‘What Device Is That?’ Visibility to See the Unseen

When I look at my home network, it isn’t easy to determine which device is which. So when I’m looking at the number of devices connected to the corporate network, I’m amazed.

The game of hide-and-seek to find a new device (or even an application) and determine its legitimacy can be painful.

This is why visibility is so important. Without it, consider the following challenges you face among IT priorities:

  • Security

The threats you don’t know about can be the scariest. Whether it’s a rogue device or malware brought in on through a new app, it doesn’t belong.

You need to know when a threat exists in order to ensure it’s removed.

  • Asset management

You don’t want to fail an audit, nor do you want to buy unnecessary licenses. You need visibility to know what software is running, when and where it’s being used—as well as the associated allocations—in order to maintain compliance.

  • Endpoint management

Users replace BYO devices all the time, but are you sure that new device you’re seeing belongs to one of your users? You need to know so you can take appropriate action.

  • Service management

Without visibility, it’s hard to deliver optimal experiences. Service management teams need to see and understand the impact changes have on services and processes in order to ensure quality.

That’s why we’re excited about our latest LANDESK product releases.

We’re delivering the tools you need so you can see what is entering your environment, be it new hardware or software, and the all the necessary information so you can take action.

We’re showing these new solutions and more at Gartner Symposium/ITxpo this week. Stop by booth #413 to learn more!

The Info-Tech Quadrant: Why LANDESK Is Different

Until I read the 66-page Vendor Landscape: IT Asset Management (ITAM) report from Info-Tech Research Group (which you can download below), I had no clue what Harvey Balls were. And the report is chock-full of them.

dots

Created in the 1970s by Booz Allen Hamilton consultant Harvey Poppel, Harvey Balls are round ideograms of qualitative information commonly used to indicate the degree to which a certain item meets a particular criterion.

Harvey Balls and Harvey Ball aren’t the same thing.

I also learned that Harvey Balls are not to be confused with Harvey Ball. Turns out Mr. Ball was a graphic designer and WWII vet who received the Bronze Star for bravery on Okinawa, started his own ad agency in 1959, and designed the original “smiley” in 1963 that has become an enduring, international icon.

sssssssssssThe bottom line is this: As you’ll discover in the Info-Tech report, if a particular IT asset management solution—like LANDESK IT Asset Management Suite—strings enough “solid” or “nearly solid” Harvey Balls together, it lands in the “Champions” quadrant of leading products from leading vendors. And that puts a “smiley” on the faces of a lot of people.

Well I (be) TAM’d. LANDESK’s a champion!

Info-Tech evaluated 15 competitors in the ITAM market, focusing on those vendors that offer capabilities across multiple platforms and “that have a strong market presence and/or reputational presence among enterprises.”

The report states, “table stakes represent the minimum standard features that determine whether a product even gets reviewed. If table stakes are all you need from your IT asset management tool solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.” Indeed, the report (with all of its Harvey Balls) is a chance for you to dig deeper.

The Champions quadrant features LANDESK and five other notable performers: Aspera, BMC Asset Core, IBM Control Desk, Scalable Software, and Snow Software. Though not quite in the Champions quadrant, ManageEngine was recognized for its overall value.

dddddddddddddddddddddd

As the report recommends, each vendor offers a different feature set and organizations should concentrate on what their genuine needs are and balance the individual strengths of the solutions evaluated to meet those needs.

LANDESK ranked as an exemplary performer along with IBM, BMC Remedy, and ManageEngine in offering ITAM solutions along with integrated desktop management and systems management tools for IT operations. The report states that LANDESK IT Asset Management Suite “is designed to work alone or in full integration with the service management suite, including CMDB, with auditing to validate against proposed changes.”

The report continues, “LANDESK takes a practical approach to asset management, considering end-to-end processes for technicians and managers. LANDESK has a strong focus on systems and service management with discovery built in. Where a complete asset and systems solution is needed, this could be a good fit. However, on its own, Data Analytics is not a complete asset solution.”

