Building Your Vendor Audit Defense Program by 1E by Shreeja Sahadevan

WHITE PAPER

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

AUDIT DEFE 1E.COM

KEY ISSUES TO CONSIDER WHEN CONFRONTED WITH A VENDOR AUDIT

Contents 3

Audits Are Inevitable

Don’t Start By Trying to Work Out Your Software License Entitlements. Begin By Working Out What You Are Actually Using.

Do You Think the IT Department Are Concerned About Your License Position? They Aren’t.

Don’t Try to Boil The Ocean From An Entitlement Perspective. Entitlement Quick Wins Optimization Quick Wins

Share this

1E.COM

Compile A Usage-based Evidence Dossier and Lean on Experts to Negotiate Effectively Compile Usage-based Evidence Hire Audit Experts

Case Study Sasol Cuts Software License Costs.

Business as Usual: Robust, Proactive And Continuous Processess. Make the Switch From Reactive to Proactive Align your ITAM plans to the business

Case Study Being the Adobe Audit Model Citizen.

1E AppClarity Optimizes and Right Sizes Your Software Estate.

1E ITAM Services

Abstract This whitepaper sets out how organizations can intelligently manage software audits and in the process save millions by managing their software licenses more efficiently, and arm themselves with the data they need for an impending vendor audit.

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Audits Are Inevitable “You Can’t Avoid An Audit, So Get Your House In Order: Software vendors have a right to audit to protect their IP and to ensure that customers stay compliant, adhere to the licensing rules, and pay for what they use. So don’t be surprised when you get the call informing you that an audit team is coming your way soon.” Software Audits: The Pain, The Shame, And The Gain. Forrester Research Inc., 20131 Recent research2 conducted on behalf of

Many organizations have come to believe

1E, shows that most organizations have been audited at least once in the past 12 months, with 52% audited at least twice.

that buying their way out of trouble is often the safest solution. And, on the face of it, over-licensing on software that is critical to a business may seem like a justifiable option, especially when the alternative could be financially embarrassing with unbudgeted license cost and in some cases, legal action that could result in major fines - not to mention potentially damaging press coverage.

With the number of audits from software vendors on the rise, and typically with just 30 days in which to respond, companies have little leeway to take any action to mitigate the consequential license costs.

Just over half (52%) of companies surveyed were audited at least twice in the past year. 1E Software License Optimization Report 2013

What’s more, many people do not realize that when you buy during an audit you will be in a weakened negotiation positlon with less opportunity for discounts. However it doesn’t have to be this way. Even companies that are unprepared for an audit can take a number of straightforward, practical steps to lessen its potential impact and be able to negotiate from a stronger position.

orrester Research Inc., ‘Software Audits: The Pain, The Shame, And The Gain; If You Haven’t Been Audited F Yet, Chances Are You Will Be Soon — So Be Prepared’, Mark Bartrick, with Chris Andrews and Ben Jennings, 29 August 2013. 2 ‘Software License Optimization Report 2013’, 1E (using data commissioned from VansonBourne). 1

1E.COM

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Don’t Start By Trying to Work Out Your Software License Entitlements. Begin By Working Out What You Are Actually Using. “IT asset managers must continue to work with users of the software to ensure they understand each licensor’s usage rights. IT procurement and IT asset management must work with their legal department on a review of any legal language regarding how to count the license usage. How to “count” licenses is often the area of highest risk with audits.” Software Vendor Auditing Trends: What to Watch for and How to Respond1 Gartner Research Inc. Conventional wisdom around software license optimization says that organizations should begin by understanding their rights to use the software products (entitlement) that they have purchased and then to inventory their estates to ascertain their compliance position.

There is on average $65 per PC/ year, of unused software. For a company of 20,000 seats, that’s a cost of $1.3 million a year. 1E Benchmark Analysis, 2013 However in order to to this, you need to know where all of your proofs of entilement are. This can take years and certainly cannot be done within the time constraints of a vendor audit.

1E’s own analysis1 of 75 companies has found that for the top 35 most commonly deployed products (excluding Microsoft Office) there is on average $65 per PC/ year, of unused software. For a company of 20,000 seats, that’s a cost of $1.3 million a year. Furthermore paying for unused software has a long-term knock-on effect of recurring maintenance fees. This simply compounds the problem. If, in the first instance, you target removing your unused software and proactively reduce license liabliity, when an auditor’s letter falls on your desk, then there’s one thing you can be sure of – you’ll be paying less than you would if you’d started with trying to optimize your entitlements.

