IBM Software Audit: How to Prepare a Defense and Handle it Like a Pro

IBM Software Audit: How to Prepare a Defense and Handle it Like a Pro

An IBM Software Audit can be an utterly grueling experience. While there is no way to completely eliminate your risk of incurring an audit from IBM as long as you have their products, being prepared for an audit, should one occur, is your best means of defense. We at MetrixData360 have helped countless clients prepare for an IBM audit and successfully defend themselves against IBM auditors. Here are our recommendations for making sure you’re properly prepared for your IBM audit.

Our Process and Recommendations:

Have a Non-Disclosure Agreement (NDA) At The Ready

IBM strives to have an audit engagement with their customers at least once a year as outlined in the terms of their contracts. Due to this, it is advisable to put in place a Non-Disclosure Agreement (NDA) or confidentiality agreement for IBM’s auditor to sign so you can protect the data that will be collected from your environment. This step is essential in every audit situation.

Have IBM’s License Metric Tool (ILMT) Properly Deployed

ILMT comes with many benefits, namely providing you with protection when faced with an IBM software audit. To summarize, IBM’s License Metric Tool (ILMT) is a software asset management tool freely available to IBM’s customers that is used to monitor consumption of IBM’s products.

It is compulsory for any customer who wishes to benefit from IBM’s sub-capacity licensing and its primary function is to make sure a customer is within compliance and using the products efficiently.

Most organizations do not adequately configure, manage, or maintain their IBM License Metric Tool (“ILMT”) and are relaxed about Sub-Capacity (“SC”) reporting. The current IBM Passport Advantage Agreement (“IPAA”) relevant language is:

“For Sub-Capacity usage of EPs, Client agrees to install and configure the most current version of IBM’s license metric tool (ILMT) within 90 days of Client’s first Sub-Capacity-based Eligible Sub-Capacity Product deployment, to promptly install any updates to ILMT that are made available, and to collect deployment data for each such EP”

“Reports (generated by ILMT or manual if Client meets manual reporting exemptions) must be prepared at least once per quarter and retained for a period of not less than 2 years. Failure to generate Reports or provide Reports to IBM will cause charging under full capacity for the total number of physical processor cores activated and available for use on the server.”

Not having ILMT puts a huge target on your back for a software audit from IBM as it will make IBM suspect that you have no way of tracking your consumption without it. Unless you meet the criteria that exempts you, you will have to license all IBM products under Full-Capacity terms if you don’t have ILMT.

Organizations that fail to meet their contractual obligations will have an IBM Licensing conundrum. Not meeting these obligations exposes your organization to IBM’s Full-Capacity (“FC”) licensing, which bloats the Processors Value Units (“PVU”) and consequently exposure to financial risk.

If you are found to have IBM’s software that has been deployed for 90 days and it doesn’t have ILMT on the same virtual server, then it is no longer eligible for Sub-Capacity licensing. If it is not licensed at Full-Capacity either, then it can be subject to heavy penalties. This is where many IBM customers find compliance issues during a software audit.

 

IBM Virtual Host Server Core Diagram

Here is what an example of what this would look like:

The Road to IBM Audits are Paved with Good Intentions

It’s our experience that most organizations have intentions to abide by their contractual agreements; however, those intentions rarely manifest into reality. Some notable reasons for this are:

 

    • Shifting Sands: IPAA is ever-changing, and the standard agreement does not need two-party written consent to have the language. Thus, the agreement you reviewed when you entered into the contractual relationship with IBM is not the agreement you have now.
    • Effort vs. Reward: ILMT is only required for IBM’s Processor Value Units (“PVU”) and Resource Value Units (“RVU”) to gain Sub-Capacity rights. IBM has hundreds of other licensing metrics that require manual efforts outside of ILMT. Thus, operationality can at times become perceived as a lower priority or value.
    • Technical Complexity: ILMT was not designed with simplicity as a guiding principle. The installation, configuration, maintenance, and management require technical knowledge as well as dedication. Thus, most organizations may use the initial installation; however, ongoing maintenance and operation are forgotten.

Don’t Expect ILMT to Protect You from Everything

Even if you have ILMT, that doesn’t mean that you are safe from compliance issues during an IBM Software Audit. In fact, many companies experience a lot of technical issues surrounding ILMT’s deployment. For instance, you could be subject to any of the following issues that can result in the loss of your sub-capacity eligibility:

  • Not generating and properly keeping quarterly reports from ILMT
  • Having an outdated version of ILMT
  • ILMT agents can fail when it comes to agent scans and capacity scans because of incompatibility, lack of disc space, or credential issues
  • If you want to selectively deploy ILMT to only servers with IBM products on them, then ILMT might come across issues detecting and identifying which servers to monitor. Anything that is missed will lose its Sub-Capacity eligibility.
  • Having any IBM products deployed on Operating Systems that ILMT doesn’t support
  • ILMT can easily struggle with accurately bundling unique software signatures for reporting. To do this successfully requires knowledge of your specific license restrictions and entitlements.

Failure to remain compliant simply because of technical issues regarding ILMT may open a company up to the possibility of a concession regarding the adverse findings but such a case would be difficult to achieve since it is reliant on a number of factors.

These issues include when you first tried to deploy ILMT, if IBM support was ever contacted, if ILMT was set to deploy over your entire estate or simply over IBM’s products, if problems with ILMT were reported and how much effort you put into solving the issue.

For more information on IBM’s ILMT, you can check out our article: IBM ILMT: Everything You Need to Know.

Expect Either KPMG or Deloitte to be Involved

 

Software vendors each approach software audits a little differently. Some have an internal audit team, but IBM outsources the project to either KPMG or Deloitte. However, simply because the auditors are a third-party does not mean that they are neutral.

IBM hired them to find compliance gaps in your infrastructure, so they will take the worst-case scenario as reality when given the chance to make assumptions. Since they are outsourcing the project, you can (and should) have a Non-Disclosure Agreement (NDA) with the auditors so that neither your data, nor the estimated licensing position (ELP) that the auditors come up with can go to IBM without your approval first.

This will play to your advantage because the wide array of confusing and complex IBM products and their licensing will almost ensure that the initial ELP that auditors come up with will be far from an accurate depiction of what you actually owe.

If You’re Found Out of Compliance, Expect to Pay Retroactive Maintenance Fees

IBM sends out their audits roughly every four years. As nice as it may sound not having to worry about having auditors at your door every year, if you are found out of compliance, not only will you have to pay for your missing licenses, you will also have to pay retroactive maintenance fees going back years.

Watch Out for IBM Licenses Changes

You can expect IBM to change up their license metrics when they acquire a new software company or release new versions of their existing products.

IBM will continue to take maintenance fees based on old licensing models, so don’t let the fact that they are still taking your company’s money be any indicator that you are adhering to the correct licensing model. 

If you have an arrangement that allows for licenses to be used on an unlimited basis, you could very easily lose that privilege after IBM acquires the product and releases the first upgrade after the acquisition. So it is important you keep up to date on any industry updates concerning IBM and what that could mean for your company.

Preparing Your IBM Audit Defense

IBM is a massive company with complex products that can prove a challenge to keep track of but that doesn’t mean it is impossible to keep on top of your IBM licensing. Being prepared will keep you from potentially paying out expensive auditing penalties and losing your Sub-Capacity eligibility.

At MetrixData 360, we know how to defend our clients when they are facing off against IBM. They only pay what they actually owe. If you’d like to learn more about how you can get yourself ready for an audit, download our free Audit Risk Checklist today!

 

Take the IBM Licensing Quiz:

If you want IBM licensing professionals handling your IBM assets, take stab at our IBM ILMT Quiz:

The Best Software Asset Management Tools

Best SAM Tools: Reviews, Pros, and Cons

Software Asset Management tools are great for tracking your software installations and making sure that you are within compliance with your software contracts. If you have a larger infrastructure, with thousands of devices to manage, then having an accurate depiction of your software environment without a SAM tool of some kind simply isn’t doable.

When used correctly, SAM tools are your best defense in any software audit that comes your way.

