Demystifying the Software Supply Chain – Ending Fear, Uncertainty and Doubt from Acquisition

By Patricia M. Cicala

It is time to remove the mystery from the software supply chain, a critical component of long overdue industry change

For more than 20 years, the software life cycle has been fraught with mystery and intrigue. Both primary and secondary participants in the supply chain have been operating with virtual blindfolds while engaging in many of their business activities. This is primarily the reason for the current and continued confusion from the software requisition to retirement process. This body of work is an introduction to a future look at the practices, participants and elements that can change the software supply chain over the next 3-5 years.

How Did this Happen and Why?

The virtual blindfolds are a mixture of convoluted or missing processes with an extra layer of complexity from the number of organizations that involve themselves in the supply chain. How did the complexity for software develop?

Simply said, for the better of the last 20 years, software has been an “afterthought” to hardware acquisition and management. Although software has eaten up greater and greater pieces of technology spending such spending patterns and optimization continues to be guesswork at best.

Publishers were start-ups, small companies with innovative ideas and little funding. Development was on a “shoestring” for application software and it had many kinks to be corrected. Software licenses were primitive at best with very customer favorable terms and low costs with a goal of penetrating the marketplace.

Customer/End User organizations were more concerned with getting as many primary applications into their environment as necessary in order to grow, grow, grow. They had no concern at all for how they might manage and control the internal distribution, security or compliance of the software they were procuring.

Third party supply chain participants such as resellers, distributors and software tracking/control tool vendors were either nonexistent or in their infancy.

Regulation of the salient standard requirements for software identification has been and continues to be either nonexistent or emerging practices.

All of these immature activities from a growing number of multiple parties with little or no thought to business and life cycle planning began to create the mystery in the software ecosystem.

As publishers have established markets and achieved success, the role and nature of software licenses grew in complexity. Now there is increased protection for the savvier publisher, multiple marketing campaigns influencing the license structures and an increasing number of platforms on which to license.

Customer/End User organizations are increasingly waking up to the management challenges and issues, but don’t know how to proceed.

Third party supply chain participants are firmly inserted in the middle of the process although the value received from these entities is not always clear.

The mysteries can only be closed through co-operative supply chain efforts to distribute and procure software as a commodity.

Who Are the Current Participants in the Supply Chain?

It is critical to give some new titles and priorities of importance to participants in the software supply chain paradigm.

Primary Supply Chain Participants

Primary supply chain participants are the two parties that are on the supply/demand end of fees that are exchanged for the primary use of and rights to software. There may be other parties (see Secondary Supply Chain Participants) involved in portions of the transactions. These parties make up the largest portion of the software revenue and spend and have the most to gain or lose from their interactions.

Originator: An originator of software is that entity who has actual ownership of all codes and data sets that comprise the software application. The originator resides on the distribute end of the supply chain.

Procurement: Procurement is the actual end user, customer, licensee or third party who exchanges payment for the right to use the software from the originator or an official representative of the originator. Procurement resides on the receiver end of the supply chain.

Secondary Supply Chain Participants

Secondary supply chain participants are other parties that are involved with distribution, control and management activities associated with the transactions that take place between the Originator and Procurement sources. The involvement in processes and tools interaction as well as integration of these participants must be examined in extensive detail in order to clarify the value of their role. As a result of the examination, the number of secondary participants should be revamped, trimmed or replaced based on an objective scorecard of the contribution they make to the supply chain process.

Some representative secondary supply chain participants are:

  • Software resellers
  • Third party software distributors
  • Software management tool vendors
  • Software management service vendors
  • Auditing Resources (e.g. KPMG, BSA)
  • Software Consulting Companies
  • Implementation Sub Contractors

There are many types and subcategories of these participants. They may or may not exist in an individual organization’s software ecosystem.

Organizations will need to understand all of the primary and secondary parties and how they intersect with the tools, technology, and purchasing and management practices in a specific environment. To evaluate the contribution of these organizations, checklists should be prepared, prioritized and scored based on selected participants and associated activities during the life cycle of software applications.

Why is the Current Software Supply Chain Still a Mystery?

Although I have explained how the software supply chain reached this level of complexity and mystery, the question remains as to why the current situation is not improving. The mystery continues for the following reasons:

  • The participants have steamrolled forward and exploded in growth and use with little if no thought of how to control such growth and progress
  • Multiple technologies and practices involved in the same function in the internal and external participants of the supply chain create multiple strands of complexity adding to the overall mystery
  • Unraveling the legacy of the mystery is considered by all participants to be time consuming and costly at best. Cost justification activities in a stepped approach will need to be graded. In most cases, the first step is to plan for a going forward only activity versus beginning from old legacy applications
  • Secondary participants in the supply chain make much of their revenue based on the continuation of the mystery. They have no incentive to solve it themselves or to recommend to their customers that they solve it. These are participants that need to be trimmed, eliminated or replaced from environments where they are not adding significant value
  • Until very recently there were “grass roots” but no “standards” activities to assist with solving the mystery. There are some standards that are beginning to gain traction in the industry. A close review of their progress is a must for keeping current on future activities in the supply chain
What are the Current Processes in the Supply Chain?

