Comprehensive Software Reviews to make better IT decisions
Beware of Free Software Licensing Help From Software Vendors
Software audits have been on the rise as vendors attempt to recapture revenue. As licensing rules change on a regular basis (monthly in some cases), it is difficult for many organizations to keep up to date. A failed audit may result in punitive fines and, in extreme cases, injunctions that disrupt continuing operations until violations are resolved. The amount of business disruption depends on the scope of the audit and the size and complexity of the organization coupled with the audit clause in the contract. The risk of these highly visible failures can be reduced through effective software asset management practices. Being ready is critical, as it is a matter of time before there is a knock on the door.
Autodesk, IBM, Micro Focus, Microsoft, McAfee, Oracle, SAP, Symantec, and VMware are the vendors with the highest audit percentage rates. Microsoft wins the award for the vendor with the highest frequency of audits, enlisting software asset management (SAM) partners to perform licensing engagements and third-party consulting firms to perform full audits. Falling out of compliance with software vendors is easy due to frequent licensing changes, some of which are evolutionary such as processor to core shifts. Virtualization licensing rights, for instance, are a point of contention across vendors and have yet to be adequately addressed.
Microsoft, as a specific example, has its fiscal end of year coming to a close in June. There has been a steady increase in the number of organizations that have been approached since the beginning February, offering help with a license optimization or free SAM engagements as quick revenue wins. Please note: you have the right to refuse these “free” engagements and we highly recommend speaking to a Microsoft Licensing Analyst prior to engaging in any vendor-based SAM engagement.
Nothing is ever truly free, and Microsoft as well as other vendors offer these “complimentary services” to companies that they believe are out of compliance. Vendors recuperate the costs of such engagements, which are contracted out to various business partners, through the licensing shortfall payments they will receive, which can be very large. Once an out-of-compliance status is uncovered by these partners, there is only one way to resolve and move back into a compliance position: through spending. Common triggers of an audit are:
- Technical teams sharing architectural information with the vendor and inadvertently demonstrating non-compliance.
- Lack of net-new revenue spend with the vendor in light of the company growing.
- Public displays of the company launching new customer-facing solutions that may require underlying licensing that the vendor knows is not present or indirect access.
Taking preventative measures, in the form of a software asset management program and conducting annual internal audits, will allow your organization to be prepared and potentially avoid the audit altogether. Conducting your own SAM audit, or in conjunction with a third-party expert, can be worth the investment. This process includes a comprehensive look at your licensing position while providing a strategic plan moving forward. A paid engagement is especially worth the cost for organizations that are not able to internally manage their software assets on a consistent basis. Because of the complexity of licensing rules and lack of SAM tooling and processes, many organizations have unintentionally fallen out of compliance. Even though the mistakes were not malicious, they often result in a hefty bill.
- Audit defense starts long before you get audited. Maintaining a documented consolidated licensing position ensures that you are not blindsided by a sudden audit request. Be aware of key factors that can increase the risks of an audit such as company size, inconsistent purchasing, mergers and acquisitions, a previous failed audit, lack of SAM, or information passed along inadvertently. As a general rule of thumb, as complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by vendor likelihood of audit and spend. Conduct annual internal audits according to best practices contained in this research.
- Create a methodology to quickly and efficiently respond to audit requests.Don’t panic when you receive a notification. Take control of the situation and prepare a measured response. Ensure electronic records exist for license documentation to provide fast access for audit and information requests. Being able to respond in a timely manner either for deferral or with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party – their experience will allow a faster response.
- Understand the audit process and negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit. The vendor’s approach towards compliance will dictate what motivates them, how they operate, and how you should work with them. Verifying accuracy of discovered data can produce errors from vendor-supplied scripts that have been run or assumptions made. Avoid scope creep as the vendor may want to include scripts, products, or geographic locations that previously weren’t included in the agreed-upon scope of audit.
- Leave knowing what hands you lost and why. Come to a consensus on which findings truly necessitate organizational change. Beware of:
- Prior findings: Findings must be based on the facts of the current audit; do not accept findings based on a previous audit’s findings.
- Exaggerated findings: Monitor the findings for inflated volumes of occurrence; ensure that findings are getting to the root problem.
- Insignificant findings: Do not let compliance organizations penalize your company for their perception of your SAM maturity level; keep the focus on the “in-scope” products.
- Inaccurate findings: Auditors can be mistaken about technical feasibility. Be sure to clarify if the auditor made an error.
Going on a spending spree to purchase licenses, ignoring audit requests, or moving to the cloud doesn’t relieve the organization of compliance obligations. Hundreds of thousands of dollars can be saved by having a strategy, knowing the organizational licensing position, and documenting historical contracts.
Want to Know More?
Establishing and monitoring SDLC metrics can drive behavior change. But metrics are prone to creating unexpected outcomes and must be used with care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.
Aha has deepened its integration with Jira via new support for linking not only issues/features but also their respective dependencies, thereby improving overall requirement visibility.
Atlassian Jira has taken an important step throughout 2019: bringing Jira Software and Bitbucket capabilities to Visual Studio Code.
Intland Software’s codeBeamer ALM provides out-of-the-box complaint templates for organizations developing software in the automotive, medical, aviation and defense, and life sciences & pharma industries.
CollabNet TeamForge ensures development governance, compliance, and standards are maintained whether an organization is using Agile, Waterfall, or hybrid software methodologies.
The root causes of throughput issues go beyond the work assigned to delivery teams or the tactics to complete them. Cultural, leadership, and management factors play critical roles in team productivity and motivation.
Perforce Helix ALM is a suite of integrated products that centralizes and manages requirements, testing, and issue artifacts.
Aha! has improved its integration with Azure DevOps to improve release and sprint visibility for both developers and stakeholders.
ALM Works’ Structure.Gantt extends Jira’s and Structure’s data to better manage timelines, dependencies, and resources.