Picking a SAM tool that is right for you is critical to both ensuring that your Software Asset Management program is a success and avoiding wasting money on a tool that can’t deliver on its investment. There is nothing worse than purchasing licenses and paying consultants to implement the solution only to have untracked data crop up during a software audit.

At MetrixData360, we have worked with many software asset management tools that are in the market today, since our tool set, the SAM Compass, is capable of both acting as your only SAM tool and working in tandem with any SAM tool that is already implementing into your software estate. Having worked with so many different SAM tools, we want to help you make the right decision on which tool is best for you, so here is a review of some of the best SAM tools that are currently available.

Snow Software: Snow License Manager

About Snow Software

Snow is an international consulting firm that offers many different services, their diversity can’t be overstated as they are involved with software asset management, audit defense, licensing and risk management. They also have developed their own SAM tools that you can purchase, their main product being their License Manager.

Benefits of Snow Software

The Snow License Manager provides a singular view of your data. It can track the lifecycle of your applications and has a built-in calculator that can effectively capture your licensing position, even across different licensing metrics. The program is fast and can automatically identify more than 95,000 software publishers and over 550,000 applications. It also comes with flexible deployment options and can access your data from multiple points.

Drawbacks of Snow License Manager

According to reviews in Gartner, the downside with Snow’s environment is that it has been noted to struggle with accurately linking with the Archive Directory.

 

Who Snow Would Be Perfect For

  • Users of IBM, Oracle, and SAP
  • New users
  • Smaller companies with fewer than 500 employees</li

Certero Tools

 

About Certero

Certero is an international corporation with locations in North America, Europe and Australia. They value a more personalized approach, aiming for integrity, trust, innovation and tenacity. They are best known for their Cloud, Oracle and IBM software products.

Benefits of Certero

This product might not be as well-known, but it is very sleek and compact. Their SAM tool is easy to deploy, run and update with areas of expertise that goes beyond SAM. Certero offers full platform and full vendor coverage with license management optimization, and a maximum-security access control.

Drawbacks of Certero

One unfortunate flaw in Certero’s program that comes up in Gartner review are issues around sub-capacity counts within IBM’s ILMT. Also, according to The ITAM’s review, Certero AssetStudio Review, the self-help written content could be improved, meaning that you will have to rely heavily on the customer support team at Certero while you move up the learning curve.

Who Certero Would Be Perfect For

  • Cloud users
  • Oracle and IBM users
  • New Users
  • Companies on a budget

Flexera SAM Tools

About Flexera

Flexera has been in the business for thirty years, having managed over 30 million servers and devices throughout their history. They don’t just offer consultation and training but also their top-class SAM tool FlexNet Manager.

Benefits of Flexera

FlexNet offers an interesting ‘what-if’ analysis capability, so you can see how the changes to your hardware or software will impact your future licensing requirements. FlexNet has also been reported to be quite comprehensive in its data gathering so you will have detailed information on your software deployments.

Disadvantages of Flexera

The downside with FlexNet, according to Gartner Reviews, is that it is a complex software estate that might be difficult for new users and require significant investment in consulting and time to set up. FlexNet has also been reported to have some issues working with SQL servers, giving you less-than-accurate license reports.

 

Who Flexera Would Be Perfect For

  • Large organizations of more than 1,000 employees
  • Advanced users
  • CFO-friendly for projected return and costs

ServiceNow

About ServiceNow

is a global company that was placed as third on Fortune Magazine’s Future 50 List in 2019, which ranks companies on their position for long-term growth. ServiceNow aims to create a smoother digital workflow and prides itself in a high renewal rates and a history of creating strong business relationships with enterprise customers.

Benefits of ServiceNow

ServiceNow is an extremely popular product that has swept across North America, as seen in Gartner reviews. They have a strong foothold in IT Service Management and are excellent at ticketing. They are also looking to leverage this into the SAM space. ServiceNow offers training to their customers, so that you can be effective at using the product. Since it is a broad platform, it is also effective at tracking the life cycle and usability of software and hardware assets.

Drawbacks of ServiceNow

According to ITAM’s Review, ServiceNow (ITAM) Review, with a larger organization, ServiceNow can become complicated and difficult to manage due to the multiple layers of configuration. They also only offer a free Developer instance as a demo, which will expire after seven days of inactivity, and has limited data to test with.

Who ServiceNow Would Be Perfect For

  • Smaller businesses of fewer than 500 employees
  • Current ServiceNow customers
  • ITSM users

Aspera SmartTrack

About Aspera

This friendly consultant firm has been going strong for twenty years and maintains an excellent customer service reputation where their business resides, in Europe and North America. They aim to take SAM and turn it into something that is easily approachable and customer-oriented.

Benefits of Aspera

Aspera’s SmartTrack Manages offers a wide variety of vendors including Microsoft, IBM, Oracle, SAP, Adobe, Citrix, HP, CA, Autodesk, Symantec, Attachmate and Red Hat just to name a few. SmartTrack also has software normalization, filtering out the noise of your software inventory. The program has automated license re-harvesting and cloud management services to save you money. They are known to be quite user-friendly, with a free demo offered for potential buyers and information that is easily digestible.

Drawbacks of Aspera

Unfortunately, according to Gartner Reviews, Aspera’s unique compliance reporting takes some getting used to and full deployment into your environment takes time. Comments in ITAM’s review, Aspera SmartTrack review, states that Aspera would be better suited for a larger company with a complex infrastructure, which means if you are a smaller company with a more basic architecture, you might find that Aspera will be too complicated to implement.

Who Aspera SmartTrack Would Be Perfect For

  • New users
  • Environments with multiple licenses
  • Larger companies of over 1,000 employees

Xensam Xupervisor

About Xensam

Xensam has stretched across the globe in the small time it’s been active. The fairly new player only kicked things off in 2016. They focus on putting their customers first, offering to candidly compare themselves with their competitors.

Benefits of Xensam

Comments from Gartner Reviews have called the program very simple, polished and easy to use. One lovely feature Xensam has at their disposal is the ability to show actual active usage, while other SAM tools just track when the application is open, according to their Xupervisor page on their website. You can try them out for free, as a demo is offered.

Drawbacks of Xensam

As seen in reviews from Gartner and Capterra’s Xensam Xupervisor Reviews, Xensam only offers hardware information for certain devices, which might prove a troublesome gap of information in the case of a software audit. It also offers very few connectors to the Cloud vendors.

Who Xensam Xupervisor Would Be Perfect For

  • New users
  • On-prem environments

AssetLabs Prelude

About AssetLabs

AssetLabs comes with a very personal touch, taking great care to let you get to know their customers and their valued partners. They offer a variety of services including but not limited to audit defense, true up preparation, server optimization, and, software inventory normalization.

Benefits of AssetLabs Prelude

The benefits of Prelude are found in its wide array of services. Utilizing Prelude will get you customer support and free training. AssetLabs are certified by CSAM as experts to help manage your own SAM portfolio, tailored to your specific use. Their data connectors are free of charge, and the environment can provide quarterly or bi-annual ELP updates. Prelude is also great for categorizing and normalizing your software titles to match ISO specifications.

Drawbacks of AssetLabs’ Prelude

Some limitation of Prelude is in the fact that Prelude doesn’t do well with more complex license models like IBM, Oracle, and SAP. It also has no discovery model and therefore would need to rely on other tools to compensate. It’s last struggling point is that Prelude doesn’t have a SaaS application.

Who Is AssetLabs’ Prelude Perfect For?

  • Learners in the Licensing Industry
  • New users
  • Companies who do not want the large costs that come with implementing a complex SAM solution.

For More Information About SAM Tools

Whatever SAM product you choose for your company, make sure that your product can suit your needs when it comes to your company’s size and your software vendors. Finding a SAM tool that can meet your short-term and long-term goals is important in ensuring your satisfaction with the product. For more information on how to purchase your SAM tool carefully, check out our article Things You Should Consider Before You Buy A Software Asset Management Tool.

Be sure that you ask questions and properly weigh the advantages and disadvantages of each SAM tool so that you are confident your license information is accurate and reliable.

