Embed Size (px)
Citation preview
Winning Strategies to Beat Audits from 5 Top Vendors
In an audit, the side with the best data wins
Many software vendors use audits as a source of additional revenue, squeezing customers to boost their bottom line. For vendors, audits can be a significant source of revenue; one that can only be expected to increase in times of economic uncertainty. When we look back to the financial crisis of 2008, vendors increased their auditing efforts placing more pressure on customers than ever before.
Feedback from our 2021 IT Priorities report highlighted that 40% of respondents had received an audit from one of the top 5 vendors within the last 12 months, with Microsoft being the most active at 60%. While they tend to be aligned with contract renewal dates, audits can occur at any time of year.
While audits tend to be aligned with contract renewal dates, they can occur at any time of year, and can put customers in a position of strength or weakness, depending on their situation. Strongly positioned customers, those with visibility of their license entitlements and usage, can often renegotiate existing agreements as well as have leverage for new license purchases. On the other hand, some customers will face potentially costly penalties as vendors seek out easy targets to meet their audit revenue goals.
Results from the 2021 IT priorities report highlighted that over 50% of enterprise organizations surveyed were either concerned or very concerned about vendor audits within the next 12 months.
In an audit, the vendor will use their data to show what they think you owe. Without data of your own, you have no option other than to accept their version of the truth. Developing your own accurate view of software deployment, configuration, licensing and usage will enable you to counter their claims and clarify any variance. To build this view, you need the right people, processes and technology in place.
2
Technology intelligence provides complete visibility of all hardware, software and cloud assets across your entire estate, reconciled against your entitlements and contracts, putting you in a strong position to support audit compliance as well and automate license optimization, as well as enabling you to drive the best deal for your organization at the time of contract renegotiations and renewals.
It also highlights critical audit strategies when dealing with 5 top vendors. Not all software vendors follow the same audit practices and behaviors. Strategic goals and focus vary from one vendor to the next, including who gets audited and how audits are carried out. For each vendor, there are guidelines and tips on how to handle an audit or contract negotiation.
How technology intelligence drives audit compliance and cost savings
3
The ironic fact about audits is they can represent an opportunity, depending on the amount of preparation you have done.
Since audits often coincide with renewal periods, customers with deep visibility into their software usage can often negotiate better pricing for new licenses or agreements as vendors are eager to close business.
But this preparation and visibility can be difficult to establish without specialized solutions that provide detailed usage patterns across datacenter, cloud and mobile devices.
Get visibility of your entire state
Difficulty in establishing visibility of software usage increasingly stems from a shift in technology purchase decisions from IT to business units. Business users can download unauthorized software to devices, create and use subscriptions to SaaS applications and use mobile devices that could violate licensing agreements. A complete software asset management practice, as opposed to one-time inventory reports, enables visibility at an employee, system and entitlement level — empowering you to quickly create compliance reports, see usage trend information and identify opportunities for optimization.
Establish compliance
Tackling compliance starts with reconciling software usage against entitlements within license contracts. If you’re trying to do this manually, the odds are that your work will be out of date by the time you finish, if you finish. Using a technology intelligence tool to provide IT and other stakeholders with actual usage establishes a complete compliance position, including an Effective Licensing Position (ELP).
Leverage your position to take advantage
After establishing compliance — based on complete visibility of software usage across cloud, datacenter, user systems, and mobile devices — this same view can be used to identify opportunities to optimize and reduce costs, such as excess licenses, duplicate user accounts, and over-entitled users. The key to finding such optimization potential is looking at fine-grained usage information showing not just whether or not an employee uses an application, but what specific components are utilized.
Preparation is key
4
Audit types — where they come from and how to treat them
Many vendors pursue an audit strategy that at first looks like an informal request for information. These requests often arrive as a generic, impersonal request for the customer to collect and report data or as an offer for an assessment or review. They are often written in a way that makes it sound like the vendor is offering a free or helpful service. The important thing to know is that these are still effectively audit requests. These audits are an attempt to find customers out of compliance. Once non- compliance is identified, the vendor will then submit an audit finding requesting payment or may use the finding as leverage to get customers to purchase new product offerings from the vendor.
While it is best to respond to these requests, it can be a double-edged sword. Respond and invite the vendor in, and they may find your organization is out of compliance. Don’t respond, and you may find your organization is quickly in line for a true audit.