The simple fact is that much of the software deployed to users’ desktops is rarely, if ever, used. If you do a general cleanup you will by default reduce any hidden license liability you may have.

artner Research Inc. Software Vendor Auditing Trends: What to Watch for and How to Respond 23 May 2012 by G Jane B. Disbrow,Alexa Bona, Frances O’Brien, Frank DeSalvo, Ted Friedman, Jo Ann Rosenberger, Joseph Neapolitan, Victoria Barber, Stewart Buchanan 2 ‘1E Benchmark Analysis of 75 companies across 13 industries, covering 1.8 million seats’, November 2013. 1

1E.COM

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Do You Think the IT Department Are Concerned About Your License Position? They Aren’t. “Software costs rise for enterprises trying to use existing licenses in new unlicensed ways. However, these costs are becoming significant enough to turn growing indignation into action.” Predicts 2013: New Trends Bring New Challenges for IT Asset Management and Procurement1 Gartner Research Inc. You may ask why your license requirement is so high. One reason may well be because the IT teams that deploy software will have not given a moment’s thought to licensing considerations.

Installing Oracle in a virtualized environment can cost many tens of times more from a license standpoint than other configuration alternatives. It’s their job to design systems against technical standards and considerations around performance or scale, or simply a desire to use the latest technology. They almost never consider the license impact of their technical implementation. For example, although virtualizing everything is often standard practice, installing Oracle in a virtualized environment can cost many tens of times more from a license standpoint than other configuration alternatives.

1E.COM

A recent Gartner2 report found, for example, “If an organization is using the Oracle DBMS on a 32-processor server, but running this DBMS on only eight of those processors, if the server is hardware-partitioned the customer must pay for only eight processors. Without hardware partitioning, the entire server or servers where live-migration or other virtual server mobility technologies have been deployed must be licensed. Oracle does not recognize any software partitioning (including Oracle VM) as a method of isolating the software, so Oracle will require all processors to be licensed.” It’s important therefore to continually seek out areas that may result in a previously unaccounted for high license requirement and review alternative configurations to see if this can be reduced.

artner Research Inc. Predicts 2013: New Trends Bring New Challenges for IT Asset Management and G Procurement 27 November 2012 By Rob Schafer, Alexa Bona and Stewart Buchanan. Gartner Research Inc. Oracle’s Virtualization Policy: Options to Remain in Compliance 22 June 2011 By Jane B. Disbrow, Donald Feinberg, Philip Dawson.Jane B. Disbrow,Alexa Bona

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Don’t Try to Boil The Ocean From An Entitlement Perspective “Software asset managers are struggling to manage license entitlement effectively to prove compliance.” Software Asset Management Fails to Deliver Benefits Without License Assignment1 Gartner Research Inc. Entitlement Quick Wins

Optimization Quick Wins

Doing entitlement discovery and

Like entitlement, full optimization can be

reconciliation on all vendors and products can take years. Instead, by focusing on the areas where you consider you are at risk you can quickly take action and see immediate benefit.

a long path, but a highly targeted exercise can pay immediate dividends. For example, if there’s significant audit exposure around Adobe Acrobat, (even after eliminating the unused licenses), it can be worthwhile to investigate second use rights. You may find you are not liable for more licenses as a user may have the right to use the software on more than one device.

Don’t forget, you could get audited tomorrow. If you start with a selective targeted entitlement exercise today, you can identify audit risk hotspots and investigate what optimization strategies exist for those products. You need to first look at the likelihood of your liability. You are less likely to be in a weak position for example, if you performed a true-up in the past 12 months. It is also worth weighing up the risks if the vendor is particularly agressive and litigious in pursuing audits. Next you should focus on products where you are most likely to be exposed to license liability. Look at the likelihood of a product to profilerate through the organization, for example, Oracle Database will be more likely to spread that the big applications.

