I speak with hundreds of CIOs and software procurement executives every year, and the number of questions and complaints about software compliance audits is increasing. Not only are software publishers doing more audits, technology changes such as server virtualisation mean that there is more under-licensing for them to find. I have spoken to several clients who have faced unexpected bills of millions of pounds to rectify under-licensing. The most common causes are:
• Lack of clear responsibility for licence compliance. I have never seen a Forrester client that deliberately breached an agreement hoping that the publisher wouldn’t find out, but I’ve seen many CIOs who have negligently or even recklessly allowed noncompliance.
Like the old joke about the four guys called Body: Every Body thought Some Body was responsible for licence compliance, Any Body could have been, but in the end No Body was. Unless one person has the responsibility for licence compliance — and the authority to achieve it — problems will arise.
• An outdated software asset management (SAM) approach. I call it “Fireman SAM,” because it relies on periodic attempts to extinguish noncompliance fires. You cannot track software as if it were just like hardware, merely recording what you have bought and where you’ve put it.
Without an ongoing licence compliance process, software audit teams will smell the smoke before the asset manager can extinguish the flames.
• Failing to understand the licensing rules. Software publishers continually revise their policies to take account of technology changes and force customers to accept those revisions when they buy additional products. Asset managers often count the wrong things because they have not done the research to find out what each vendor means by terms such as “user” or “processor”.
If Fireman SAM is obsolete, what should replace it? I advocate what I call “licence optimisation”, which answers three key questions: what do we own, what are we using, and what do we really need? Many IT departments have implemented licence management, which answers the first two questions via transactional processes that record all software purchases and deployment in an IT asset management product. Optimisation takes it a stage further.
Forrester has been helping a number of enterprises evaluate their licence optimisation maturity and decide the next steps along the path. Best practice licence optimisation programmes include:
• Top-down requirements planning that enables strategic sourcing of the right licence capacity. I have seen companies that have integrated service desk management with procurement to ensure that they buy licences whenever they deploy software.
That is good licence management practice, but it is an expensive way to buy software. I have helped many IT sourcing managers cut a product’s cost by 20 per cent to 50 per cent by making a single purchase of aggregate future demand, instead of multiple discrete purchases. To get the best deal, you need a thorough understanding of what tools your employees need, so you can determine the appropriate licensing level. Without that, you risk either depriving them of vital software, or wasting money on superfluous licences.
• Vendor-specific discovery tools. Licence compliance managers need to do a lot more than merely count executables on hard disks. Discovery tools should know how each vendor treats complications such as thin clients, virtualised servers and multicore processors. They should also know the secret markers that identify which items and modules the customer must buy.
Ask your tools vendor what it is doing to get certification from the major publishers and switch products if you receive an inadequate answer.
• Financial mechanisms to promote the right behaviours. Traditional accounting processes can be a barrier to optimisation. For instance, they can prevent re-harvesting if department managers will not allow the licences they bought to be re-allocated elsewhere unless they get an appropriate credit for their cost. I have spoken with a couple of large companies that have addressed this problem by getting the central IT function to own all the important software licences and rent them back to business units via a per-user recharge. The department heads had an incentive to remove surplus software from PCs to reduce their IT chargeback.
The bottom line is this: establish a programme to move your organisation from Fireman SAM to licence optimisation. Pick one person to take overall responsibility and give them the authority to implement the necessary policies, tools and processes. Most of all, learn from your peers to adopt best practices that apply to today’s technology environment, instead of an outdated approach that tries to manage software as if it were hardware.
Duncan Jones is principal analyst at Forrester Research
By eliminating high entry costs for big data analysis, you can convert more raw data into valuable business insight.
A discussion of the "risk perception gap", its implications and how it can be closed