At MetrixData360, we utilize our in-house tools to supplement any missing data your SAM tools may have failed to detect. If you’d like to find out how our tools can provide you any missing data points or if you’d like a chance to validate the accuracy of the SAM tool you have in place, clicking the link below will take you to Our Tools page.

AWS vs Azure vs Google Cloud: A Cloud Service Comparison

Azure vs AWS vs Google Cloud:
What’s Right For You?

Deciding to move your company’s digital environment to the Cloud is no small task. When comparing AWS vs Azure vs Google Cloud, there are several factors that need to be considered, including your budget and necessary functions for your business. Moving your environment to the Cloud can be a costly experience if done incorrectly, but in this cloud services comparison, we hope to help you avoid common pitfalls. Things like improperly sized instances, different licensing metrics, and unmonitored usage can trip up an otherwise smooth move to the Cloud.

While we most often are asked about Microsoft Azure and Amazon Web Services (AWS), we also field enough questions regarding Google Cloud that it would be a disservice to not include it in this comparison.

At MetrixData360, we strive to help our customers find the right software solution for their environment while keeping costs to a minimum. We’ve helped companies make their move to the Cloud that you can find your perfect home in the Clouds.

Amazon Web Services (AWS)

Starting our comparison of AWS vs Azure vs Google Cloud is Amazon’s IaaS offering. Having pioneered the industry 18 years ago, AWS currently dominates the Cloud market. In 2018, AWS generated $7.3 billion, making up more than half of Amazon’s total earnings for the year.

How Much Does AWS Cost?

One of the most appealing features about AWS is its more affordable pricing compared to its competitors. AWS charges a pay-as-you-go styled billing system that requires no upfront payments or long-term commitments, which can make it quite cost-effective for startup businesses on a budget.

Amazon is constantly trying to make AWS cheaper, decreasing their price on fifteen different occasions over the past four years. AWS also has a calculator that can provide a quote for your business.

How Secure is AWS?

AWS has built industry leading security infrastructure for their clients, claiming to possess the largest ecosystem of security partners and solutions. Their system is fine-tuned to prevent attacks, detect any suspicious activities, respond to incidents quickly and effectively and remediate your AWS environment.

AWS also offers courses to promote best security practices. AWS claims that its high quality security is similar to the security that would be available to you on-prem with the advantage that your AWS security can be scaled up to match your company’s growth.

What are the Leading Features of AWS?

Getting to start with AWS can be incredibly easy, barely any more trouble than ordering something from Amazon. You set your features, apply your payments to your credit card and email, and click “start.”

AWS also has a massive computing profile when compared to its competition, with hundreds of thousands of clients around the globe, the sheer scale of it is something to note along with the fact that it is accessible from over 190 countries.

What are the Disadvantages of AWS?

The main disadvantage of AWS is that the price you sign up for doesn’t cover the other services you might eventually need. AWS doesn’t offer customer technical support by default. Instead, it comes with an added fee.

There is also a cap on the resources on their platform. AWS does have resource caps to help avoid system overload, which comes with the added benefit of making sure users don’t tear through their IT budget. The cap is placed at a setting that the average user isn’t expected to exceed, and you are able to request an increase, but you’d have to pay more for the additional space.

Although it is easy to get started with AWS, it’s another thing entirely to actually understand how to run it. There is an expected learning curve while you get a handle on AWS’s platform.

Microsoft Azure

The second contender in our AWS vs Azure vs Google Cloud battle of the tech giants is Microsoft’s entry. While Azure might be smaller and newer to the Cloud market than AWS, Azure reports that their Cloud business is growing at a faster rate than AWS did when it was at Azure’s size. However, the umbrella term “Cloud” includes several Microsoft programs like Office 365 and Dynamic 365, which makes it difficult to judge how Azure’s growth actually compares with AWS. This tight integration with other Microsoft products also makes it highly appealing to companies who already have Microsoft deployed in their software estate.

How Much Does Microsoft Azure Cost?

Azure charges based on the minutes of consumption used with the option for lump sum payments for short term commitments offered at a discount. There are many features that can affect your final monthly cost with Azure, including per-gigabyte fees that are applied to both storage and usage. Azure also offers prospecting customers a calculator to estimate your monthly cost.

How Secure is Microsoft Azure?

Microsoft has invested over one billion USD into Azure’s multi-layered security system, proving it to be one of their main priorities. Roughly 6.5 trillion threat signals are analyzed on a daily basis in Azure through AI-driven security signals.

You can opt into certain security features when setting up your Azure account, which will increase the protection of your data. You can encrypt all your data stored on the server-side, which will prevent readable copies from being available if your profile is breached.

There is also an advanced-encryption standard, which is one of the more popular security options on Azure.

What are the Leading Feature of Microsoft Azure?

Azure hybrid benefits are easy to use and its system of high redundancy promises minimal down time. Azure’s storage also provides easy and painless access to files. Reviews also report that it is easier to set up, change and configure VMs to your Cloud estate.

What are the Disadvantages of Microsoft Azure?

While Azure offers many benefits to its users, it doesn’t offer to manage your company’s data. Activities like server monitoring and patching will still have to be done in-house or outsourced to another vendor.

There is also a steep learning curve that comes with the management of this network and compared to other platforms it is more difficult to use.

Google Cloud

Google Cloud is one of the newer players to the cloud platform, but what it lacks in size it makes up for in the sheer volume of investment. For this reason, Google Cloud has massive projections in growth. Google Cloud enters the market with the vast technical expertise of having Google behind it, so how does Google Cloud fare against AWS and ?

How Much Does Google Cloud Cost?

When you sign up for Google’s free trial of Google Cloud, Google will actually provide you $300 worth of credits to spend on their Cloud. Google Cloud also provides their potential clients with a calculator, in order to determine their end price.

Google charges per minute use and offers sustained-use discounts after a certain product is used more than 25% of a month. There are many potential variables to affect the end price with Google Cloud.

How Secure is Google Cloud?

Google Cloud security comes with an edge over its competitors by offering its customers the choice between letting Google Cloud manage your profile keys or letting you manage your own. By managing your own, you can quickly rotate through keys, dispose of old keys, manage key permission, and audit key use.

If you chose to enable two factor authentication (2FA), it will provide you with an additional layer of security so that even if a weak password is cracked, your system will not be exposed to hackers.

What are the Leading Features of Google Cloud?

One feature programming customers will enjoy is the fact that Google’s Cloud functions are written in JavaScript (Node.js), Python, and Go. The platform utilizes some of the most popular languages in use today, giving developers an ease of access that other platforms lack.

You are also allowed to use all your GCP, Firebase, Google Assistant, and 3rd-party Cloud services as building blocks to construct your Cloud empire.

What are the Disadvantages of Google Cloud?

The main disadvantage with Google Cloud comes from the fact it’s newer to the market and therefore lacks many of the advanced features that AWS and Azure have in their tool belts. For this reason, many clients chose to use it as a secondary provider, hosting some of their data on Google Cloud and the rest elsewhere on a more robust platform. As the platform continues to grow, however, there is a good chance that Google will be developing similar features to flesh out their cloud platform.

AWS vs Azure vs Google Cloud: Who is Right for You?

Moving to the Cloud should be quick, painless, and cost effective but we all know that life doesn’t always work that way. This is why it is always best to do your research beforehand and make a calculated decision that is best for your company. Ultimately, the best choice for your environment boils down to your needs: budget minded users will likely be drawn to AWS, but those with a Microsoft heavy environment may be drawn to Azure for its integration with other Microsoft programs.

At MetrixData360, our goal is to help you make smarter spending decisions when it comes to your software, so that you are only paying for what you need. If you would like to learn more about how MetrixData360 can help your company make a smooth transition into the Cloud, click the link below to check out our Service Page.

How SAM Can Improve Your Cyber Security

A security breach in your infrastructure doesn’t just mean monetary loss but the tarnished reputation incurred by having your clients’ information exposed. A breach in cyber security could have serious negative effects on the future growth of your business.

It may seem on the surface that IT Security and Software Asset Management (SAM) don’t have that much in common – but they do!

