Get Your IT Estate in Order – Frequent Software Audits Fuel Risks

By Jill Powell

A survey published by a Gartner research in 2011 highlighted the need for companies to ensure they are in compliance in preparation for being audited, especially with a doubling of the numbers being audited in just three years. Citing the increasing complexity of the IT environment as one of the reasons software vendors audit, especially in relation to virtualized environments and the increasing numbers of mobile devices, along with, of course, opportunism – Gartner recommends taking action quickly to ensure asset management processes are in place.

As an IT Asset Management lead at PwC, I concur with their advice. The risk of software audits presents a real threat to organizations. The resulting fine or license “true-up” resulting from an audit is generally an unbudgeted cost. Gartner’s survey should be ringing alarm bells in the ears of IT Asset Managers, and is a cautionary tale. Investing now in better management of software purchases and implementing processes to manage license compliance, is potentially only a fraction of the many millions of pounds a software audit may cost.

Audits can be highly disruptive to an organization. Below are a couple of key areas to focus on when defending against an audit or simply seeking to optimize IT cost.

Inventory and Asset Recognition

Collect and analyze inventory for all computers to accurately list all the installed products. Sometimes the tools the auditors use may not be as accurate in determining exactly what’s installed, so having good internal systems where full inventory can be determined will provide a much better grounds for negotiation. When determining installations, all versions and editions of the different products should also be included. For example, if there are three versions of Microsoft Project installed, then the inventory analysis must accurately report all of these versions. In addition, an organization must accurately determine the versions and editions of all suites and bundles installed versus respective component products. This has significant cost implications.

Inventory should also support and allow you to manage technologies such as Thin Client, VDI as well as links between virtual hosts, machines and clusters as the licensing implications here are massive.

License Management

Understand what volume license agreements are in place and what entitlements those agreements offer. The product use rights for each product purchased generally differ from product to product and version to version. For example, Adobe Acrobat Pro 8.0 and 9.0 may all be installed on the same computer and it will only consume one license. However, this is not the case for the older versions of Adobe Acrobat, where each installation consumes a license. Hence, the importance of accurately reckoning installations and applying use rights correctly.

“Freeware” may come in to play too. This includes software that may not be purchased and is free to use, but only within certain terms and conditions. If the software publisher has freeware such as players and readers ensure that these are identified and not mistaken for their purchasable and licensable counterparts. Freeware is also often subject to certain usage terms and conditions in a commercial environment, so ensure you understand the rights associated before distribution across your estate.

Infrastructure

Understand how your IT infrastructure affects licensing. As virtualization, thin client and cloud computing becomes the norm in most organizations, factoring in the licensing implications when planning for IT transformation is often an afterthought, or not considered at all.

For example, installing processor-based Oracle applications in a cluster may be an appropriate and sensible solution from a technical perspective. It may also save costs of purchasing multiple servers. However, doing this without considering Oracle rules around virtualization / load balancing technology could mean a licensing exposure amounting to hundreds of thousands of dollars. As Oracle is specific about what is considered hard and soft partitioning, it may mean all processors on the cluster require a license. This will vastly outweigh any cost advantage gained from buying less hardware.

Another example may be virtualization of SQL Server. For companies with no active Software Assurance, moving to a virtualized environment means that all licenses may have to either be re-purchased with Software Assurance or all processors in a cluster would need to be licensed.

Development Environments

Managing and ring-fencing development environments can achieve significant savings. However, many organizations are not as diligent with this as they could be. Tasks such as registering named development users and keeping track of these assignments is often overlooked. Developers with development specific licenses/subscriptions can be using software that would cost thousands of dollars if considered in production terms. Yet, many organizations are either ignoring development environments altogether, or failing to ring-fence them during reconciliations, thus exposing unnecessary additional license cost. Failure to limit access for non-developers to development environment or applications will also lead to risk.

Best practice IT Asset Management is a combination of well informed people, good processes and effective technology. Automating inventory collection, asset recognition and license management will assist in achieving more cost effective management of the IT estate. Utilizing specialist assistance to help you decipher and understand complex licensing rules, or help with optimization of your software estate, may also prove to be a worthwhile investment and prove a valuable return on investment many times over.

About the Author

Jill Powell is the Head of IT Asset Management and Licensing Practice for PriceWaterhouseCoopers LLP.