When it comes to software audits, data variety and complexity is your enemy

.

If you haven’t had a software vendor audit yet, you’ve been lucky.  According to Gartner’s survey, more and more companies are getting those unwelcome audit letters. If you’re the subject of a software audit, your best strategy is to prepare with the right information – don’t let it happen solely on the vendors’ terms.

In theory, preparing for the audit is simple. Figure out which software you’re running from that vendor, determine your license rights, and reconcile the two. If you’re over-licensed, great – you can negotiate better terms. If you’ve erred in the other direction, you can find ways to mitigate your true-up costs and negotiate favorable terms moving forward.

Unfortunately, this is much easier said than done – especially in a short time window. It’s difficult to figure out what you’re running today, and the software industry is making it harder all the time. The more time you spend wrestling with data, the less time you have for analysis and strategy.

The software vendors are part of the problem

Constant change in the software industry is a big part of the problem. The vendors keep rebranding and updating products, creating new versions, and bundling products.  According to internal research at BDNA, four enterprise vendors have more than 10,000 software titles in their product portfolios.

Different versions may identify themselves in different ways to automated solutions. Do Acro_Read-EN_8 and AcroRead32.exe refer to the same thing?  Who knows?

Acquisitions in the enterprise technology space are another factor. When you scour your networks for Adobe, Oracle or IBM products, do your Omniture, Eloqua or Kenexa instances show up? Are they even covered by those vendor license agreements?

Without clean and consistent data, it’s difficult to know what you’re even running. And without that visibility, you’re at the vendor’s mercy during an audit.

It’s not easy being compliant

Vendor licensing schemes are difficult to navigate. For example, IBM uses its own “Processor Value Unit” model for licensing. Determining your actual entitlement can be a challenge.

On your end, decentralized purchasing often contributes to the problem of licensing compliance. Local IT teams or individuals install a free trial license and forget to convert to a paying license after the trial period has expired.  And the IT team may have virtualization and server consolidation decisions that have significant licensing implications.

You haven’t got time for the pain (of manual reconciliation)

Once you aggregate data from operational systems and licensing rights, you have to reconcile that data. You can do it manually or automatically.

With a manual approach, your staff reviews the aggregated list of software finding all data for the all of the vendor’s products, in all of its representations, and normalizes the data. Then they match that list to your license rights.

This takes time – time that you may not have before the vendor audit. You want to use those precious days on analysis and strategy to minimize unplanned spending on fines and true-ups.

The role of automation

If you want the upper hand in a vendor audit, you need fast, clean and accurate data.  Automated reconciliation (also called automated IT asset normalization) is how you get it.  Automated reconciliation combines your own, internal IT asset data with an external catalog of hardware/software information. It filters, normalizes, and applies external context to data.

The result of this data ‘mash-up’ is valuable, contextual information that will give you a better position in vendor negotiations. Not only do you know what exactly you’re running, you also have context about end-of-life and OS compatibility that you can use to your advantage. For example, you might negotiate a lower true-up cost if the version is reaching end-of life within six months, or won’t be compatible with Windows 7.

Knowledge is power. Complexity, in this case, aids the software vendors, not you.  Without clean data and visibility into your own environment as well as the vendor-induced product and licensing complexity, you lack the power to make the most of your vendor relationships.

About the Author

Mahesh Kumar, CMO of BDNA

Mahesh believes in big ideas that have ubiquitous application.  A passion to democratize IT information led him to conceptualize, build and market industry’s first Configuration Management System, the information hub that drives IT processes. At Kontiki, Mahesh marketed products that provided anytime-anywhere access to rich digital content and he also made key contributions at Loudcloud, the cloud-computing pioneer. Mahesh likes to golf, spend time with his family and venture on an occasional mountain climb.  Mahesh has an MBA from The Wharton School and a Masters in Engineering from Clemson University.