Your company’s IT security team is usually worried about detailed levels of information, such as ensuring all products have necessary security patches and that there are no tampered files that might contain malware. The software asset managers, on the other hand, will not usually be interested in such details and instead will be focused on determining the usage of specific software or software access rights, something that would be considered minute and trivial to someone from security.

For this reason, IT security often overlooks software asset management as a potential resource in eliminating exposure to cyberthreats.

At MetrixData360, we take the security of your data seriously and know that Software Asset Management can not only save you money but help keep your data safe with increased visibility of your software environment.

Software Asset Inventory Means Cyber Security Visibility

Few successful hackers would attempt to butt heads with the firewall of a company’s infrastructure. Their approach is usually more opportunistic, going after weak points in a company’s structure such as unapproved apps, unmanaged devices, and poor password protection, according to Microsoft’s article Minimize Cyber Security risk with Software Asset Management.

Not knowing what is in your software estate (having unaccounted devices whose usage and activities are not being tracked) gives hackers the opening into your infrastructure that they’re waiting for. However, accurate tracking of what you have in your software profile is one of the many services that Software Asset Management brings to the table.

With Software Asset Management inventory tools in place, you will be able to know what you are using and contrast that against what you’re paying for. Traditionally, this has been seen as a way to save money (and it is!). But it also adds visibility into your software estate, including the ability to match machine to user and location, which can prove vital information for the security of your software profile.

Software Updates, Security Patches, and General Software Health

Software Asset Management can help reduce your security vulnerability by making sure that the software you have installed in your estate is healthy and up to date.

According to IDC’s article The Business Value of Software Asset Management, cybercriminals will often take advantage of devices left exposed due to end-of-life IT systems and software that is no longer receiving product updates and security patches from their vendor sources.

Failure to keep software up-to-date can leave your devices exposed to hackers. However not every patch that a software vendor offers is provided as a free add-on to their software, and software asset management can help determine what you are at liberty to install and what you are not.

According to Deloitte’s article Minimizing the Threat Landscape Through Integration of Software Asset Management and Security, having strong software asset management in place will keep rogue malware from worming its way into your system. Formal requests may prevent but not completely eliminate the threat of such an event occurring.

Security tools need to be in place to control access, while SAM discovery tools can provide a deeper look into your software estate by evaluating what is installed in your software environment, including what employees might download from the Internet onto their work computers without the permission of the IT department. Software Asset Management can also give you the data to ensure that if you have deployed an anti-virus software, it has been deployed everywhere.

While both Security tools and SAM tools provide different types of data, each tool can provide valuable information to secure your infrastructure from outside attackers.

Saving Money and Cutting Damages Through Software Asset Management

According to Security’s article, 6 Ways Software Asset Management Can Help Minimize Security Risk, SAM’s main goal is to cut your spending with software, whether that is through knowing where you are liable to receive a software audit, or if it is areas where you are overspending by purchasing too much software compared to what you’re using.

By cutting extra waste, you allow your IT security team to manage a smaller software estate that is devoid of redundancies. Having a more organized software estate will mean that patch management can be conducted quickly and efficiently. According to Microsoft’s article Minimize Cybersecurity Risk with Software Asset Management, even in the event of a security breach, software asset management can help create a quick response to threats and ensure that your security system has an effective defense strategy against an attack by having an accurate picture of what is in your system.

According to Phara McLachlan, the collaboration between the IT security and software asset management teams can greatly improve the speed of your IT network. IT security has information that could help the SAM team do its job, such as standards and data on blacklist, software white lists, and a user’s last login information. Software asset management also has their own information that IT security can make use of, such as information on software installations, versions and editions, ownership, location, entitlement, assets and CIs.

How MetrixData360 Can Help Your Cyber Security

At MetrixData360, we understand the priority of cyber security when it comes to your data. Making sure that your software is clean of all threats could mean the difference between thriving in your industry and going down in history as the unfortunate victim in a hacker scandal.

The SAM Compass package provides you with an accurate licensing position and shows where you are overspending to optimize your software profile. It also gives you the ability to monitor your new applications and detect threats that enter your environment. If you’d like to learn more about whether SAM Compass is right for your company, click the link below to head over to our SAM Compass page.

Should You Move to the Cloud? 4 Myths Debunked

With so many businesses making the move to the Cloud to benefit from its greater mobility, there has been a lot of conversation around such moves in terms of usefulness, cost, and security.

At MetrixData360, we have heard many conversations about the Cloud, some of them containing only half-truths about the Cloud and its benefits. In this post, we will look at four of the most common myths about moving to the cloud and debunk some of the misconceptions about the benefits of making the move.

1. “Moving to the Cloud is Cheaper than Having Everything On-Premises”

This is not entirely false. It can be cheaper to move to the Cloud compared to keeping everything in house. It can also give your IT budget an ulcer if done incorrectly.

Your instances could be sized improperly, your licenses could not permit you to migrate to the Cloud, or your IT department could spin up as many instances as they want without having a real grasp of how billing for their Cloud environment actually works.

In fact, many companies we’ve come across have had to rethink how they are transitioning to the Cloud halfway through the process, simply because they discovered it was far more costly than they anticipated.

For further details into cost issues when moving to the Cloud, visit our article on 5 Problems When Moving to the Cloud.

2. “I Have to Move Everything to the Cloud”

There’s nothing stopping you from doing this. Many businesses (Netflix comes to mind) have chosen to exist solely on the Cloud. Obviously, though, it probably won’t prove ideal for every company.

Some vendors won’t let you take your licenses to the Cloud, while other vendors will permit it. The Cloud also provides a variety of services that can meet your company’s unique needs. The Private Cloud offers three main services:

Iaas: Infrastructure as a Service

This setup allows for a platform virtualization environment, which is then paid for on a usage basis like a utility bill. This service is only suggested for companies with a strong knowledge of IT, since this service allows for the user to maintain the most control over their environment and therefore are responsible for its upkeep.

PaaS: Platform as a Service

This service facilitates deployment of applications while also limiting cost and reducing complexity. It does this while also managing the underlying hardware and software. While it provides structure, it also allows for a greater degree of control for the client.

SaaS: Software as a Service

This offering provides a complete service over the Internet, allowing the client to avoid the need to install or run any applications on their own servers. All maintenance and support is covered by the vendor and therefore it is ideal for a company with little IT knowledge or no technical staff.

After you’ve established what you want, if you’re allowed to do it, and at what cost, you may find that a hybrid deployment where some applications remain on-prem while others are Cloud-based is the right way for your organization to move to the Cloud.

Hybrid profiles are something that many businesses are choosing after they discover a full transition is too costly. A hybrid deployment can offer the business benefits of the Cloud, while providing you with the flexibility required not to blow the IT budget out of the water.

3. “Whether or Not the Cloud is Safer than On-Prem Is a Simple Yes or No Answer”

There has been a heated debate going on for a while now about how safe it is to store your data on the Cloud. Massive breaches in security and outages of power have been known to happen, but these scenarios fail to acknowledge the systems that are set in place to improve security and storage.

It is also important to note that the only real place your data would be 100% safe from malware and hackers would be buried in a tin can in your backyard, like Microsoft did with Github (and even then, I’m sure there’s a hacker somewhere out there with a shovel).

You run the risk of a breach whenever you interact online, regardless of whether you are on-prem or in the Cloud. When you are in the Cloud, the types of security risks you encounter change from the challenges faced when your environment was on-prem. When your environments are on-prem, your biggest threats are:

  • Infected Devices
  • Local Network Backdoors
  • Multiple Layers of Security

Meanwhile, when you are in the Cloud, the biggest threats you have to worry about are:

  • Infected Users
  • Cloud Application
  • Immediate Access to Data

Knowing the type of risks that you are exposed to in the Cloud can make you better prepared to counteract them.

4. “I Have to be Really into Technology to Understand the Cloud”

This may currently be the case, but it doesn’t have to be.

A study conducted by Citrix in 2012 and presented in the Washington Post found that the majority of Americans do not understand what the Cloud is. 51% of participants thought stormy weather could interfere with the Cloud and 54% said they had never used it before, despite the fact that 95% of them had.