Optimization Assessments and Licensing Reviews
In contrast to these informal audits, a true audit is nearly always a bad thing. Even if you are sure your organization is compliant, the time- consuming effort and number of cross- functional employees that need to be part of the audit process makes them expensive.
Audits arise for several reasons. These include disgruntled or former employees sending a complaint via the BSA, your organization discontinuing maintenance on a large enterprise agreement or your organization completing a merger or acquisition that shines a target for compliance risk.
These official audit requests must be responded to. Failure to do so could bring legal and financial damages that would only compound the result of the audit itself. If audited, you should immediately notify your legal and procurement leadership, your CIO and the executive board and begin the appropriate steps in preparing for the audit.
Full Audits
5
Microsoft
Microsoft employs two distinct methods for identifying unauthorized use of their product use rights — a Baseline Review and an Audit. Some smaller organizations have also seen third-party communications asking them to ‘self-certify’ their Effective Licensing Position.
A Microsoft Baseline Review, or Software Asset Management Review offers greater flexibility and non-compliance can often be resolved by purchasing new technologies such as cloud platforms. Just because a Microsoft Baseline Review is a more lenient process does NOT mean you should ignore it. Although response is not a legal requirement, ignoring a Microsoft Baseline Review could bring about a full audit. However, you can request additional time to prepare for the Baseline Review and can leverage a Microsoft Certified Partner, like your License Solution Provider, to help you. Your License Solution Provider is especially important in helping reconcile what you have deployed against your Microsoft contracts.
The actual review takes place once the data has been pulled to reconcile your deployment versus your entitlement. Microsoft will review your agreements and ask you to provide information on a License Verification Worksheet by a set date. Once you send that back, they will send you an estimated license ownership position within several days. This is where the negotiation begins.
At the conclusion of the Microsoft audit, there are often offers to:
1. True-up or Renew’ to pay the difference in what you use versus what you have purchased
2. Move into the latest version of Microsoft technology, such as Cloud Services or Office 365
3. Move onto the latest version of the same platform/software suite at a discounted cost
A Microsoft Audit is very different. Microsoft Audits are conducted by a third-party audit company and you are legally obliged to comply. As with the Baseline Review, you should acknowledge the audit request. Microsoft understands business activities can impact your ability
to respond quickly so valid business reasons for requesting more time are often accommodated.
Microsoft will specify what they are auditing, be it a specific business entity, a certain contract or the whole estate. You will need the help and support of a Microsoft Certified Partner or an independent Microsoft licensing expert or SAM consultant. Even if your organization has a Microsoft Licensing expert, the manual process required to comply with the audit is time consuming and prone to costly errors.
Audits can take a lot of time. Anywhere from three to 18 months can be spent on data gathering, evaluation of licensing entitlements and interviews. This effort is one of the main factors that make audits so expensive. Another, is how audits are concluded.
At the conclusion of an audit, you must pay list price for any non-compliant software on top of a settlement fee, if you are found to be out of compliance by 5% or greater. The cost of the auditor is part of the penalty so an auditor that is a Microsoft SAM partner as opposed to an LLC- driven auditor will likely be less.
Some key tips for Microsoft Baseline review and Audits:
1. Do not ignore either request. A “friendly” Review letter that is ignored will often be followed by a not-so-friendly (and more expensive) Audit letter
2. Do request an extension (maximum six months), giving yourself time to prepare properly
3. Do not purchase licenses in an effort to make up a compliance gap, this does not count toward audit results anyway
4. Do engage with a Microsoft Certified SAM Partner to help you through the process.! Make sure to check if the contracts that are up for review are complete and the same for both parties
Remember that in an audit the side with the best data wins. If you have no data, you have no alternative but to accept the report from Microsoft or the auditor. A robust SAM solution will provide you with the accurate data ahead of either a Baseline Review or an Audit, arming you with the data you need to win.
How to be audit ready
6
Oracle
Oracle licensing is notoriously complex because it doesn’t require a license key. It’s easy to install more than you’ve purchased licenses for and effectively create a compliance nightmare. With this complexity, many customers choose an Oracle Unlimited License Agreement (ULA) in which an enterprise pays a single up-front fee to get as many licenses as they want for a specified set of Oracle products over a fixed time frame. These customers trade off simplicity for cost, avoiding complex and time-consuming license tracking that carries little guarantee of accuracy.
