Computer software is an integral part of virtually every organizations infrastructure and operation. Information Technology, whether software, hardware, services or the cost to obtain and maintain them is often the single biggest expense for a company. That should be enough to motivate an organization to proactively monitor and manage the investment, but software has some nuances that often require greater attention than the rest. In the case of hardware, for example, when a company purchases it, it’s pretty much theirs to use as they wish. By contrast, we don’t buy software; we buy a license to use it, and the use rights are typically very restrictive and the penalties for non-compliance can be severe.
With so much invested, I’m often surprised that many organizations fail to proactively manage their software environment. It’s not just about ensuring compliance, although that is obviously a critical component. At Emerset, we often see organizations who buy more licenses than they need, simply to eliminate the risk of being under-licensed. Another needless expense we see occurs when they fail to consider whether users actually need the most recent version of an application. We also see organizations paying for Enterprise editions when Professional or a lesser edition may suffice.
Another software nuance is that products are often installed or accessed by users without the authority or even knowledge of IT Administrators. Even Administrators often expose organizations to license violations or needless expenses. A common occurrence is to install a newer version of software on a device without removing the previous version. In most cases, the older version will never be used again, but if the software vendor performs an audit, they will discover both and the organization will be required to produce licenses for each one.
Yet another common vulnerability occurs when users access company servers with their personal devices. Something as seemingly innocent as logging into email can result in a license violation if the user isn’t covered by a Client Access License (CAL).
There are countless areas in which an organization can violate their software licensing terms, but compliance is just one of many software licensing considerations. Even if an organization is fully compliant, there are many opportunities for cost savings or improved functionality. Most major software vendors change their product use rights regularly. In the case of Microsoft®, they change monthly. Volume Licensing customers typically retain the same rights they received when the purchased the license (Enterprise Agreement, etc.), but with so many frequent changes, it’s unlikely the customer will be fully aware when it’s time to true-up or renew. It’s also important to remember that whether an organization buys directly from Microsoft (or Oracle® or whomever) or from a reseller, either party is trying to sell them software and as such, is probably more interested in their margins than they are in saving you money.
At Emerset, we are not affiliated with Microsoft, Oracle or any of their resellers. This allows to objectively work on behalf of our clients to ensure complete compliance while negotiating the best deal for the customer, rather than for the software vendor. Since our core business is software licensing consulting, we are always up to date on the latest use rights and restrictions.
Another major benefit to working with Emerset is that since we work with multiple organizations, we have visibility to discounts and terms which have been negotiated by other organizations. This benchmarking knowledge lets assist our clients to negotiate their best discount and terms. Microsoft and their resellers obviously won’t do that.
Enterprise Agreement Negotiation and Renewal
Perhaps our most common engagement is to assist Microsoft Volume Licensing customers as they prepare to renew their Enterprise (EA) or other agreements. In this scenario, we begin by discussing the customer’s needs and desired outcomes, after which we provide a detailed Statement of Work. Once the parties agree upon the deliverables and schedule, we work with the customer to scan their environment and compare the results with their entitlements. This results in an Effective Licensing Position (ELP) spreadsheet which shows any license shortcomings or surplus. The next step is a financial analysis where we evaluate the current status and consider possible alternatives that may save the client money and/or help them reach their near term and long-term goals. We then begin to prepare for the negotiation. This step includes benchmarking of discounts, proposal analysis and negotiation strategies. We guide the customer through the negotiation until the agreement is signed, after which we offer contract maintenance services if desired.
Another important reason to enlist third party expertise is when an organization is faced with the almost inevitable compliance audit. The right to audit is an integral part of any software licensing agreement, and vendors such as Microsoft, Oracle, and most others exercise this right routinely. Microsoft and Oracle usually impose some form of audit at least once every three years. This can be presented in many forms and doesn’t necessarily mean the customer is suspected of non-compliance, but since the terms of the agreement allow for audits and require an offending customer to pay for the audit if discrepancies are found to be greater than 5 percent of complete compliance, there is very little financial risk to the vendor. It’s extremely rare to find an enterprise or even smaller customer to be within 5 percent of compliance, so the vendor has little risk of bearing the cost, but substantial opportunity for increased revenue.
The term “audit” may appear offensive to most, so software vendors often present it as a “self-assessment” or even as an offer to generously assist the customer to ensure that their Software Asset Management (SAM) practices are as they should be. The presented message is that the vendor is helping the customer with their SAM practices, but the customer will be required to report all installed software and pay for any unlicensed software which is discovered during the “assisted” evaluation. Software vendors will defend the practice and deny that this is an audit, but anytime an organization is asked to share their deployment data with the vendor and the vendor forces them to buy new licenses to cover shortfalls, it’s an audit.
There are many benefits to employing a qualified third party to assist with licensing needs. In addition to those already mentioned, there’s the issue of timing and availability of resources. The timing of true-ups and renewals is predetermined, but audits can occur at any time. Regardless of whether an audit is performed by a third party or if it’s a “self-assessment”, the process requires a great deal of time and expertise. Enlisting a third party won’t relieve the organization of the need to dedicate internal resources, but it’s extremely helpful to work with people who respond to audits on a regular basis. At Emerset, we can not only guide you through the process, but we can also help an organization evaluate and defend inaccurate findings. Here are just a few of the errors we have found while assisting clients during an audit:
Device CALs vs. User CALs (audit counted all devices and did not recognize that many were licensed under User CALs)
Multiple copies of Office™ installed on a single device and counted as multiple machines
Multiple versions of Visio™ and Project™ (Standard and Pro on the same machine, a new and old version that wasn’t removed when the product was upgraded)
Inactive users within Active Directory™ that haven’t been removed
BYOD devices that were counted as organizational devices
Counting virtual Windows Servers™ as physical licenses
Use of wrong licensing metrics for SQL Server™ and Windows Servers
Failure to recognize historical entitlements (products purchased 3-9 years ago) that can be used to mitigate current licensing gap
Licenses from mergers and acquisitions
Inaccuracies such as the above must be challenged and validated, which some organizations fail to do.
Once the accurate compliance status is determined, Emerset can also manage the commercial settlement negotiation.
IT Health Check
Some organizations wisely recognize the need to ensure that they are compliant without being overly-licensed before they are faced with a true-up, renewal or audit. In many of these cases, the organization has the resources and expertise to manage their environment going forward, but they seek assistance to ensure they’re starting with a baseline of compliance. In these situations, we offer an IT Health Check. The process is almost identical to preparing for a renewal or audit, but it can be done at the customers convenience and isn’t tied to the schedule of a mandatory audit or renewal.
The contents of this article may appear self-serving, as Emerset is in the business of software licensing consulting, but I hope it identifies some of the reasons to hire third-party expertise when necessary. Software licensing terms, packages and pricing are constantly changing. It’s extremely rare for an organization of any size to develop the internal expertise to enable them to ensure compliance and negotiate the best deal available.