Thursday, January 31, 2008

Stop wasting money on your software purchases!

LOL...OK, don't misread my title...you probably still need to spend money on software purchases - my point is, you should stop the waste that goes on in most purchases.

Are you getting the most you can out of your software purchases? I doubt it. Frankly, I've proven time and time again that companies aren't...you see, there really are "tricks" to doing this right and unless your purchasing agent has lived the experience from both the consulting and the reseller side, they're not going to know them.

A couple of examples of major savings we negotiated this past year:
  • $260,000 on a $1.6m purchase through leveraging publisher relationship
  • $65,000 in free services on that same purchase through leveraging vendor relationship
  • $150,000 in savings on hardware purchase associated with that same software purchase
  • $180,000 in savings through education on product use rights options
  • $15,000 in free services on a $200,000 purchase through leveraging vendor relationship
  • $52,000 in free services on a $900k purchase through leveraging vendor relationship
  • $250,000 in savings through education on product use rights options

Now, these were all fairly large purchases....but percentage wise these are still sizeable dollar savings. In all cases, these companies had saavy purchasing agents...but these are not deals those purchasing agents would have been able to negotiate. It requires someone who specializes in this industry to know the ins and outs and negotiate the best deals.

CIO Insight says 44% of the CIO's reported "cutting costs" as a top priority for 2008 (http://www.cioinsight.com/c/a/Research/Management-Priorities/).

CIO's know they are going to have to watch their spend this year...unfortunately too many assume that they're getting their best deal on their software because they've compared prices and negotiated agreements. But they don't know the money they're leaving on the table.

Call us before you make that next purchase...let us show you how much money we can save you - money you can spend on new projects rather than on just maintaining your software!

Friday, December 28, 2007

A Year's Worth of Lessons in Software Asset Management

After 12 years in this industry I really wish I could claim that the problems we saw at new customers this year were different from those we've seen for the past years...but unfortunately that's really not the case.

First, there was the customer that contacted us after experiencing a BSA audit having paid out hundreds of thousands of dollars in fees and consulting dollars (lawyers, experts, etc). We assisted them in determining what they needed to purchase but they still wouldn't invest the small amount of money to put in an appropriate Software Asset Management (SAM) program (tracking software, processes, policies and product use rights education) or even consider outsourcing this issue.

Second, the customer who wanted some help negotiating a new volume licensing agreement. Unfortunately, when they had implemented their SQL Server 2005 environment with redundancy they failed to consult with an expert on product use rights (PUR's) so ended up implementing a solution requiring them to have duplicate SQL Server Enterprise processor licenses...a very expensive solution that could have been avoided with a quick phone call or e-mail.

Third, there was the customer who wanted our help in performing their Microsoft true-up. They had discussed their server virtualization project with their reseller in connection with their VMWare needs...but the reseller never asked about their actual server licenses. The 20 Windows Server Enterprise licenses they needed to purchase came as a complete surprise.

The list goes on...

The lesson to learn here is this: In Software Asset Management, spending a little money by having an expert on retainer can easily save ten-fold on your investment. Stop relying on internal staff who do not have the time or the resources to know the current PUR's on all your products, and don't take the word of anyone (including publishers, resellers or consultants) unless they back it up with publisher documentation.

I hope your 2008 is full of the positive rewards of an effective SAM program!

Thursday, October 25, 2007

Software Asset Management – A Regulatory/Industry Compliance Perspective

Software Asset Management (SAM) not only makes good business sense (lowers cost of software ownership, is integral to good security and enhances the productivity of technology workers) but it is also a key component in most of the regulatory and industry compliance requirements facing businesses today.

OK, I stretch on a few like HIPAA and Gramm-Leach-Bliley (GLB)…you can technically comply with these without SAM as long as you have hardware asset management, but still – you need to know where your computer assets are, who has access to them and be able to restrict what data can be loaded onto them.

But for Sarbanes Oxley (SOX) and the Payment Card Industry (PCI) Standards, it goes beyond that to actual SAM.

For SOX, there is a COBIT™ control objective which loosely states “Ensure that only appropriate software is installed in the environment”. Well, if you take that apart (which your auditors do…) then “appropriate” would mean (a) that you know what is appropriate and what is not, (b) that you have this documented somewhere, and (c) that it is licensed correctly. Additionally, to prove that you comply you need to be able to show what is installed in your environment and prove that you have a process that is documented and followed for periodically checking this information.

For PCI, you need to maintain a vulnerability program which has two requirements: (1) use and regularly update anti-virus software and (2) develop and maintain secure systems and applications. Both of these requirements come with a list of required items but basically it comes down to being able to ensure that every system has the most up-to-date virus protection and the latest approved security patches for all applications running on those systems. How do you ensure this information if you (a) don’t know what’s installed and where, and (b) don’t have a way of verifying what patch level it is at?

SAM makes good business sense, and it is required by many of the major regulatory/industry compliance requirements…so why are so many companies still avoiding it? Why the piecemeal approach that I see so often in the business place? Why do CIO’s and CFO’s eyes roll back in their heads when you mention SAM? I realize IT staffs are frequently overloaded and often do not have the necessary current information to maintain a SAM program – but isn’t that why we outsource?

Would love your insights…