The Cloud is the force behind so much of the Internet, from online banking to popular free email services. For something that has been so quietly entrenched in our everyday lives, it’s important to understand at least the basics of how it works.

The quick explanation is that the Cloud is merely a series of large computers, servers, and data centers (the kind that fill massive warehouses) that are set up around the world where anyone can access it and upload data to it. In exchange for hosting data, people can pay rent for the computing space.

Having your IT infrastructure exclusively within your business is like owning your own house in the countryside. You’re in charge of maintenance; it’s more of a chore to get things to and from your property, and you have more space than you probably need, but there is a greater sense of privacy.

Being in the Cloud, on the other hand, is like renting an apartment in the city with albeit limited space, but you have easier access to things and other people. Congratulations, you now have a basic understanding of the Cloud.

More Information on Making the Move to the Cloud

Moving to the Cloud can be a time of uncertainty, especially when you’re not sure if such a massive project will benefit your company. At MetrixData360, we aim to debunk these myths and find a solution that is right for you.

Not being properly aware of the advantages and disadvantages of moving to the Cloud can cost your company huge, unforeseen, and ultimately unnecessary expenses. It is so important that you’re aware of the risks before you migrate to the Cloud.

If you’d like more information about the Cloud and how to best prepare for your Cloud migration, you can click the link below to visit our Cloud Page where, regardless of the platform you choose, MetrixData 360 can help you through this confusing time.

Microsoft, Oracle, IBM, and Adobe Software Audits at a Glance

The Top Four Software Vendors Sending Out Software Audits

It is likely that your software budget is shrinking yet your software vendors are looking for you to spend more money with them every year. When software companies can’t get the revenue they expect from you, they will often turn to software audits as a way to make up the difference. Software audits are many things: stressful, frustrating, leave you thinking that living in a cave, herding goats might have been an easier career path. But for the software publishers’ audits are quite profitable, and they have come to exploit this as a way to make their annual revenue growth targets.

Gartner has said that there is a 60% or greater chance that enterprises will be audited by at least one software publisher in any given year. The best way for you to handle the rising tide of software audit requests is by knowing your software environment and performing routine health checks to uncover areas of exposure. We cover the top areas where a company is exposed to in a software audit in our article Software Audit Preparation: What You Need to Know.

The Biggest Companies Performing Software Audits Are:

  • Microsoft
  • IBM
  • Oracle
  • Adobe

At MetrixData360, we have extensive experience working with all of these vendors, and we know how to handle an audit from each. In this post we’ll discuss some of the things you need to know about each of the software vendors and how to handle them during a software audit.

Microsoft Audit

Microsoft often claims that their audits are simple, short, and painless. In our eight years of defending companies during their software audits, we’ve yet to see a Microsoft audit that has matched this description.

Instead, we have seen audits that take almost 18 months to finalize as customers try to dig through rising mountains of data that are required as part of a Microsoft Audit (or SAM Engagement). Here are just a few tips for dealing with a Microsoft software audit:

    • SAM Audit or Review?

From our experience, Microsoft can either offer you SAM reviews or audits. SAM reviews are technically optional but refusing will likely result in getting audited. For a full breakdown of the difference between a Software Audit and a SAM review, visit our post Software Asset Management (SAM) Review vs Audit: What’s the Difference?

    • Respond to Your Vendor

We are often asked if you need to respond to an audit or a SAM letter. The short answer is yes, it is highly advisable that you respond to both. Not responding to a software audit, can find you in breach of your contract and leave you facing potential legal ramifications and hefty fines up to $100,000 USD. Although you could technically refuse a SAM Engagement, you could also find yourself running the risk of being in breach of your contract.

It has been our experience that refusing a SAM review will often result in Microsoft responding by sending you a full audit that you can’t refuse. Therefore, it would be more beneficial for you and your company to negotiate with Microsoft to perform a self-assessment as opposed to having a Microsoft partner perform the audit. A SAM engagement will be nearly identical to an audit after the data collection stage has begun and you will struggle to see the difference between the two processes until the negotiation stage has been reached.

    • Software Reviews vs Software Audits

The real difference between a SAM review and an audit can be seen when examining the penalties of each and how they are resolved. In a SAM review, you will be allowed to purchase your missing licenses at your contracted prices or at your historically discounted rate. In an audit, on the other hand, Microsoft has the right to charge any shortfalls at List Price in addition to a 5% penalty, although this may vary depending on your contract.

    • Paying For An Audit

Another difference between a SAM review and full audit appears when asking who will pay for the whole process. Microsoft will pay for the cost of the SAM engagement themselves whereas in an audit if you are found to be greater than 5% out of compliance you will be responsible for paying for the audit yourself in addition to any penalties you are incurred during the audit.

IBM Audit

IBM audits can be especially tough, since many of their license metrics require you to accurately have installed their ILMT tool in order to effectively capture your estimated license position (we have found that the majority of IBM’s customers have not done this correctly). Here are some things to consider that can help in the case of an IBM audit:

    • True Up Costs

Once your software audit has concluded, IBM will often let you settle at your discounted price with an additional fee for the maintenance that was used for the upkeep of the product when it was unlicensed.

    • Watch For Licensing Changes

IBM is also prone to make licensing changes which can apply to a wide range of their products in the wake of acquiring a new software company to their profile or releasing new versions of their software. When these events occur, be sure to look at your licenses with IBM to check for relevant updates.

    • Properly Set Up and Use ILMT

Our CEO Mike Austin says that you need to understand ILMT and how it works to effectively manage most IBM Software Audits.
According to Mike, “IBM isn’t typically auditing their Passport Advantage program, they are going after the complexity of sub-capacity and PVU based licensing. In order to pass an audit if you are licensing at sub-capacity, you need to have ILMT up and running. You will also need a have a history of reports. Installing and configuring ILMT is tricky and not many companies have done it correctly. In a lot of our work around IBM Audits, we are fixing ILMT reporting before we even start the work of defending an audit.”

    • ILMT Does Not Hold All The Answers

However, installing ILMT doesn’t mean you are 100% safe from IBM’s audits, you can still be found out of compliance.

    • Avoid Scope Creep

Our IBM Audit teams says to make sure you define the audit scope, as IBM is quite notorious for scope creep. You will want to ensure you know which products and contracts are included (and excluded) from the audit.

    • Put The Onus On IBM

You need to get an agreement with IBM (not the reseller- they can’t promise this) stating that IBM will take on the responsibilities to ensure that the product being deployed is correctly licensed. If they fail to then deploy ILMT after such a deal has been reached, then it might be possible to get a concession during an audit.

    • Defend Yourself With Data

Even if IBM doesn’t take responsibility for the licensing of deployed software, you might have a case to circumnavigate adverse findings that can come up due to ILMT’s failures, if you can collect historical system-generated reports that demonstrate the following things:

1) the processor resources that were allotted to the VMs running the PVU-licensed products have been or are capped and are not subject to any automated augmentations-based on system demands and

2) the historical usage of these products never exceeded licensed levels. However, this data has proved difficult for companies to obtain in the past.

Oracle Audit

From our observations, Oracle Audits incur the largest compliance findings typically. We’ve dealt with Oracle many times in the past, and here are some things you should know about how Oracle conducts their audit.

    • Only Pay For What You Use

According to the ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, for Oracle, the installation of software and the licensing of that software are two different events, with the exception of Database Enterprise Editions, so be careful when initially deploying software as it will likely be the cause of issue during an audit. For example, Oracle optional features, such as RAC, get turned on by default when installing databases, these options may only be licensable if you actually use them, not if you have them installed. This is a subtle difference, but it can have a profound impact and it is an area that is often found as being licensable by LMS. However, we have often found that it can be negotiated out with usage data.

    • Oracle Software Review vs Oracle Software Audit

Oracle has Oracle License reviews and Oracle License audits. These are the exact same thing – “review” just sounds friendlier. Both should be treated with the same level of severity.

