The 5 values that determine your product audit risk

In my first post in the calculating product audit risk (PAR) series, I discussed how organizations should have two different strategies for managing their overall software estate. For the set of products where the value to the business or the risk of non-compliance is high, we suggest a “manage the product” approach. For the rest of the software portfolio, we suggest a “manage the risk” approach. To help differentiate between these two segments of the overall estate, we introduced the PAR value.

As a reminder, here is the PAR formula:

SHI-Product-Audit-Risk-equation

In general, the PAR value is meant to quantify the relative financial risk a product represents within the overall software portfolio. But before you can complete the math, you need to know where to find the factors that go into the equation. Here’s how: Continue Reading…

Tags: , , ,

Ghost assets are scarier than you might think: Part 1

Ghost serversThis post is part of a three-part series on ghost assets.

The vast majority of IT environments are haunted. Large-scale infrastructures, by virtue of their operational requirements, value high capacity and high availability over asset management. This inevitably means there are ghost assets lurking in most environments — devices whose purpose withered and passed on some time ago, but were not removed or repurposed. Still plugged in and probably connected to a network, they serve no material business purpose. They simply absorb space, power, and resources. A recent article on InfoWorld rightly points out that decommissioning ghost servers saves money on utility bills and datacenter space. However, these wraiths also embody a much more serious risk: software and regulatory compliance exposure.

Ghost in the machine
This post will refer to ghost assets rather than just servers. This term encompasses hardware, software, maintenance value, as well as any supporting systems that might be needlessly consumed by assets that no longer make a meaningful contribution to an IT environment. Power management, facilities maintenance, middleware, storage, backup, and disaster recovery are all secondary resources consumed by a ghost that add to its overall cost. But when ghost assets negatively impact compliance, the cost they represent increases exponentially. Continue Reading…

Tags: , , ,

Software license management: Calculating product audit risk

When it comes to compliance risk, we suggest that organizations craft two very different strategies for their overall software estate. Depending on the software, companies should either manage the product or manage the risk.

Manage the product

For high-risk, high-value software products such as Microsoft SQL Server, IBM Websphere, and Oracle databases, companies should pay careful attention to what licenses are bought and allocated and how they are being used. Because these products represent a relatively large portion of software spend and compliance risk, the products should be watched and managed individually and reviewed continually to ensure license utilization is high and compliance risk is low.

Manage the risk

Lower cost or lesser risk software products generally don’t need the same level of attention. Because costs or compliance risks are relatively lower, these products represent a much smaller financial risk to your organization. Managing this group (which could include thousands of software titles) in the same way as high-value products is difficult and unnecessarily expensive. A more efficient approach is to set reasonable, firm policies to guide proper usage and compliance and then conduct occasional spot-checks to find and rectify situations in which those policies were skirted. Since this approach carries a bit more compliance risk, consider setting aside a small opportunity fund to deal with over-deploys or an adverse audit finding. Continue Reading…

Tags: , , , ,

How to take control of your software entitlements

Managing all the hardware and software assets for an enterprise workforce is no easy feat. A large organization must manage thousands or tens of thousands of employee devices, all of which are loaded with myriad software subject to various maintenance dates, combinations of licensing agreements, and therefore a multitude of licensing rules.

With so much technology under one roof, it’s easy for a licensing event to slip through the cracks and harm an organization in the long run. For example, the use of unlicensed software could expose organizations to hefty fines and leave companies scrambling to purchase new licenses to bring them into compliance. Not only do missed events hurt an organization’s bottom line, they also damage corporate reputations and can increase scrutiny from other manufacturers and vendors.

To help customers avoid the risks of non-compliance and give them a better understanding of their software entitlements, SHI offers several tools that provide complete visibility into the software and quantities an organization is licensed to use. Here are two of the best: Continue Reading…

Tags: , , , ,

How to get your maintenance renewals under control

If your organization always wants the latest and greatest products and most up-to-date support, chances are you buy your software and hardware maintenance from various manufacturers. The question is: How do you manage all of your purchases while ensuring you’re not overspending?

Renewal management can be complicated, involving a kaleidoscope of factors that can turn a simple process into a field full of potential land mines, including overspending and non-compliance. Here are some of the challenges IT organizations face while managing renewals and how to solve them.

