further away from me as I age, I refuse to accept that as the answer, LOL! 

What will happen to Software Asset Management in 2011? My crystal ball is far from perfect but I'll take a stab at predicting this year anyway... 

Software audits rise - sorry, I know you've been hearing that threat for years but based on what I've seen so far in 2011 I think you can count on it as a fact. As the economy (and therefore companies) see an improvement I think you'll find publishers starting to come forward to find out what you have (and haven't) been doing in the past couple of years. They know you've been spending less money with them, so they want to make sure you've been licensing appropriately. Software audits are expensive (even if you're fully compliant and don't have to buy anything), so before you respond please reach out to us to see how we can help! 

Cloud Computing continues to grow and initially companies will manage these in a decentralized fashion (you buy it, you manage it). Hopefully some will remember lessons learned from the past and have these managed centrally by their Software Asset Manager. When I spoke on this topic at the IAITAM Conference two years ago there was a lot of uncertainty from Software Asset Managers as to who owned this responsibility - frankly the role that owns it is the role that steps forward to take control of it. My suggestion is that a saavy SAM Manager will realize that they add value to this function and this function adds value to their position. If you don't have your controls in place for managing Cloud contracts, please talk to us about appropriate processes and controls. 

The role of the CIO will become more ambiguous. OK, so this isn't SAM but it is important to SAM. I think we are clearly seeing the assimilation of IT into the whole of the business. Regardless of industry, IT is critical to all areas of the business and business owners are going to want more control of it. While a certain amount of centralization and segregation of duty is imperative to maintain controls and manage cost, I will not be surprised to see the role of the CIO disappear. However; on the flip side, I think you will start seeing more former CIO's transition into the role of the COO (possibly a natural evolution as CIO's have long been advised to become intimately familiar of all the business units they are serving). If this transition does take place, you might well see the role of SAM Manager follow suite (especially if the SAM Manager has taken on the Cloud Computing aspect). 

Is my crystal ball failing me or do others see the same? Let me know! 

One thing I do know for certain is that Cynthia Farren Consulting will launch an updated website in 2011 (OK, I cheated...since it already launched earlier this month). We tried to simplify matters and provide more valuable content - let us know how we did!

Monday, May 17, 2010

Mergers & Acquisitions - Software Licensing in the Due Diligence Process

It's been said that 2010 is the year of M&A (LOL...again, there have been many years in the past that have also held that moniker) and having just seen a posting on LinkedIn on this topic reminded me that it's probably time to blog about it again (check out my earlier posting on this topic for additional information).



There are lots of things to be considered, but I'm going to focus on the company doing the acquiring for this posting - if you need other scenarios check out our whitepaper on the topic.



There are typically two scenarios in acquiring: (1) you don't acquire any of the IT assets, or (2) you acquire all the assets of the company, including IT assets. The first scenario is simple as you know walking in that you have to provide these assets yourself. The second scenario is where the waters get muddy.



If acquiring all of the assets, the assumption is typically made that all the software installed at time of acquisition is (a) properly licensed and (b) the license will transfer to the acquiring company. Unfortunately, these are both naive assumptions and too frequently incorrect.



In the ideal situation, IT would have the opportunity to receive the licensing statement (including copies of contracts and proof of licensing) for the company being acquired in advance so it could be factored into the valuation of the company (remember software is frequently the 2nd or 3rd largest line item in the IT budget and represents significant expense).



However; reality is that acquisitions are typically completed without IT's involvement or even if IT is involved they are very limited in the information that can be shared in advance of the completion of the deal.



So, how can IT help the company avoid acquiring someone else's licensing headache? Through education and quick follow up.



A couple of basic steps:

1) Get the issue on the table in advance of M&A activity. During M&A you're going to have a hard time getting the attention of the proper parties so preempt the situation.

2) Get some allies on the topic - legal counsel, CFO, compliance officer and purchasing officer are all key allies. Obviously this means senior level IT to senior level operations discussions.

3) Create a high level IT due diligence checklist of what IT truly needs to (a) help avoid large unnecessary costs and (b) ease integration post acquisition.

4) With the aid of your allies, get the IT due diligence checklist added to the overall company due diligence checklist. Be prepared for push back and be able to quantify through hard dollar and compliance risks the reason behind each item.