Key recommendations to get visibility and control of your Oracle licensing:
1. Understand your virtualization technologies usage
2. Review the Options and Management Packs installed and accessed
3. Look at the database editions installed and check to make sure you are using the most cost effective one for your needs
4. Choose the optimal license type for your needs and continuously review
One of the easiest ways to ramp up unexpected costs is with the use of virtualization technologies. Oracle differentiates between hard partitioning, where a technology they “recognise”, such as IBM LPAR is used for partition the environment, and soft partitioning, where Oracle doesn’t recognise the technology as valid – a common example of this is VMWare.
Options and Management Packs are a licensable extra cost option that are easy to accidentally install because they are often enabled by default. The complexity increases as some of them are used by the system, or use rights may be bundled in with other Oracle purchases and neither of these usages would incur additional costs.
There are two distinct methods to license Oracle database products – Named User Plus (NUP) or Processor Licensing. If there are a small number of users accessing a database it is usually cheaper to license with NUP but you should keep track and review regularly to ensure you are using the best metric for your needs.
It’s important to check which database edition you’re using. The Enterprise edition is significantly more expensive and may not be required. It’s not just the cost of the edition, but the number of processor licenses Oracle calculates as required for the specific server the database is installed on.
Key Oracle questions to answer if faced with an audit:
1. Are you using virtualization? How is it deployed? Virtualization greatly affects your deployment requirements and restrictions. Be careful you are not inadvertently overprovisioning
2. Are you using Oracle in the cloud? Oracle is very interested in promoting use of their cloud platforms. It will target non-Oracle cloud deployments in its audits and then leverage audit findings to pressure customers to shift to the Oracle cloud
3. Do you have Oracle based disaster recovery (DR)? DR environments must be fully licensed even if they are “passive” (i.e. the software is installed on the DR site but not running). Furthermore, simply testing a DR scenario requires the DR site to be licensed. Many customers expect their environment to be covered by the ‘10-day rule’ but this rule only applies when you have multiple server nodes connected to the same single storage array (i.e. Active/ Passive Failover)
Strategies to deal with 5 top vendors
7
SAP
Like other large vendors, SAP often uses audits as an opportunity to exert pressure on customers to shift to new products. It will allow organizations to forego audit fees or true-ups if they purchase new products, especially its cloud acquisitions.
Manually gathering SAP data is highly time-consuming and inaccurate and will probably not enable you to defend your license position nor enable cost- optimization. SAP provides a number of embedded tools that check what’s been enabled against entitlements, but they do not show you if you’re making the best use of existing entitlements.
Unlike other vendors, SAP requests an annual LAW report submission that uses the embedded tools to match entitlements to installation. If your estate is not optimized to remove inactive or unrequired users, or to assign licenses based on usage, an expensive bill can follow.
Being well-prepared for an SAP contract renewal or audit pays significant dividends. Some of the key elements of this preparation involve uncovering the most value from unused licenses.
The steps include:
1. Calculating the initial software asset value
2. Freeing up inactive user licenses
3. Rightsizing user licenses
4. Converting the unused licenses into credit to use in future purchases or to offset against the migration to S/4HANA that should take place by 2027
Strategies to deal with 5 top vendors
8
IBM
IBM licensing is complex and it provides various metrics for measuring deployment.
IBM Audit Tips
• Audits can be an opportunity to renegotiate your license contract. IBM is heavily scrutinized by financial analysts and new product revenue looks a lot better than audit revenue. Use this to your advantage to negotiate trades of new licensing in lieu of audit revenue. IBM compliance managers often trade non-compliance threats for other purchases
• Get ahead of the game. Customers under audit should take as many proactive steps as possible to review their estate and track down issues that might be brought up by auditors
• Understand IBMs rules in relation to using sub-capacity licensing. Getting this right can help you avoid costly true-up fees, but it is very easy to get it wrong. There are rules about sub-capacity licensing and without full visibility of what you have installed and where, it is easy to fall behind
• Take the audit at your own pace. It is in the interest of the auditors and IBM to complete an audit quickly but such a race against the clock is not necessarily in your best interest
• Optimize the sub-capacity environment. For example, adding a new virtual machine to a fully licensed environment can be carried out without the need for additional licenses
Use the following steps when reviewing your IBM license estate:
1. Identify and evaluate all entitlements as this will guide your deployment strategy. Look for non- standard items such as contracts requiring licensing of warm-standby systems
2. Identify all PVU-based products across your estate and ensure that ILMT agents are installed and reporting correctly. Ensure you are running the most current version of ILMT or sub-capacity licensing may be disallowed
3. Ensure that you understand how Software Subscription and Support might affect your liability when upgrading previously retired products
4. Understand the state – hot, warm, cold – of all servers running IBM products. Concessions can be made for cold backup servers
Strategies to deal with 5 top vendors
9
VMware
VMware product families include vSphere, vCenter, vRealize, and Horizon Suite, as well as the Fusion product family. VMware applications use multiple license metrics, including per-device, per-user, per-virtual machine, per-processor and per-portable unit. With so many license models it can be difficult to get visibility into cost structure, ultimately making it harder to manage and optimize.