1E.COM

Alternatively investigate alternative licensing schemes that might be more cost effective. For example, maybe you built a database when the business was small, since then it has grown significantly and licensing per user has become less cost effective at this point and an Enterprise Agreement would be a preferable option. Also, a vendor may regard you as a ‘soft touch’ if you don’t have the information and evidence of your software licensing position for the audit.

artner Research Inc. Software Asset Management Fails to Deliver Benefits Without License Assignment G 22 April 2013 By Victoria Barber and Stewart Buchanan

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Compile A Usage-based Evidence Dossier and Lean on Experts to Negotiate Effectively “Without experienced negotiation to lead the effort, hidden and ambiguous cost detail is not obvious and will not be captured to provide management with the necessary criteria to optimize acquisition decisions.” Collaborative Teams, Customized Checklists and Robust Models Can Expose Hidden Costs During Software Negotiations Gartner Research Inc.1 Compile Usage-based Evidence

Hire Audit Experts

Once you’ve removed the unused licenses, streamlined what’s remaining and optimized the most pressing – it’s time to negotiate.

Vendor rules and terms are changing all the time. No two vendors use the same contracts and it is hard to keep track of the latest terms and conditions around software licenses if you only negotiate periodically (say, every three years) with the likes of Oracle, IBM or Microsoft. Therefore it can be beneficial to get help from an expert who does it every month.

Ensure you enter the negotiation with the best possible ammunition. By compiling a dossier of evidence based on usage you should be able to negotiate more effectively. If, for example, you can prove that 60% of your users don’t need all the features of Office Pro Plus and could make do with the Standard edition, although you wouldn’t be able to downgrade, it is a very valuable card that can be played when trying to squeeze out a few more discount points during an Enterprise Agreement negotiation.

They will be able to give you greater insight into understanding the vendor’s motivation, sales process and audit methodology. 1E Expert Services directly supports your negotiations such as true-up, maintenance and enterprise agreement contracts (please see page 12 for more information).

Additionally, for software no longer being used, you may not be able to cut the number of licenses themselves, but you can certainly stop paying support and maintenance and even negotiate for credit against future purchases.

Gartner Research Inc., ‘Collaborative Teams, Customized Checklists and Robust Models Can Expose Hidden Costs During Software Negotiations’, by Jo Ann Rosenberger, September 20, 2013 1

1E.COM

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Case Study Sasol Cuts License Software Costs Cobie Nel, IM Services: Manager Applications at Sasol was looking for a software licensing optimization solution to give visibility into which applications are used across all users in the company, and have the ability to reclaim unused installations of software and ensure that the company was compliant when it came to vendor audits. “We have thousands of different applications deployed across the company and we wanted to ensure that our license liability was at zero. “When an auditor comes along it’s important that you have reliable evidence of the number of licenses deployed and in use. With software license optimization from a tool like 1E AppClarity we have been able to radically reduce the risk and ensure compliance with our software contracts.” Just a few months into its program of optimizing how software licenses are used and managed across the business, Sasol was able to reclaim more than 185,000 installations covering 15,000 PCs and laptops - an average of 16 applications per user.

1E.COM

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Business as Usual: Robust, Proactive And Continuous Processess “IT asset managers are struggling to demonstrate and quantify value in order to justify continued executive sponsorship and ongoing investment in ITAM resources. (...) IT asset managers are struggling to demonstrate and quantify value in order to justify continued executive sponsorship and ongoing investment in ITAM resources. “ Demonstrate the Relevance of Your ITAM Program by Using Outcome-Oriented Metrics .1 Gartner Research Inc. Make the Switch From Reactive to Proactive Once you’ve put out all the imminent fires and can progress to a more Business as Usual (BAU) model. You need to conduct a full entitlement exercise and switch to a model of continually monitoring and understanding risk. Discover what percentage of your licenses have proof that can stand up to an audit? And, what percentage of your software estate do you have visibility? If either of these are not 100%, then you’ve got a blind spot. Ironically audits are a significant cost to software vendors in terms of fees (to the auditor) and opportunity cost (could they be focusing on another victim?). If you’re able to prove quickly and easily that you’ve got a good audit defense – there is evidence to suggest that you may get an exemption on the audit. They will go and seek an easier more vulnerable target.