5) Post acqusition, work fast. Not only do you have a mandate to get the company integrated but you also need to ensure that if there are any licensing costs associated with acquisition that you're able to identify those for proper accounting in the financial statements as part of the acquisition cost.



Get help - understanding the licensing terms for each major publisher and the transferability of those licenses can be a daunting task. Now is the time to focus on integrating your two companies, have an expert handle the acqusition licensing issues for you.



Any other suggestions? Post them!

Tuesday, March 02, 2010

The Timebomb - IT Backoffice Applications

We seem to spend so much time focusing on desktop licensing and trying to get that right...but frequently it is our IT backoffice applications that get us into trouble.

Despite change control on our desktops and servers, it seems that we continue to find an abnormally high number of IT management tools that are underlicensed. This is also an area where we find a lot of functionality redundancy.

IT will police the end users, but typically no one is policing IT's software. Here are some common costly issues we see at new customers:

Symantec NetBackup - it may be part of standard operations to automatically cover new servers by the technology but where is the automatic purchasing of the necessary additional licenses? Also we frequently see resellers selling the Express program licenses, even when the customer is already a Rewards program customer - make sure you're getting the benefits of your overall Symantec spend on each purchase.

Development/Test/Disaster Recovery - typically all of these instances require licensing. Make sure your servers are licensed appropriately, don't assume you can build a Test server and not license it!

Imaging/Virus scan/Desktop management - yes these are all standards of doing business but frequently they don't get reviewed to ensure that sufficient licenses exist to cover usage.

Client Access Licenses - if you're running Microsoft Windows server, each user or device requires a CAL. If you then add Sharepoint on that server, you also then need a CAL for that. If you're running SQL server to support Sharepoint, you need a CAL or a processor license for SQL. The list goes on and on...if you're using the resources of the server chances are there is a corresponding license requirement. This typically falls to IT to manage.

In short, make sure you're looking at licensing requirements on your IT management apps as well as your end-user apps.

As always, if you need help - let us know!

Thursday, August 13, 2009

What Your Software Inventory Tool Isn't Telling You!

Hopefully by now you've realized that in order to manage your software (or other IT assets) you need to have an inventory tool. As you will know from my other posts, you can't stop there...but it is a good place to start.

However; you need to understand your tool and how it reports data to you. Otherwise you might get an ugly surprise later on down the road when you find software installed on your systems that wasn't showing on your reports!

Inventory tools have a database of software titles associated with publisher and typically associated with a flag to indicate if it is licensable software (versus freeware, etc). The completeness of this database is the biggest value to you of the tool. With most tools if an executable is not in this database than it gets grouped into a "Misc" category and will fall into an exception report, a "catch all" report or might not be reported at all.

This could include new releases from publishers or simply publishers that your tool publisher doesn't categorize. These "unidentified" programs can cause you a lot of headaches - from a security, licensing and support angle.

Most inventory tools are updated on an ongoing basis as the publisher becomes aware of new software, but if you're not keeping current on your maintenance with that software you might not be getting this updated information.

Protect yourself - keep your maintenance current on any inventory tools you use, check the frequency of the tool publishers updates and include a check of "Misc" or "Catch All" software reports in your Software Asset Management process.

Additionally, if you are concerned about potential risk in this area you might want to consider having all of your software identified. Software ID Technologies has services that will identify all software in your environment. We've teamed with them on a number of engagements and they do a good job of taking the mystery out of those "unidentified" applications.

Thursday, July 16, 2009

Software Asset Management, Common Sense and Saving Money

Have you ever noticed how cyclical everything seems to be in this world? Well, one of the cycles I've watched since the early 1990's has been Software Asset Management.

The cycle (at least in the US, I frankly didn't track it much internationally) seems to be: Avoiding the topic, Awareness of an issue, Deciding to do something about the problem, Doing a full fledged project, Pairing that project down, Letting nature take care of itself and then the cycle starts again.

Obviously there may be some missing stages and some more "refined" terms than those I used but the basic concept is the same. When times are lush we seem to get into this phase where we feel the need to do a full bore SAM methodology but as soon as money and resources get tight we abandon the methodology in favor of "just making due".

This topic has been reinforced to me lately through two things: (1) a brand new client who emphasized the desire to have a "ala carte" proposal for SAM implementation - our existing clients know that providing options is the ONLY way we work, and (2) reading a fellow SAM practioner's (Kylie Fowler) blog which focuses on the "practical" side of ITAM and SAM (check it out...some great information).