The list below is the highest level processes in the chain, using the Originator and Procurement provided earlier in this article:

  • Development and updating of software application from the Originator
  • Licensing of Software to the Marketplace from the Originator
  • Distribution of Software to the Marketplace from the Originator
  • Licensing of Software from the Originator by Procurement
  • Internal Software Architectural Standards and Guidelines by Originator or Procurement
  • Procurement of Software from the Originator or a Secondary Supply Chain source
  • Internal distribution of software by Procurement
  • Tracking of software inventories by the Originator, Procurement and Secondary Supply Chain sources
  • Management of software licenses by the Originator, Procurement and sometimes Secondary Supply Chain sources
  • Disposal or end of life activities by Originator and Procurement sources

Each one of the above processes that are in an individual environment will need to have a detailed set of standard operating procedures, tool integration standards and guidelines, process mappings and training/communication processes.

What Other Elements of the Overall Software Ecosystem are Affected by the Supply Chain Activities?

Some of the other elements in the Software Ecosystem that are affected by the software supply chain activities are:

  • Requisition and Procurement/Sales Catalogues
  • Procurement Systems and Procedures
  • Internal Technology Roadmaps and Architectural Standards
  • Software Distribution
  • Security Procedures
  • Patch Tracking
  • Configuration Management
  • ServiceDesk Activities
  • Software Identification
  • Software Entitlement Data
  • Contract Tracking
  • Financial Allocation of Software
  • Use of Software
  • Business and Financial Planning for Technology
  • Acquisition, Divestitures and Mergers
  • Compliance and Audit Activities (both company internal and external)

The elements that are “hot buttons” should be prioritized and focused on first for the detailed supply chain activities.

What Damage is the Current Software Supply Chain Causing and to Whom?

The current structure and practices in the supply chain are most importantly causing a “supply/demand” or “buy/sell” relationship that is adversarial between the two primary participants. This has gone on for many years and both parties have developed an abject distrust of one another as a result of the mystery aspect of licensing and negotiations. This has been perpetuated throughout purchasing organizations for both participants by creating “deal makers” on both sides. There is a “Barter Market” versus a clear “Structural Transaction” mentality that exists which is causing continued erosion of the relationship of these two parties. The lack of a structural transaction also preserves the complexity that ultimately leads to mistrust and further erosion of the relationship.

The growth and proliferation of the secondary distributors, tools and services vendors has further eroded and muddied the primary participant relationship and dilutes the financial relationship of the primary participants. This plainly stated means less money for the Originator from Procurement and more money spent with the Secondary participants who may or may not add value to the entire life cycle. This only adds to the damage and “mystery” that needs to be solved in order to have a correction to the ecosystem. It is possible that the only value that the secondary participants provide is some hope of clarity to the transaction process. By resolving the real problem, the secondary participants who are not delivering any other value will need to either find additional value or be dropped from the transaction, leaving more money for the Originator.

Why is the Time Right for a Change?

There are many, many opinions on why the time may be right to change now. There are also those who think that the “mystery” will never be solved. There are some salient things in the software world emerging that will point toward the current time and situation as being the time for a change. Some of the occurrences and drivers are:

  • New and expanding computing models (e.g. cloud, virtualization, SAAS, etc.) that are driving complexity to the breaking point
  • Economics dictate that software financials and control can no longer have the level of guesswork that is currently present
  • Audits, Audits, Audits are only adding to the adverse supply chain relationship with unexpected and “guessed” revenue goals or spending outside of budgets as the outgrowth of these activities
  • Some standards have finally been released and more are being created (e.g. IS0/IEC 19770-1, 19770-2) to deal with software management, identification, entitlements, etc. If the industry plans, embraces and adopts an international framework for software to take the mystery out of the software names, versions, originator names, etc., a foundation for demystification of the supply chain will be formed
  • Security concerns worldwide dictate better management controls of software development, update, upgrade, and distribution practices

In closing, the keys to unlocking the current mystery of the software supply chain are hidden within the detailed best practices within the elements in this article. The drivers for change are compelling and the time is approaching for eliminating the multiple paths, players and processes. Software supply chain practices will be developed and documented as more research and experience continues within this space. We need to expand, document and put standards into practice now in order to accomplish what the industry desperately has needed for so long.

About the Author

Patricia M. Cicala, has over 35 years of experience in the management of technology, with expertise in the areas of IT asset management, procurement, contracts, and strategic technology workplace development. Prior to forming Cicala & Associates, Ms. Cicala was the Vice President and Worldwide Practice Leader for Asset Management and Procurement at Gartner Group, Inc., the leading technology research authority. Prior to her tenure at Gartner, Ms. Cicala founded and developed United Software Services Company, a knowledge-based software services firm which delivered services to more than 35 Fortune 500 Companies. Services provided included software auditing, negotiation planning strategies, and software portfolio management. Ms. Cicala also served previously as Vice President of Worldwide Asset Management and Enterprise Vendor Relations at Citibank/Citicorp. Ms. Cicala is a current member of the ISO WG 21 Software Standards Committee for SAM Standards as a representative to Liason Organization of IAITAM, CXO Executive Forum Director for IAITAM and a newly elected IAITAM fellow.