    • Understand Your Contract

According to Scott & Scott, LLP’s article, Seven Lessons I Learned Representing Clients in Oracle Audits, take extra care to understand Oracle’s policies around usage. Since many of Oracle’s policies will not be included in the license’s documents, there tends to be a lot of confusion generated around this topic. Some areas that produce the largest findings in an Oracle Audit are VMWare and Oracle’s policy stating that all Processors in a cluster must be licensed. This policy has caught many organizations off guard and is the crux of the major lawsuit between Oracle and Mars Corporation.

    • More Gaps Cost More Money

As with Microsoft, if you are found out of compliance on a Oracle Audit you will have to cover the expense for the audit.

    • Use Your Own Tools

Our Oracle Audit Experts state that you are not required to use Oracle’s scripts to collect your data, especially if you have your own methods in place for gathering your data. LMS will try very hard to get you to use their scripts. We recommend, however, that you use your own processes first, if possible.

    • Tools Are Only As Good As The People Using Them

ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, states that Oracle has several approved SAM tools like Lime Software, Easyteam, BDNA, Hewlett-Packard, Flexera Software, Nova Ratio, and iQuate. However, these tools only collect raw data and won’t provide you with the interpretation of that data which will tell you what you need to license. Therefore, just because you have Oracle-approved tools, it doesn’t mean you’re completely safe in an Oracle audit.

    • Get A Paper Trail

In all audits, but especially ones with Oracle, it is highly recommended that you get a closing statement to close out the audit (indemnification is the most ideal). This is especially important with Oracle, as they are a very litigious vendor. You will be happy that you have a closing statement in case the audit ever goes to court and your company’s reputation is suddenly on the line.

Adobe Audit

Compared to the other heavy hitters, Adobe’s software audits can seem like little more than a friendly reminder. However, Adobe’s products can be quite expensive, so it’s important not to let this vendor slip from your mind. Here are some tips about Adobe licensing:

    • Friendlier, But Not Friendly

According to a study released by Gartner in 2016 and presented in their article What Does an End to Adobe Auditing and License Compliance Activity Really Mean?, Adobe has steadily moved away from auditing their customers, focusing instead on their Software as a Service platform and subscription-based licensing. That does not mean your company no longer has to deal with compliancy risks from Adobe, as Adobe still maintains the right to verify compliancy, giving their customers 30 days to provide data to ensure proper usage.

    • Buy What You Need, Not What You Want

The Gartner article also states that with a focus on SaaS and the subscription-based nature of Adobe, along with the lack of an “off-switch” for Adobe products, the main focus of Software Asset Management when it comes to Adobe should be proper sizing and monitoring usage.

    • For Adobe, It’s The Little Things That Count

According to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe monitors their customers differently from other vendors. Where Microsoft, Oracle, and IBM are interested in unlicensed software, Adobe is more interested in the protection of their intellectual property and making sure their product is used correctly. Are you correctly licensing any fonts with Adobe? These small questions can accumulate if they are not properly answered.

    • Adobe Does It Themselves

TechRepublic’s article also states that Adobe performs their own compliance verification review as opposed to hiring a third-party auditor, which can either be good or bad depending how far out of compliance you are.

    • Watch For Creative Suite License Changes

One best practice we advise our client’s to adhere to when dealing with Adobe says that you will have to pay particular attention to Creative Suite, as it is prone to change almost every year and these constant updates make it difficult to keep track of products. It will often leave programs as obsolete and the licensing for it makes it difficult to understand what is truly needed.

    • Upgrade Licenses Can Downgrade Your Compliance

Finally, according to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe also has no program in place to account for upgrades. Upgrade licenses, therefore, can sometimes stretch back several years – so, keep track of how far back these licenses go and be sure not to leave yourself over-confident (don’t forget that sometimes you can only go back three versions – so tracking that can also be very difficult).

How MetrixData360 Can Help

Software audits have been known to put a strain on any company’s software budget, so knowing about the software vendors that tend to resort to such methods will leave you with a better knowledge of what to expect. At MetrixData360, we believe that you should not have to pay the software vendors more than what you owe them, so it’s important to invest in software asset management long before you’re confronted with a software audit. By clicking the button below, you will be taken to our audit services page, where you can learn more about how we can help you survive a software audit.

5 Factors to Consider When Buying a Software Asset Management Tool

Things You Should Consider Before You Buy A Software Asset Management Tool

Software Asset Management (SAM) tools offer tremendous value. According to BCS the Chartered Institute of IT, 20 to 30% of an overall IT budget goes to software licenses and maintenance fees that can be minimized with the use of an effective SAM tool. Before you buy a SAM tool, however, there are a few questions you should ask yourself.

The first question you need to ask is do you even need a SAM tool? While at MetrixData360, we advise companies to have some sort of SAM tool in their environment, we understand that it might not be the best financial move for everyone.

Here are five key factors to consider before you purchase your Software Asset Management tool.

1. The Size Of Your Company

According to OMTCO’s Six Questions that Managers Should Ask About Software Asset Management, if you are a small company with only a few servers to keep in check, then you’re already at fairly low risk of receiving a software audit. Vendors use software audits as a means of inflating their revenue, so they only have eyes for the big fish from whom they can squeeze a profit from.

If you have a small software estate, your licensing will also be small and easily manageable, and you can keep things organized with just a couple of spreadsheets in case that you do receive a software audit. If that is the case, then a SAM tool probably won’t provide that much assistance.

2. How Complex Is Your Infrastructure?

Complexity is a breeding ground for human error. If your company has any of the following attributes then it might be time to consider whether or not you buy a software asset management tool:

  • If your company has undergone a merger or acquisition
  • If it has multiple locations that reaches an international scale
  • If parts of your infrastructure has been outsourced
  • If other parts have undergone virtualization or migration to the Cloud

3. What Will the Function of Your Software Asset Management Tool Be? Inventory or Software License Management?

SAMsource Library’s article Do You Need SAM Tools talks about how in the SAM tools market, you’ll probably come across SAM tools with a primary focus in one of the two following areas:

  • Inventory
  • License Management

With inventory tools, your SAM tool will track what you have installed on your system. It might sound unnecessary, but there are many software estates out there that have old accounts from past employees or old servers locked away in storage that are still licensed and considered active in the eyes of your software vendor. Inventory tools can also be an excellent way to monitor your security, which can prevent viruses or malware to name a few benefits.

While there are many tools that offer inventory data, it is not the only important data point as license management is equally important, so you need SAM tool that can do both. If you buy a software asset management tool that lacks the ability to manage licenses, it will be harder to configure the tool to meet your needs.

Inventory tools will usually come with an add-on feature that offers license management, but their effectiveness might be lacking since license management is more of an afterthought behind inventory collection. What is worse, some of the older SAM tool models were not equipped to the ability to track multiple forms of licensing metrics effectively and struggle with Cloud-based systems, which is something you should be aware of while purchasing your tool.

4. Will the SAM Tool Easily Fit Into Your Existing System?

Before you contact any SAM tool vendors to talk about a purchase, BCS points out in their Guide to Selecting a SAM Tool that it is important to consider if the process is worth the effort or if the only thing you’ll get out of the deal is a migraine. It’s important to establish if the SAM tool in question can even be integrated into your system easily.

Consider your IT asset inventory tools, your procurement systems, your HR, and all the other systems that interconnect with one another throughout your business and ask if the SAM tool in question can be effectively incorporated. Take time to consider if the SAM tool that is being installed is also compatible with any other SAM tools in your system.

You also need to establish that the tools that you are thinking of purchasing meet the demands presented by your software’s unique environment. This requires that they communicate with IT landscapes and offer information on features and pricing as well.

5. Will You Also Need to Put Someone in Charge of Your SAM?

Merely purchasing the tool might not be enough if you want to obtain full control over your software estate. Making sure that everything is organized in the case of a software audit might mean hiring someone who can own your SAM tools. Software asset managers will ensure the tools are running properly and gathering the data you need to create an accurate Estimated License Position.

Software Asset Managers, or third-party software consultants like MetrixData360, have quite the versatile role, according to the Vector Network’s article Back to the Basics: Roles of The Software Asset Manager. The job entails managing the SAM tool, handling software requests, purchasing and deploying new software, ensuring that the company is ready for an audit, and utilizing reporting and documentation tactics. If you feel like your company can offer enough of these types of tasks to fill a workday, consider if a SAM manager would be a useful addition to your workforce.