In all our methodologies, let's not loose sight of the basic concept here...SAM is supposed to save money, manage risk and provide the business with the technology tools needed to be competitive. None of this requires complexity, extraordinary costs and it should all fit easily into common sense business practices.

If you're finding yourself ignoring your SAM methodology to run your business, do a quick re-evaluation of the methodology. What is valuable and what is just extra work? Streamline it, modify it, replace it with something simpler...do what you have to do, but don't abandon or ignore it altogether as you'll then be doomed to repeat the cycle (losing out on all those great cost savings and risk management in the meantime!).

If this is still too much for your business right now - consider outsourcing your SAM. We do this for a number of clients and they've found that (a) our costs are ridiculously low compared to in=house, (b) we typically save them more than our annual fee in increased savings, and (c) it frees their staff up to focus on running the business. Talk to me if this is of interest to you.

Wednesday, September 10, 2008

Digital Asset Management - Respecting IP and Staying Out of Trouble!

Intellectual property rights cover a wide spectrum, and while I typically talk to software licensing IP - I don't want to overlook other forms of digital IP that can place an organization at risk if used improperly.

Just because something is available in digital format doesn't mean it can be readily copied, shared or paraphrased. Check those licenses! The hard part is that the digital format frequently makes it that much easier to do something wrong when it comes to IP.

It cost this California company $300,000 because they were internally distributing "press packages" that included unlicensed copies of articles. This was not an intentional act, it was a mistake made by someone who didn't know better...could this happen to your company?

I attended Scott Bain's (SIIA's Litigation Analyst) presentation "Reduce Legal Risks by Managing Digital Content" in June at ECPweb's SAM Summit 2008 in Chicago - a terrific presentation and education for me (I try to be very aware of potential IP issues...but I found that even so I had unknowingly acted illegally in the past when it came to digital piracy).

Let's think about some common examples of potential piracy: Music or Video's stored on your corporate network, subscription based content forwarded through e-mail or stored to the network for others to use, excerpts from e-mail newsletters that you copy and send to others...the list goes on.

I'll let you in on my guilt...like most professionals I get a number of newsletters e-mailed to me on a regular basis. Before I had it pointed out to me that it was wrong, I would think nothing of copying the full contents (author, etc) of an article and sending it to someone I felt would be interested. The problem - those e-mail newsletters are sponsored by companies that pay to have people see their ads...but circumventing the advertising I was cheating them. If you want to share, use the built in mechanism most newsletters have to "Share with a Friend", or send the link to the owners website so the person you're sharing with can access the source. Better yet, check the license terms for sharing the content.

There's a great educational site by the SIIA to help you and your employees make the right choices (www.AskBeforeYouAct.com). Digital assets are a bit tougher to monitor than software assets, but they are every bit as important to manage them appropriately.

Tuesday, August 12, 2008

Do It Yourself or Have a Professional Do It For You?

Sorry I've been rather quiet the past couple of months...we've been launching a new service (or more accurately - finally marketing an old service) and that's been distracting me a bit.

What we're doing is finally offering our SAM managed services offering (LOL...OK, when we started doing this 10 years ago we were calling it Outsourcing) to all of our clients.

Basically, we do everything to give you the information you need to run your business with the appropriate software licensing at the appropriate cost. See, for us - that's easy. We live and breathe software licensing, processes, controls and negotiations. We keep up with what's going on in the marketplace, because it's our business. Typically companies (excluding large enterprises) simply can't dedicate the resources to do this in a cost efficient manner. For us to do it, the service pays for itself and you're not running the risk that you're relying on a staff member whose knowledge is from 2 versions ago.

We're not looking to replace your current staff members...we're looking to free up their time so they can focus on areas that move you forward.

Our service has been extremely successful - we've been told by our clients that the price is attractive, the deliverables timely and needed, and the independent relationship (not the reseller, etc) extremely beneficial and ties in well with internal governance programs.
However; I'm curious, what are your thoughts?...What would you want in such a service? How often would you want it? What would you want to pay for it? Would you want a service like this?

Tuesday, April 08, 2008

Realistic IT Budget Cuts and Finding More Money...

