BDNA White Paper Software Audits Three Ways to Cut the Cost and Pain of a Software Audit
Introduction Software vendors frequently and without warning audit customers to ensure they are in compliance with license contracting terms. For software vendors, it's simple business logic: make sure customers pay for any software usage above and beyond what they are entitled. Customers who aren't in compliance must buy additional licenses or pay a true-up and uninstall unlicensed software. But for the customers, providing proof that the organization is using only properly licensed software can be cumbersome and complicated. According to a Gartner survey, 61% of respondents had experienced at least one software audit in 2011; that number rose to 65% in 2012 1. The survey also found this trend across almost every major vendor (see Table below). This increase in software audits is coming when IT teams are already under pressure to do more in less time with smaller budgets. This paper examines the challenges of preparing for a vendor audit and explores how companies can: simplify the process potentially reduce or eliminate a true-up establish a reusable process for Software Asset Management (SAM) Vendor audits are on the rise IBM Oracle Microsoft SAP 2012 2011 VMware 0% 10% 20% 30% 40% 50% 60% Percent of Survey Respondents Challenges in Responding to Audit Requests Being prepared for a vendor audit means having easy access to the information necessary to demonstrate compliance with licensing contracts. To get this information, IT needs to identify inconsistencies and gaps in the data, then address those inconsistencies and gaps. 1. Enterprise-wide cooperation Responding to a vendor audit is an all hands on deck exercise. Multiple departments including IT, collectively and strategize for the best outcome. Instead, technical, political and organizational challenges often prevent the departments from working as a team. An audit requires detailed information about purchases, entitlements, contracts Baseline preparation for an audit from a single vendor, single product requires a Procurement person, a Legal person and an IT person for 4-6 weeks - Walter Taylor Former Procurement Head, Bank of America
2. Data collection and reporting issues Collecting purchase and deployment data and reporting on it clearly and consistently is vital to audit preparation. Unfortunately, this task can consume as much as 80 percent of the time allotted by the software for the rest of the process. Deployment Data Theoretically, IT managers should be able to track the installed software across the client machines and servers using Discovery solutions such as HP DDMI/UD Microsoft SCCM. In reality, this data is often full of discrepancies for two reasons: Multiple sources: IT asset data across the disparate sources is inconsistent and/or incompatible, and therefore doesn t combine easily. Data Quality: Data from these disparate sources is low quality and creates inconsistencies that the IT team must manually reconcile. The system may contain multiple names for a single vendor, multiple names for a single product, and/or multiple versions of a product. Consider Adobe Acrobat, which might appear in any or all of these ways: Software - Adobe Acrobat Adobe Acrobat 8 Standard - English Adobe Acrobat 6.0 Standard - English Adobe Acrobat 7.0 Standard - English Acrobat Acrobat 05 Acrobat 06 Acrobat 4.0 Acrobat 5 Acrobat 6.0 Pro Acrobat 8 Professional Acrobat 6.0 Standard Acrobat Professional 11.0.02 (R1) Acrobat Professional 6.0.1 R1 Acrobat Standard 6.0.1 R1 Acrobat Standard 8.1.5 (R1) Acrobat X Pro Acrobat X Professional 10.0.0 AcrobatProfessional [AIS] AcrobatProfessionalExtended [AIS] 09.00.0000.0101 Acrobat_Reader_705 These inconsistent records cause data quality issues over- or under-counting when taking inventory. create an accurate picture of deployments. Entitlement Data IT managers also run into issues in determining what their licenses entitle them to install and use. There are numerous causes for this: Procurement data doesn t translate easily to an SKUs, part descriptions, and maintenance contracts may be incomplete, depending on whether the company purchased the software from a vendor or a reseller. Procurement and discovery systems report Procurement may report bundles of systems report on components within the bundle (i.e. Word, Excel, PowerPoint, and Outlook). As software is purchased through corporate agreements, in bundles, as part of an OEM purchase, or through a retailer, merger/acquisition, or a free trial, reconciling the license terms is End-of-Life (EoL) and End-of Support (EoS) dates, packaging options, and upgrade status provide leverage. Complex licensing rules and criteria. Rules may be IT must be able to take data automatically from procurement systems to determine the exact gauge its true vendor spend or demand credit for prior purchases.