1. Myriad buying programs. Every business unit has its own unique mix of hardware and software needs. When it comes to licensing Microsoft products, for example, some organizations excel with an Enterprise Agreement (EA) to license a particular number of seats at any time for any product. Other organizations utilize a Select Agreement to buy what they need when they need it. With other publishers, some parts of your organization might still rely on perpetual licenses while others need options like the subscription-based Adobe Creative Cloud. The range of potential ongoing agreements in any company is vast, and renewal dates are unlikely to align, creating the potential for under-licensing or budgetary “gotchas” if the various renewal dates aren’t closely tracked.

2. Multiple employees managing buying programs. Larger organizations have licenses with more manufacturers and for more products than any one person can manage alone. Of course splitting the workload, whether by division or manufacturer, reduces visibility into organization-wide renewal dates. Having employees manage licensing in a silo also limits potential cost-savings and cost-avoidance advantages for future licensing, as employees might not be aware that their combined purchases qualify them for the next level (price break) of cost-savings. Continue Reading…

Tags: , , ,

Overspending on software? The real costs and options

We recently calculated the costs and compliance risks of under-licensing software. But using more licenses than you’re paying for shouldn’t be your organization’s only concern. Almost every customer we come across is also over-licensing products in some situations. That is, they have purchased more licenses than they actually need.

How does this happen? Let’s say one of your employees retires or moves to a different company. She returns her computer (and the software licensed to it) to her IT department, which shelves the assets for future use. The next week, your company hires someone to fill the role. But, when that person is ready to set up her work station, she doesn’t go to the IT department. She goes to the procurement department, which purchases new licenses for her to use. Or, in another common scenario, the organization downsizes and the software gets “lost” in the confusion of the moment. The result is unnecessary outflow of cash and an unused stock-pile of licenses.

While this might not seem like a big deal at first glance, the costs of licensing over-compliance can negatively impact budgets, projects, reputations, and careers. Over-licensing software doesn’t have the same immediate, negative impact of under-licensing or an audit, but it can slowly drain resources from more productive uses. And the problem tends to self-perpetuate: Buying too many licenses in the first place very often results in buying too much maintenance year after year.

When idle licenses are uncovered, certain questions invariably arise: How much did the unused licenses cost, and what other projects were cut or had their budgets slashed in order to cover the expense? Who sanctioned this purchase? Why don’t we have better records on what we own and what we are using? And lastly, now that we have identified all these unused licenses, what do we do with them?

Organizations that have a surplus of unused software licenses have four options: Continue Reading…

Tags: , , , , ,

Keep IT involved in cloud purchasing decisions

The cloud’s accessibility makes it irresistible to end users working under tight deadlines (which, let’s face it, is virtually everyone). Order a virtual machine (VM) this morning and you can deploy that VM, well, this morning. But who ensures that this new infrastructure purchase is secure, meets an organization’s established technical standards, and is compliant from a volume licensing perspective?

Even well-intentioned employees will bypass IT when pursuing a cloud initiative, often telling their IT guys, “We didn’t want to bother you.” Until there’s a problem, of course.

SHI helps IT stay involved with cloud migrations

Last week I introduced ZDNet reporter Heather Clancy to SHI and talked to her about SHI’s participation in the channel and our work in the cloud. One of the main points I tried to convey was the importance of keeping IT involved in all of an organization’s technology purchasing and procurement decisions, cloud included. It was a theme that Heather picked up on and featured in her article, “SHI’s cloud mantra: Keep IT involved.”

Since Heather’s article went live, our sales teams have heard from numerous CIOs who were interested in learning more how SHI can keep IT more involved in what technologies their end users are bringing into their environment. Specifically, they asked how we can help them identify which consumer-based products are lurking in their environments so they can stop and replace them with a secure, enterprise-class solution.

Full disclosure: SHI only has visibility into the product lines our customers authorize us to manage. Most of our largest, longtime customers have found that the easiest way to manage a product line is to have as many IT purchases go through SHI as possible. It’s far easier for an IT manager to tell end users to “Call SHI” than to evaluate, source, procure, and deploy every new request they get.

So how do we do it? SHI helps organizations manage their IT environments in several ways: Continue Reading…

Tags: , , ,

The real costs of being out of compliance with your software licenses

When it comes to software licensing compliance, manufacturers are stepping up their game. All the major software vendors are ramping up their audit frequency. Gartner and other industry pundits have noted this acceleration for the last few years, and there doesn’t appear to be any slackening of the pace. Just as notable, software vendors are also increasing the intensity of their audits, digging deeper and harder into some of the areas in which they’ve traditionally given customers some leeway.

Most of the penalties a customer can suffer from a manufacturer audit are not immediately apparent or quantifiable. Nonetheless, there are very real costs for poor software license governance and manufacturer audits. They include: Continue Reading…

Tags: , ,