Business...it's so cyclical. We go through lush years when the primary focus is just "getting things done" and we grow fat, then we hit a slow down and we suddenly have to watch our dollars and the primary focus becomes "get it done...but don't spend any money" and we are forced on a diet.

Unfortunately, in the directive to cut costs - we don't always do it in the best fashion. There are costs you can cut in your IT budget without impacting service - they never should have been there in the first place...they came from lack of time and desire for convenience.

Where to look:
1) Software licensing agreements and maintenance plans
2) Telecommunications costs
3) Outsourcing agreements

If you don't have the talent in-house to do this, hire it out.

A reputable consultant will be able to tell you after a quick look if there is money to be saved - so you should know without incurring costs (or possibly very minimal costs) to what magnitude your savings opportunities are - they should full justify the cost of the consultant plus significant savings to your organization.

Additionally - there is money on the table when you are signing or renewing a deal. Make sure you're working with an expert who knows how to get you the most from your negotiations.

Don't wait until your budget is due to start this process...get a jump start and get it done now - you know budget time is always a crunch...

Thursday, September 13, 2007

Common Ways a Company Becomes Non-Compliant

Over the years I've worked with a number of companies and what has become obvious to me is that - it is rare that a company knowingly pirates software.

So, how do so many companies become non-compliant on their software agreements?

1) Lack of proper processes (and adherence to those processes) for software acquisition, deployment and retirement.
2) Lack of a good asset inventory tool that will accurately and easily report on what is installed.
3) Lack of records of what is owned.
4) Misconception or lack of knowledge of product use rights.
5) Misconception or lack of knowledge of volume licensing agreement rights.

Of all of these, I find the last two to be the most universal and it's a combination of misconception and lack of knowledge. Of the two I find misconception the most dangerous...because the company thinks that they're doing things right so they never ask for help.

How do the misconceptions happen? Generally, through outdated knowledge or guesswork.

Some things to be aware of:

1) Different use rights exist for different versions as well as different forms of acquisition.

For example, Microsoft 2007 software (Office, Server, Operating System) acquired OEM normally does not allow for downgrade; however, if acquired through Open, Select or Enterprise it normally does allow for downgrade. This was not always the case, in the past it had been allowed...was it allowed when you did it? Reference - http://download.microsoft.com/download/d/2/3/d23b9533-169d-4996-b198-7b9d3fe15611/downgrade_chart.doc). How were you planning to handle those OEM Office 2007 that are coming in the door? Were you going to downgrade those to 2003 until you're ready to upgrade?

2) Test and Development servers need to comply with product use rights same as Production.

3) Your Developers may have the "Professional" version of the software for development purposes but not be licensed for those for business use - be careful what's being installed on their production machines.

4) Vendors selling you a solution dependent upon another companies technology may not always provide you with full/accurate information about the licensing requirements...do your homework.

5) Client Access Licenses - in general if you're using the resources of a server, you need some form of client license for each user/device. Watch this carefully, it's the most common problem we find.

Just to name a few...

So, how do you keep up and still do your job? Frankly, you don't. You bring in professionals to educate you and provide you with documentation from the publisher supporting that education (do not rely on anything else...if a problem comes up, you're the one holding the bag) which you retain in a centralized location until those licenses (and their future upgrades) are no longer in use.

Questions? Comments? Would love to see them...

Thursday, June 21, 2007

What's an acceptable "out of compliance" number?

I was privy to an interesting conversation a few weeks ago...the topic was "What level of non-compliance is acceptable?". Basically the basis for the discussion was that being illegal on some licenses was to be expected but at what level does it become an issue.

Before jumping into all sorts of morality issues, I'll stop myself and instead put this in the context of...assuming it will cost me money to prove every single license, is there a point at which I can say "under this amount is not worth the cost"?

Now, morally I don't feel there is a number greater than zero that can be acceptable. If you can't prove licensing for a single product, you owe it to yourself and the publisher who invested their time and resources into its creation to buy the product (and then keep better records).

Getting off my moral high horse I will point out that running even a single copy of software that you can't prove licensing for is a risk to you and your organization. As with any risk to your organization, your organizations risk assessment framework should address this topic for you. But remember - you can't manage what you don't know and you can't apply a risk assessment if you don't have the details!

What are your thoughts?

Monday, April 09, 2007

Startups and Small Companies Exempt from Buying Software?

I was at a CFO conference last month and had an interesting discussion with another attendee over lunch one day.