VMware’s complex license model means difficult and lengthy audits. VMware focuses on understanding where and how its customers use VMware software, especially for vCenters, and ESXi hosts. Within organizations, there’s often a disconnect that occurs between server administrators and the Software Asset Management team. For example, if a server administrator increases cluster capacity to resolve performance issues without informing the procurement or SAM team, the impact on licensing may be overlooked.
When VMWare audits coincide with renewal periods, customers can be in an prime position to negotiate a better software agreement or license deal as VMware sales teams are heavily incentivized to meet year-end targets.
A SAM solution identifies all installs of VMware products, addresses any under-licensing or over- licensing risks, and gives insight into usage of VMware products. It also provides information that can be used by SAM administrators to be clearer on the financial consequences of their actions (such as increasing resourcing to resolve performance issues).
Detailed usage stats empower customers to identify instances of unused software for the VMware products licensed per user, device, or virtual machine. With a SAM solution, you can ensure that all vCenters and ESXi hosts have the right number of processor licenses.
Strategies to deal with 5 top vendors
10
Q&AAudit and contract negotiation Q&A
You need to accept that a software audit can come at any time. There are however, some events that cause a vendor to step up audit activity. When companies launch new products they often leverage audits to pressure customers to shift to the new product lines. Another example occurs when a company shifts from perpetual licensing to a subscription-based model and when companies shift to SaaS delivery models.
When should I look out for audits?
Most importantly, do not do anything that could have legal repercussions or gives the impression you have tried to manipulate the results of an audit. Do not delete instances of the software in question from numerous machines that you believe may be out of compliance. If an audit is resolved in court even the semblance of impropriety could be costly.
What should I do first when I get audited?
If you think an audit is about finding the truth, you are mistaken – they are about winning and losing. Vendors want to prove you owe them, and you want to prove that you don’t. If you have a robust SAM solution that can create an accurate picture of what you are really using, then you are already winning. Having supporting data will not only help you in the audit, but if you find your organization has overbought, you have the upper hand for renegotiation of new software licenses.
Remember, a software vendor is auditing because they have a legal right to do so and a fiduciary duty to protect their technology from unauthorized use. You don’t have to see them as the ‘bad guy’ in an audit nor do you have to accept audit results will be bad. When presented with data that shows overspend, they understand the relationship with you is important and based on trust so they will likely be open to trade-offs and negotiation.
How can I avoid a massive audit compliance finding?
11
Preparation is key
When managing vendor software audits or contract negotiations, operating with technology intelligence can give you an accurate representation of your software usage to counter the view provided by the vendor.
Visibility across the entire estate is required
Individual reporting by each department and site in your estate can lead to inaccurate and incomplete data. Instead, using a comprehensive solution will allow you to discover and normalize data across all locations and devices.
A single source of truth is the difference
Remember that in an audit, the side with the best data wins. With no data or poorly cobbled together spreadsheets, you will be at a disadvantage in countering the vendor’s claims. Technology Intelligence gives the power back to you, with accurate visibility across the entire estate of deployment, configuration, licensing and usage.
If you are fortunate enough not to be facing a software vendor audit currently, now is the ideal time to identify and address risks before an audit letter, inevitably lands on your desk.
Conclusion
12
Contact Snow
Follow Snow
Copyright 2020 Snow Software AB. All Rights Reserved.
Snow Software is changing the way organizations understand and manage their technology consumption. Our technology intelligence platform provides comprehensive visibility and contextual insight across software, SaaS, hardware and cloud. With Snow, IT leaders can effectively optimize resources, enhance performance and enable operational agility in a hybrid world. To learn more, visit www.snowsoftware.com.
SAP Cost Optimization CalculatorCalculate Savings