End-to-End Data Alignment IT managers must be able to align product names in procurement systems against those in deployment systems. This is critical to be able to track all software purchases and determine what's been purchased but is not in use, as opposed to what has been installed and put into production. If a company has no single ITAM system of record, matching licensing to actual use can For a true end-to-end picture of the IT environment, the IT team must be able to read all of its assets in a common language or IT taxonomy across the environment. Every department including IT, to ensure that assets are named and categorized the same, regardless of who purchased them or where they're located. Unfortunately, this rarely happens. Entitlement Data Procurement Systems Lack of end-to-end alignment? Deployment Data Discovery Sources Adobe Adobe Systems Acrobat.exe Acrobat 9 Standard English,Francais, Deutsch No correlation of data Adobe Adobe Systems Incorporated Adobe Acrobat 7.0 Standard Adobe Acrobat 7.0.7 Standard Adobe Systems Inc Adobe Acrobat 5.0 Adobe Systems, Inc. Adobe Acrobat 8 Professional Adobe Systems Incorporated Adobe Acrobat 7.0 Standard Adobe Systems, Incorporated Adobe Acrobat 8.1.3 Professional Solution: Complete and accurate visibility to software and entitlements To address data collection and reporting issues, organizations should create an enterprise-wide baseline inventory of current software & entitlements. Use Discovery solutions to determine the deployed software Using an automated discovery tool will make gathering the data much faster and more reliable. Get purchase data directly from the source Procurement systems have the authoritative source of purchase order data. This can be used to determine the entitlements. Normalize software data about deployment as well as entitlement for end-to-end alignment Use a reference catalog containing standardized vendor names, product names, and version information to update and correct information about all software and ensure the information is clean, consistent, and authoritative across systems, including the ITAM system. Enrich software data with further details Enrich your inventory of vendor, product, and version data about currently installed software with further information, including but not limited to license details, compatibility, product lifecycle, support details, software/hardware dependencies, etc. Enrich software data with further details Enrich your inventory of vendor, product, and version data about currently installed software with further information, including but not limited to license details, compatibility, product lifecycle, support details, software/hardware dependencies, etc. The result is a complete, consistent, and current inventory of data about software across the organization: what has been purchased, what is installed and in use on what hardware, and what has been installed but is not currently in use. This inventory can then be used as-is or loaded back into IT's operational or reporting systems to create reports on for becoming compliant. The top challenge customers face in achieving license compliance is complex closely by virtualized environments that are Asset Management (SAM) managers to - KPMG Is unlicensed software hurting your bottom line?, 2013
3. Inability to address non-compliance Compatibility: Suite availability: Support status: Solution: Be proactive instead of reactive Create a Software Asset Management (SAM) team Invest in a SAM solution Make SAM a repeatable process Work proactively with vendors SAM Maturity Model Optimized (License optimization) Automated (Asset Management tools in place) Repeatable (manual but proactive) Ad-Hoc (audit based, reactive)
BDNA: On Your Team for Software Audits and SAM Practice BDNA solves the data challenges for software audits by providing clean, aggregate data from multiple sources including Discovery solutions, Client Management solutions and Procurement systems. Using Technopedia TM, the world s largest catalog of hardware and software assets, BDNA normalizes data from multiple sources and enriches it to provide consistent, Asset Management. BDNA Technopedia TM Technopedia is the world s largest and most comprehensive catalog of IT hardware and software product information. With more than 1 million foundation for a common language so that data from multiple sources can be mapped to a single identity. It categorizes and aligns more than 40 million data points about 500,000+ software releases, 600,000+ hardware products, and 20,000+ vendors, with updates of more than 2,500 data points daily. Technopedia data is available in a Data as a Service (DaaS) model to ensure customers have access to the most current data set. BDNA updates this reference catalog daily to keep pace with market dynamics. BDNA Normalize TM discovery data to eliminate inconsistencies in vendor and product data, giving IT a clear enterprise-wide picture of what software is installed, where, and where it is or isn't in use. It extracts inventory data from more than 30 HP Universal Discovery (UD) and Microsoft SCCM. It leverages Technopedia to normalize the data to a duplicates. It further enriches the data with non-discoverable market intelligence information such as end of life dates, license options, temperature ratings, physical dimensions, and more. It updates the data daily to keep it current. BDNA Normalize for Purchase Orders BDNA Normalize for Purchase Orders provides clarity, consistency and completeness to procurement s most critical business record. It automatically translates procurement data to entitlements to give IT a comprehensive record of all software purchases throughout the organization. It extracts procurement data from SAP, Ariba, and many other sources. It leverages Technopedia to normalize the data in a consistent format that removes duplicates and It automatically translates both structured (product number) and unstructured (product description) procurement data to determine exact products, quantities, and other details. It further enriches the data with additional information including license metrics, license types, and terms. It counts entitlement quantities to determine the With BDNA, IT organizations can tackle the challenges of vendor audits head-on by: Turning data from discovery and client management solutions into an accurate picture of deployment, Turning data from procurement systems into greater Leveraging additional relevant marketing intelligence for transformation and compliance initiatives, and Ensuring an up-to-date inventory of software assets at all times. BDNA solutions let organizations respond to even the most unexpected software audit with accurate, current reports that prove they are in compliance or, if not, determine precisely what needs to be done to achieve compliance. And because BDNA delivers its solutions as a service, its ongoing strategic needs. 1. Gartner, The Software Vendors That Are Auditing Now and What to Do About It, March 2012 About BDNA To learn more about BDNA solutions visit www.bdna.com 339 North Bernardo Avenue, Suite 206 Mountain View, CA 94043, USA T: +1 (650) 625-9530 E: sales@bdna.com