This attendee (we'll call him Jeb) is the CFO of a small firm in California. This is not his first time at being a CFO and is an intelligent, articulate gentleman who endorses an entrepreneurial spirit within his company.

The conversation started out the usual way with him asking what my firm does (Software Asset Management-SAM) and then asking a variety of questions about how SAM benefits companies. The conversation then turned towards compliance and he shared that a former company had been audited by the Business Software Alliance (BSA) right before he had gone to work for them and had been fined due to inappropriate use of software licenses. He described some of the financial and operational pain the company had experienced as a result of not being properly licensed.

Finally, the conversation turned to the financial impact of outfitting an organization with software licenses. Being a business owner myself, I could definitely commiserate with Jeb over the costs to properly outfit an organization. However; I was amazed to hear him share his viewpoint that start ups and small businesses shouldn't be expected to license every computer.

Frankly, I was blown away. Here was an intelligent, financial professional stating that companies should be allowed to break the law, steal intellectual property, and essentially mis-state their financial earnings (when you realize that they wouldn't be including a major cost to doing business...buying software).

Desperately trying to stay off of my soap box, I raised these issues with Jeb. I tried every logical argument to try to have him understand how integrally unethical his viewpoint is...I hope I at least gave him something to think about. Unfortunately, he's not alone in his viewpoint...can someone please explain to me how you can morally or ethically justify software piracy?

Weeks later and it still amazes me...

Tuesday, March 27, 2007

Software Asset Management - Past, Present and Future

While enjoying a nice bottle of wine with a friend and fellow Software Asset Management consultant last week the topic of the future came up (which I think is probably pretty common when alcohol is involved), the future of Software Asset Management.

Well, we couldn't really discuss the future without rehashing the past and disecting the current.

History of Software Asset Management: SAM has been very cyclical in its popularity over the years. In the mid to late 1980’s when desktop computers were gaining in popularity within business there was a constant eye on the cost of such technology. Volume agreements and product use rights were very different from today with the minimum entry point for a volume discount being much higher and use rights flexibility such as concurrent usage being more current. Also during this time we saw the formation of the industry watch dogs (the Software Publishers Association and the Business Software Alliance) to educate and “police” organizations in regard to copyright infringement on software. In the early 1990’s there was a strong concern for the potential fees associated with being audited on improperly licensed software causing companies to implement SAM programs. The mid-1990’s saw a dramatic shift in volume license programs and product use rights creating a need for education on these changes and their impacts on organizations. The late-1990’s saw organizations moving away from a focus on SAM as publishers and industry watchdogs became more concerned about potential litigation. While there was some increase in attention due to the concerns around the Year 2000 problem, the cost cutting requirements of the early 2000’s had the effect of eliminating many internal controls as organizations cut positions. Now, in the mid-2000’s we see an increased focus on internal controls with the various regulatory requirements, an increased aversion to risk and an increase in industry audits.

SAM Present Day: As I mentioned, we're now seeing an increased focus on internal controls and increased regulation. This is resulting in a renewed interest in SAM. For some companies that threw out their programs in the 90's with all the other cuts - that means starting from scratch. For others, it's just a brush-up to become current with new product use rights, new licensing programs and better tool options. Unfortunately for a few, it means continuing to stick their head in the sand and hope that they don't have to deal with it.

Future of Software Asset Management: OK, so I don't really have a crystal ball. I'm actually going to raise more questions than I answer...

Many that I talk to think that we will be facing more regulations and therefore SAM will continue to grow. Personally, I don't think business will continue to support that model...how regulated can private industry become (and how much money can companies spend on regulation compliance versus increasing profits) before it rebels?

Others feel that Software as a Service (SaaS) will remove a lot of the licensing demands on companies making it a pay for service commodity. While I think we've already seen an increase in SaaS (or ASP for the old school), I also think there are basic desktop applications that are going to remain being exactly that...desktop applications (OK, not sure betting against Google is a smart move...but I also don't really think they expect to win big business). Mind you, I've predicted for the past 10 years that software licensing would move to a "lease" model...but this isn't the way I expect to see us get there.

So, what does this mean for SAM? Personally, I think it means that SAM will be an ongoing part of business and just like it has for the past many years the true adoption of it will be more a basis of the maturity of an organization rather than an indication of the industry.

What do you think?