Along with a Software Asset Manager or Software Consultants, you will also need to consider what sort of systems and procedures will be set in place that will determine how data will be collected, analyzed, and verified.

If your company is large enough, hiring a whole team might be in order to help you remain within compliance and to maximize efficiency with your software licensing, as EY says in their article Software Asset Management: 3 basics all companies should get right.

How to Verify if the SAM Data is Accurate

If you do end up purchasing SAM tools, they will do you little good if you cannot prove that they are accurate. According to the ITAM review’s Verifying Asset Accuracy, the best way to validate the data your SAM tools collect is by doing the following:

  1. Perform a physical spot-check of a small sample of your larger system
  2. Perform a lifecycle check by asking members of the IT team to incorporate data verification into their daily schedule
  3. Perform a comparison of data sets on a large scale to verify which data is represented in which databank (Active Directory, Inventory etc.) to detect blind spots in your system

For More Information

SAM tools are so important to making sure you are within compliance with your software vendor and to make sure that any software audits are conducted as painlessly as possible. For that reason, you’ll need to make an informed decision about your purchase. All that matters is that you have a strategy in place before the next auditor darkens your doorway. At MetrixData360, our goal is to save you money and to make sure you make the smartest spending decision for your company.

What is a Software Audit: The Fundamentals

When the Software Auditors Come Knocking

Software Audits. These two words strike fear into the hearts of many bold businesses. At their worst, software audits can be time-consuming and causing tremendous damage to the relationship with your vendor, leaving you frustrated when their representatives even dare to walk through your door. Not to mention the impact to your IT budget when the process is over. What exactly is a software audit though? At Metrixdata360, we’ve helped our clients through hundreds of software audits and we know exactly what to expect.

Definition of Software Audits

A Software Audit is conducted either by a software vendor or internally done by the organization to ensure the business is operating within the use rights of their specific software contract and to make sure that the use of that software aligns to the licenses they have paid for. Any areas where the client is underpaying for the software they are using would be referred to as a compliance gap. Compliance gaps can result in steep financial penalties that are almost never budgeted for.

How a Software Audit is Started

The software vendor will typically communicate the intent to audit through a formal letter in the mail. If the vendors are requesting a Software Asset Management (SAM) review, which is slightly different than a full-blown software audit, the news might come in the form of an email or a phone call. For a more in-depth examination of the difference between a SAM review and a Software audit please visit our article SAM Review vs. Audit.

Whatever the notification medium, it will specify whether there will be a software audit partner (some vendors use internal resources and others fire audit firms like KPMG or Deloitte) and the time frame. According to technology attorneys Scott and Scott, it is important during this period to determine whether or not you’ve received a SAM review or a formal audit. SAM reviews are conducted internally and voluntary, but audits are something that you are legally obligated to adhere to.

The Time Frame of a Software Audit

The time frame for a software audit may be negotiable, but the notification itself does require action sooner rather than later, as some software audit requests have a required response time of just 15 days.

The First Three Things You Need to do When You’ve Been Selected for an Audit

 

  1. Send the vendor confirmation that you’ve received their request, that they have the right to audit but that the time frame needs to be reviewed for when you want things to begin. This will buy you more time to get yourself organized.
  2. If there are third-party auditors involved, it is paramount that you discuss a three-way Non-Disclosure Agreement (NDA) immediately.
  3. Define a scope for the upcoming software audit. Make sure the vendor clearly outlines which software products they are auditing for. If your company has multiple locations, make sure you determine what region, or in which division the software audit will be conducted. All of this is done in order to avoid scope creep.

Who is Vulnerable to a Software Audit?

The broad answer is anyone with a software licence can be audited but there are things that do cause the ears of software companies to perk up and look to you with suspicion. If your company matches any of the following criteria, a software audit might be looming on the horizon.

  1. You’ve undergone a significant decrease in your spending with the vendor.
  2. Your company has a complex infrastructure with multiple locations that can range to an international scale. This will make it easy for things to be missed.
  3. You frequently conduct mergers and acquisitions.
  4. You have overly complex profiles and multiple licenses with the vendor.
  5. Your spending with that vendor does not match recent company growth.

According to Enhansoft, it’s important to establish whether or not you are comfortable to live with these risks and face the fact that you might one day very soon be confronted by an audit.

Watching What You Say Around Your Vendor’s Rep

Information can also be gathered by members of the software publisher’s company. We call it corporate espionage.

Let’s say someone from a software vendor has come into your company to talk about new products and during that conversation it comes up that one of your branches has started a new project that will eventually require 10,000 new licences. That vendor representative will get back to their office and tell the sales department that in a few short months 10,000 new licences are coming their way! Except…it doesn’t. Perhaps the project was postponed or cancelled on your end. However, the sales department of the software vendor is breathlessly waiting, but the order never comes. In response, the vendor starts writing up your software audit because for all they know, projects have commenced involving their software that they are not apart of.

We’re a Small Company, Will that Affect Our Chance of a Software Audit?

Typically, software audits are geared towards larger companies since they tend to have more licenses and are therefore more prone to have gaps in their compliance based on the sheer volume of software that they are handling.

It is also a matter of risk and reward for the software vendors. One of the reasons vendors perform software audits is to turn a profit from the auditing process, so small businesses with small licenses might not be worth the effort and their chances of receiving an audit are fairly low.

Hope During a Software Audit

Audits can feel like you’re sloshing through an endless swamp of confusing data while staring down a row of stone-faced auditors, it’s a daunting task for any business to face. Knowledge and the time to prepare will be the best weapon you have at your defense. At Metrixdata360, we can give you both the time and the information that you desperately need to get through this software audit with your yearly budget relatively unscathed.

How To Sell SAM To Your CFO

Fostering CFO and CIO Collaboration in Software Asset Management

As a CIO, you’re trying to make sure your company stays ahead with the latest technology, and you recognize software asset management is vital for the health of your IT budget. Not only can Software Asset Management track your inventory and make sure that you remain compliant with your licenses, it can also decrease your software spend by 20% or more over an extended period. But how do you sell SAM to your CFO?

According to a survey performed by Gartner and the Financial Executives Research Foundation, 42% of IT departments answered to the CFO and 26% of all IT investments were approved by the CFO as opposed to the CIO, who only approved 5% of all investments.

So, the question remains, how can you convince your CFO of SAM’s importance?

At MetrixData360, the decision-makers we frequently speak with are in both finance and the IT departments, and so we are familiar with how to effectively communicate with both. Here are some benefits and talking points to use when go to sell SAM to your CFO.

Digital Transformation Makes Technology Important to the CFO

A CFO’s job isn’t simply to horde as much money as possible, they’re not a dragon. Their job is to see the company grow through smart investments.

One of the reasons why the CFO and the CIO have often butted heads in the past has been due to conflicting goals. A CIO’s job is to enhance the business through monitoring the technological systems that are in place and deploying more effective ones. Therefore, a CIO would appreciate technology and the need to upgrade older systems. Meanwhile, the CFO would see such an upgrade as an unnecessary investment when compared to the outlay of capital, if the current system performed the job adequately.

Finances and technology are now the two most important departments in the modern business world, and many CFOs, if they want their company to succeed, need to understand the value of technology.

In fact, creating a mentorship relationship between the CFO and the CIO is one way in which the CFO can gain knowledge about the importance of technology in the company’s operations, despite technology not being their field of expertise. If the CFO understands the value of technology, they can often become an advocate for it, instead of a form of adversity.

Plan How You are Going to Present Your Request to the CFO

There are actually many benefits that software asset management can bring to a CFO if you present it in the right manner. Auditboard’s article 7 Ways to Win the Budget Argument with Your CFO offers the following suggestions:

  • Appeal to your company’s values – frame SAM as a gateway to savings that can be better used to improve customer service, product research, or fund new developments.
  • Consider the communication style your CFO prefers – are they interested in the big picture or would cost comparisons and intricate details engage them better?

Keeping these factors in mind will help you create the type of argument that will win the CFO over.

