Avoiding audits and vendor fines isn't enough. Take control of licensing to exact deeper software discounts and match purchasing to actual employee needs.
Look at the software in your organization in three ways: software you've purchased, software you've installed, and software that employees actually use. These are three distinct lists that can get surprisingly out of sync, and it's never good when that happens.
When software installs exceed licenses, you're out of compliance and could lose discounts and face steep "true up" fees or fines if the vendor finds out via an audit. Make thatwhen a discrepancy is uncovered in an audit. Our InformationWeek 2014 Software Licensing Survey, completed in July, reveals that more than a third, 37%, of organizations have been audited within the last 24 months. The percentage is even higher, 40%, for companies with 500 or more employees, and separate research shows that large companies can expect six- to seven-figure fines when there are big discrepancies.
It's surprisingly easy for installs and licenses to get out of sync because enterprise software vendors, including IBM, Microsoft, Oracle, and SAP, make it easy for your employees to download software without paying for it. Vendors of enterprise software seldom lock it up with the kind of license keys used to control consumer software installs. Complicating matters are licensing terms related to virtualization, per-CPU, or business roles that confound even experienced buyers and administrators.
Even worse than getting caught on the wrong side of an audit is paying too much for software straight away. This happens when companies license software but never install it -- the dreaded shelfware. In other cases, companies license and install software that employees never use, yet they have no way of knowing it because they can't track usage. A third form of waste is emerging as more tech buying -- particularly for cloud-based software -- moves outside the IT organization. When 12 different sales and marketing types are buying SaaS-based CRM seats on their credit cards, it's impossible to get the enterprise-scale discounts your organization deserves.
The larger and more distributed the company, the harder it is to keep track of software licenses, installs, and usage. Even without the added complexity of virtualization, SaaS, and hybrid cloud environments, you're kidding yourself if you think you can manage licensing using spreadsheets and paper records.
IT asset management systems and software license optimization software go a long way toward getting software license entitlements, installs, and usage into sync. But tech won't cure all ills. Company leaders must forge a clear buying strategy that balances centralized control and the vendor bargaining leverage that comes with it with the need for departments to get exactly the right software for the job when they need it. Doing so requires IT, purchasing, and business unit leaders to work together. Finally, there's shadow IT. You must educate line-of-business leaders and IT administrators about the consequences of rogue purchasing, unauthorized installs, and changing usage patterns sparked by rising use of mobile devices.
Audits Strike Fear
Let's start with the understanding that software is incredibly valuable and that vendors spend lots of money to develop software functionality. They deserve every penny that's due to them under their stated licensing terms. OK, that doesn't lessen the frustration IT leaders feel when hit with a surprise million-dollar bill after an audit turns up software they didn't know they had installed. But a vendor audit gone sour provides the impetus to improve software license management.
The right to audit is spelled out in the fine print of software contracts, and research points to rising vendor audit activity. The audit compares the software that customers have installed with what they are licensed and entitled to use. If a vendor isn't satisfied with a company's response to an initial inquiry, it has the right to run scripts on that customer's network that will uncover where its software is installed and in use.
Audits rarely turn out in the customer's favor. The average audit true-up cost for companies with about $50 million in annual revenue is $263,000, according to the 2013-14 Key Trends in Software Pricing & Licensing Survey, the latest annual report published by software license optimization vendor Flexera with input from IDC. For companies with about $4 billion in revenue, the average audit true-up cost is $1.6 million.
Apparently, a better than one-in-three chance of an audit and the prospect of a six- to seven-figure fine isn't enough to motivate many companies to take control of license management.
"I've talked to some CIOs who say, 'I don't know what my risk is of being audited, and I don't know that if I'm audited I'll be out of compliance,'" says Amy Mizoras Konary, research VP, software licensing and provisioning, at IDC and a collaborator on Flexera's annual survey. "The attitude is 'I would rather take the risk of being audited than pay to fix a problem that we might not have.' But companies that take this approach are typically rewarded with audits." (See related story, "5 Signs You'll Face A Software Audit.")
Tools Of The Trade
IT's first line of insight (and audit defense) is usually IT asset management software. BMC, CA, Hewlett-Packard, IBM®, Symantec, and other vendors provide general-purpose systems that correlate inventories of software and other IT assets to contracts, licenses, and equipment leases. This software is typically aimed at improving IT operations -- providing tools to detect failures across servers, storage, networking devices, software suites, and personal computers. At best, this software might discover and inventory what software is installed on which devices, but it doesn't analyze software usage and compare that with usage rights to give companies some idea if they're spending their money wisely.
In some cases, software vendors offer free tools geared toward deploying their products according to their licensing approaches. Microsoft, for instance, offers the Microsoft Systems Center Configuration Manager (SCCM), which provides remote desktop and server control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory. IBM often requires customers to use its License Metric Tool as a way to determine how many PVUs (processor value units, an IBM licensing metric) are in use.