The Provance Blog

The Provance Blog will provide you with expert advice, insights and opinions in regard to IT Service Management, Microsoft, Microsoft Dynamics 365 and Microsoft System Center.  

Two Dangerous SAM Practices That Could Cost You Millions

 

When it’s time to renew a license agreement, true up with a software publisher, or respond to a compliance audit, it's critical to accurately determine your license position. Too many licenses and you pay too much. Not enough licenses and you’ll pay a fine.

There are two dangerous SAM (software asset management) practices that undermine your ability to properly establish your license position and can result in severe financial and legal consequences. What’s astounding is that there is commercial software for IT asset management that enables and actively promotes these approaches!

One of these dangerous practices is basing license entitlement solely on purchases. In other words, calculating your license position on the assumption that purchasing one unit of a software product entitles you to one installation of the software. In fact, correct calculation of license entitlement must take into account both the quantity and conditions of the license.

For example, let’s say you have purchased 5,000 licenses of software product A version 2.0 at an average cost of $200 per license. Your discovery tool finds 5,000 installations of the software. An IT asset management tool that calculates your license position based only on purchases shows you that you are fully compliant.

 
Example of an IT asset management tool that calculates license position based on purchase count

However, what if the licenses you purchased were upgrade SKUs that require an underlying license for version 1.0 of the product? If you do not have the required base licenses, or if you do have the required base licenses but that version of the software is already installed on other computers, your installation of product A version 2.0 is under licensed by 5,000! 


License position properly calculated taking upgrade rights into account in the Provance IT Asset Management Pack

Your minimum exposure in this case is a true up payment equal to the purchase price of the required base licenses. If the base licenses of product A version 1.0 also cost $200, your required true up is:

5,000 x $200 = $1 million

That’s the best case scenario. Many vendors charge a penalty equal to a multiple of the full list price for software that has been used but not licensed. The list price is typically higher than the discounted volume rate for your license agreement, and the premium can be a multiplier of 2 or 3, or even greater. Assuming list price is 10% higher than your volume purchase discount for product A version 2.0, and the license shortfall penalty is 50%, your required true up is:

5,000 x $200 x 110% X 150% = $1.65 million

That’s not even the worst case scenario. If your license shortfall was discovered as part of an enforcement audit rather than an amicable renewal with your software vendor, in addition to license true up you could be subject to non-compliance fines, and potentially imprisonment. BSA – The Software Alliance is an international organization that conducts vigorous enforcement programs in approximately 50 countries. At their web site they publish names of companies found in violation of license agreements, details of settlements, and outlines of the fines and prison terms in each country.

This example is just one illustration that license purchases alone are not a reliable method to determine entitlement. In addition to upgrade rights, other license conditions that affect entitlement include downgrade rights, user based licenses, multi-product licenses, licenses permitting multiple installations, etc.

License position is determined by comparing your entitlement to your actual deployment. While it is essential that your license entitlement is calculated correctly, it is equally critical to ensure you have precise information about software installations. This requires taking information from a software discovery tool and making sure the information is formatted to allow direct comparison with your entitlement information. For example, Microsoft System Center 2012 – Configuration Manager identifies several different instances of installed software that all represent the same single version of Microsoft Office Professional 2010:

For this reason, it is necessary to assign, or map the discovered software items to titles and versions in the same way you are using them for entitlement.

The most reliable and accurate method is to explicitly map the discovery information to titles and versions. The databases of the discovery tools are massive – Configuration Manager has hundreds of thousands of records – and the information is constantly changing as new software versions are released. Explicit mapping is the only way to be one hundred percent confident that you have an accurate count of what’s installed in order to correctly determine your license position.

The second dangerous practice is using pattern matching as a shortcut in lieu of explicitly mapping your discovered software, a method advocated in certain commercial software for IT asset management. Think about it. Can you be one hundred percent certain that an expression using wildcards will always return the correct result from a constantly changing database of between a half million and a million records? One small error can create disastrous results.

For example, if you fail to map five or six of the many different ways Configuration Manager detects the same version of Microsoft Office Professional 2010 (shown above), you will not count all of your installations. Assuming a proportional number of each software item, missing six titles of the above 29 variations will give you a shortage of 20%, or 1,000 titles! That would require a true up of $200,000, assuming the best case scenario described above. Conversely, if you incorrectly count extra software items that do not correlate to an installation of software, such as patches or language packs, you will unnecessarily over purchase licenses. 

In even a modest size organization working with a handful of software publishers, the cost of implementing either one of these two dangerous software asset management practices could have massive financial impact and severe legal consequences. At the very least, avoid any IT asset management product that actively promotes these practices! No matter what kind of a bargain it may seem, this kind of software could ultimately cost you millions.

 @gordwatts



Comments are closed.
[CommentData]