Don’t Expect the CFO to Understand the Importance of SAM

A CFO has to worry constantly about the return on investments. For SAM, that return doesn’t seem to exist because SAM done effectively seemingly does nothing at all. A strong SAM strategy means that your business isn’t disrupted by a software audit and your department’s days aren’t wasted by data retrieval projects or long drawn out negotiations.

Most importantly, there isn’t a massive sum of money that the company suddenly needs come up with to pay off penalties for unlicensed software. In short, business carries on as usual. Such a non-tangible return might seem uninspiring to a CFO.

Before you attempt to sell SAM to your CFO, consider their role in a software audit: damage control. They’re brought to the meeting for two reasons:

  1. To pay the software penalties, which can be a big portion of a company’s yearly software budget. The CFO has to figure out where that money will come from (usually with a tight payment date of just 30 days after a settlement has been reached).
  2. When a software audit has been taken to court and suddenly the company’s reputation is on the line.

Imagine what sort of thoughts might be racing through your mind having that hot mess dropped in your lap. You’d probably be wondering how things could go so sideways so fast, and now you have what feels like someone else’s mess to clean up. Since they’re not involved in most of the process, they might not understand what role software asset management has in the IT Department’s ability to control software costs or within a software audit.

CFOs Want as Little Risk as Possible with High Return Value and SAM Can Give Them That

Despite how they want a company to grow, budgets are based on the ability to plan, so unforeseen risks and surprises are factors that make CFOs nervous.

Of course, despite how much SAM can appear on the outside to be nothing but expensive tools with difficult-to-explain returns, SAM is a perfect tool for lowering compliancy risks and avoiding a huge payout that CFOs would hate to deal with.

Here are just a few more points that can be used to sell SAM to your CFO:

  • According to Snow’s article Software Asset Management & the CFO, Software audits are unavoidable, there’s a 70% chance that your organization will be audited in the next 12 months, so the only thing that you can do is prepare for its inevitability.
  • According to ITAM’s article, How do you convince the CFO, CFOs judge the success of a product based on profit or loss. While CFOs tend to only remember the things that turned a profit, remember that SAM can spare a company significant costs (unneeded software licenses or maintenance is a splendid example).
  • Software Asset Management tools can track the usage of deployed software, creating hard data for the software’s overall usefulness and the ability to effectively project the returns of new software.
  • Software Asset Management can save up to 30% of software spending since it can detect where the company is overpaying for licenses and other general waste.
  • Once again drawing from ITAM’s article, How Do You Convince the CFO?, SAM can prepare the company with an estimated license position to lower the risks of any surprises to their budget. The company may not like what software asset management finds, but at least they will understand what they have to work with long before the software audit arrives. Software asset management can be viewed as an exercise to prevent unexpected losses.

Getting the CFO on board with the software asset management strategy of a company can prove critical for its implementation. Regardless of what method you choose, you need a SAM strategy in place in order to ensure compliance and software efficiency. At MetrixData360, we have spent seven years managing risk and optimizing software licensing spending. If you’re ready to cut costs in your software asset management, then visit our Contact Us page to get a free consultation today!

How to Hire a SAM Expert

Why Hiring the Right SAM Expert Matters

While it’s true Software Asset Management might not be the mostly widely understood industry, it is no less important to the impact on your IT Budget. When you hire a SAM expert that knows what they’re doing, you will ensure that your software environment is in compliance with any software vendors you have contracts with, your organization’s IT infrastructure is compliant and up to date, and, if done correctly, will return money to your IT Budget by decreasing your overall year-over-year software spend through optimization.

At Metrixdata360, our eighty years’ experience in this industry has left us knowing exactly what a quality Software Asset Manager should look like. If they perform their job correctly, you will rest easy knowing your compliance against your software contracts is backed by solid data and you are getting the most out of your software budget.

The Choices for Picking your Software Asset Management Expert

At the helm of an organized Software Asset Management project you will need a strong SAM expert, and there are three options you can select from: you can install an internalized team, you can hire an external source, or you can select a hybrid of the two. In this blog post, we will go over the three types of resources in depth so that you can decide which one is right for you.

Role of a Software Asset Management Expert

Before you hire a SAM expert, it’s important to understand what a SAM expert does. Their role doesn’t end simply with the deployment of software. They also track a software’s usage to make sure that you remain compliant with the vendor and to optimize a software’s cost efficiency. This means they are the ones who will find where your spending with a vendor can be cut, and will negotiate for these better terms during your next contract renewal.

They keep your licenses in order using SAM tools and IT assistance, and they will also play a vital role should you be audited. The software auditors will come after your data to prove that you are out of compliance and for that you will need your Software Asset Manager to oversee the collection of that data and the proper use of your SAM tools.

Hiring an In-House Software Asset Management Expert

Hiring an in-house software asset manager can be a great investment for your company. They can really own the project of software assets and can get to know your architecture inside and out. Usually a software asset management team is extremely valuable for the daily management of software assets. The first thing you want to look for in your future software asset management expert is their experience.

ITAM’s article Software Asset Management Analyst Job Description talks about how typically, software asset managers have a history in finance, business, risk management, or following the more obvious route, Senior IT and/or software development. Moving on to their experience, according to KPMG’s SAM expert training outline, Software Asset Managers need to have a proven track record of handling a project’s setup and management while balancing stakeholder relationships.

They will need to know software licensing in and out, from license agreements to metrics and scenarios, so a history in the legal field of software compliance should also be considered an asset. Your future SAM expert will need to be a master at the verbal and written communication required to conduct vendor relations and contract renewals effectively. Lastly, a strong SAM expert will serve you very little without having an effective SAM tool on their side along with the ability to harness that SAM tool.

Therefore, the skills to learn and manage your software environment should be considered a strong personality trait. If you have a member of your staff already in mind for the task of your new SAM expert but they lack the education, training for Software Asset Management is also available through ITIL and ISO 19770 training courses, which educate on the relevant standards and legislation that govern the industry.

Outsourcing Your Software Asset Management

As covered in from the ITAM Review with an internalized team, you save time and resources that would have otherwise been spent coordinating with the third-party team. However, few companies have the resources and knowledge needed to build their own internalized team to manage their software assets and that is why many companies opt into a partnership with a third-party SAM expert like us.

If you’ve decided on a third-party SAM expert that looks promising, you will want to examine the vendor to make sure that they can deliver value for the costs of their services. Powerhomebiz.com’s article How to Hire an Expert or Consultant recommends checking their past records to make sure that they can deliver you the results they offer. Their education and experience should be like the ideal SAM expert stated above.

At Metrixdata360, for instance, we are made up of legal experts, ex-auditors, IT experts, and former software vendor employees. Inquire into the SAM tools that your vendor will be using – a SAM expert that aims to get the job done with just a spreadsheet will be of little value to you. Start a dialogue with them and see how well they listen and incorporate your stated requirements into their strategy. Make sure that the consultant team is willing and able to work within the budget you lay out for them but most importantly, go with what feels right and trust your instincts.

For more information about Hiring a SAM Expert, check out our article 4 Signs It’s Time To Hire A SAM Professional.

Hybrid Software Asset Management

Rolling the SAM Dice: In-House vs. Managed from the ITAM Review brings up the third option for hiring a SAM expert that has become a popular choice amongst businesses. This hybrid solution is buying the SAM tools yourself, having it installed in your environment, and hiring a third-party SAM expert to manage your SAM tools.

This allows you to control the methods used while also being assured that your assets are being properly managed. This is ideal for either companies who are effective in managing their daily software usage but need help with the sudden arrival of an audit, or companies whose data is too sensitive to be let outside their environment.

Regardless of what you pick, make sure that you find something that matches your unique profile before the software auditors are at your door. SAM, if conducted correctly, can save you up to 30% of your current software budget while also allowing you to maintain your relationship with your software vendor. At Metrixdata360, we offer a variety of services including audit preparation, contract negotiation and SAM tools to help you on your journey to full SAM coverage. So don’t forget to sign up for our newsletter so you can keep up to date with the newest developments across the SAM industry. All the best in your SAM hunt!

Book a Meeting with a SAM Expert Today and See How Much You Can Save