1E.COM

Align Your ITAM Plans to The Business When in negotiation with a vendor you should be aware that you may not win on every point. You need to know what ground you should fight for and what ground you should give up. Therefore, it is important to get management buy-in and conduct QBRs with senior sponsors to gain alignment with their business plans and be forearmed with this information before entering any negotiation. If you understand that the business is likely to grow by 300% over the next three years then renewing that Oracle ULA might be a good move. If you know the business is looking to branch out into three new geographies, then the ability to transfer licenses between regions will be critical.

artner Research Inc. Demonstrate the Relevance of Your ITAM Program by Using Outcome-Oriented Metrics. G 16 May 2013 by Gayla Sullivan

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

Case Study Being the Adobe Audit Model Citizen Adobe highly complimented a large auction company during a recent vendor audit telling their software asset management team “You are a model citizen.” The company, who by that time had been using AppClarity for nearly a year, were easily able to run a report on all the Adobe products used in the company, and uninstall software that was no longer being used to ensure they were compliant. They were able to ensure that they had all the licenses they needed prior to the audit. “In the past what would have taken more than two weeks to research now only takes a few minutes,” says the Manager of Engineering, “We are able to run a report that identifies the publisher, product, number of licenses, usage and estimated value.” “Before AppClarity we had a blind spot about usage,” he asserts. Now not only is the company compliant, it has been able to save $70,000 through reclaiming unused Adobe software.

1E.COM

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

1E AppClarity Optimizes and Right Sizes Your Software Estate “ Know what software you are actually using. A new generation of software asset management (SAM) tools have been developed that automate and alleviate many of the challenges of identifying what you are actually using, comparing it with your contractual entitlement, and so ensuring that you stay compliant (…) these products help with Software License Optimization (SLO) and are delighting exasperated sourcing and asset managers around the world.” Software Audits: The Pain, The Shame, And The Gain1. Forrester Research Inc. Uniquely focused on software waste, AppClarity delivers compliance without complexity by filtering out irrelevant data to show just licensable software and organizing it by financial impact or vendor so you can quickly focus on reducing your software spend. By making sense of what software you have, why you have it, and where and how it is being used, AppClarity allows you to make informed strategic and operational decisions. For example, you can set policies to silently reclaim and reallocate licenses from one user to another if an application has not been used for a set period. AppClarity gives you clear and simple visibility of your entire software estate which enables you to make immediate reductions in software costs by analyzing all your applications and providing you with actionable results, reducing your spend straightaway. By identifying the software you actually use, then automatically removing what you don’t need, AppClarity financially quantifies all unused software, across all applications and across all machines. AppClarity is user centric. It can be set to offer every user a per application opt-out option, either assuming that a reclaim will be okay as long as the user does not

1E.COM

object or waiting for a prompt from the user as to what to do next. It also highlights the cost of every software license to the user, because users are often more willing to return a license to software they no longer use when they realize it might be costing the organization anywhere from hundreds of thousands to millions per year. Deploying AppClarity alongside other 1E products like Shopping (the enterprise app store) delivers a solution that further enhances license control by offering the opportunity to rent applications on a short-term basis to users. Using rental ensures that short-term needs do not become long-term liabilities. It also enables users to find, select and download applications they need on demand. If, for example, a user has not used an application in several months and it has been reclaimed by AppClarity, when they need it again they can find it, download it and begin using it again within minutes through Shopping. At first glance, reclaiming and reusing software licenses seems complex and daunting. However, with the right tools and processes in place, it can yield massive savings without any of the perceived risks.

Forrester Research Inc. Bartrick, Andrews, Jennings, op. cit.

GETTING STARTED ON BUILDING YOUR VENDOR AUDIT DEFENSE PROGRAM

1E ITAM Services At 1E we like to be different; we’re not so much about thinking outside the box, more likely we’re standing off-center to recognize the cube in front of us. We want to take our expertise founded in designing world-class systems management software and put our knowledge and experience to work for your company in the IT Asset Management arena.

1E has a dedicated team of ITAM experts with many years of experience of offering strategic and operational advice around hardware and software management.

The services we offer include: Software metering/removal Baseline Entitlement Assessment Accounts Payable Forensic Analysis Baseline Inventory Discovery Report Entitlement Escrow IT Asset Optimization (ITAO Configuration Management Training Reselling Software Licenses SAM Process Assessment SAM Process Engineering Vendor Negotiation We help you maximize the value in your IT assets, to remain flexible and responsive to the needs of IT and the wider business - both operationally and strategically.

We understand that many companies are at varying levels of IT asset maturity, and so seek to offer light touch/ advisory services for those higher up the ladder through to feet on the ground gruntwork that might be required to kick-start your IT Asset Management Programme. ITAM is not an overnight exercise, but with 1E’s guidance, we can help you recognize where you are and where you want to be.