The greatest differentiator? Green.

Perhaps the greatest differentiator is that only LANDESK offers every single feature that Info-Tech evaluated. Only green lights. No yellows or reds.

ITAM

In the report, Info-Tech uses green, yellow, and red traffic lights or “stoplights” as visual representations of individual features. Fully present (green light) means “all aspects and capabilities of the feature described are in evidence.” Partially present (yellow light) means “some, but not all, aspects and capabilities of the feature as described are in evidence, OR all aspects and capabilities of the feature as described are in evidence, but only for some models in a line.” Fully absent (red light) means “all aspects and capabilities of the feature described are missing or lacking.”

ITAM

ITAM2

Download the report to learn more!

No solution is the right fit for every organization, but LANDESK IT Asset Management Suite is definitely worth a serious look. The suite encompasses Asset Central, an on premise or cloud-based solution designed to manage your assets’ lifecycles from purchase through allocation and usage and eventually to disposal.

In addition, the Suite includes Asset Intelligence, a product built to discover and inventory owned hardware and software, connect with vendors to monitor new purchases, and track how your users interact with your IT assets.

When combined, Asset Central and Asset Intelligence deliver a complete view of your IT asset management position in a single ITAM suite.

InfoTech-blogbanner

Former Gartner Analyst Talks About LANDESK’s ITAM Champion Award

As the global leader in user-centered IT management, LANDESK was thrilled to be named Champion in the IT Asset Management Vendor Landscape Report by the Info-Tech Research Group earlier this month! (Read the full report below.)

LANDESK CEO, Steve Daly, commented, “LANDESK offers the most comprehensive IT and software asset management software out there, and we love that prominent influencers are pointing IT and finance leaders our way.”

Being recognized on this level inspired us to sit down with a few members of the LANDESK ITAM team to get their reactions to the report. Below are some questions and answers from ITAM evangelist, Patricia Adams.

1. Prior to  joining LANDESK, you were a research director at Gartner for 21 years. Why did you decide to join LANDESK?

After a long tenure with Gartner, I began reflecting on the next step in my career and realized that I wanted to try being on the vendor side. I spent most of my career advising vendors on functionality that customers were looking for in tools or problems that they wanted to solve. With this knowledge of the marketplace, I felt that LANDESK was the vendor best positioned to offer a complete one-stop-shop for ITAM.

With discovery and inventory, client management, security, and service desk, LANDESK had solutions that supported adjacent problems that ITAM/SAM either intersected with or provided data for. Helping to build the best ITAM complete solution in the market was a very appealing challenge.

2. Talk about the Info-Tech report. What are the big takeaways for you about the ITAM space? 

I’m not aware of any other IT research firms that conducted a comprehensive analysis of the ITAM/SAM market and graphically depicted it. Info-Tech looked at the different aspects of what asset managers need from a solution and evaluated the vendors against 15 different criteria.

The criteria are all meaningful to a successful ITAM program. Just focusing on one or a few elements, such as discovery and normalization complex licensing, is not enough to completely understand and differentiate the tools. Knowing whether you are buying a solution that will address the majority of your asset-related problems instead of just one or two of them is critical when purchasing a solution.

3. You attend a lot of events and talk to a lot of customers. What are the biggest trends in ITAM right now? Which way are the industry winds blowing?

One of the top ITAM trends that has persisted since 2008 is software vendor audits. I would love for this problem to be solved in the next decade, but vendors keep changing their licensing models. Additionally, new technologies are introduced that suddenly change the rules of the licensing game. We saw this happen with virtualization and more recently with broad adoption of cloud applications. BYOD and Bring Your Own App (BYOA) are also posing new challenges to asset managers.

BYOD and Bring Your Own App (BYOA) are also posing new challenges to asset managers.

Other trends that are going to have an impact on ITAM within the next five to ten years are Internet of Things (IoT), open source software, and artificial intelligence. However, the greatest impact will be felt on the security side. With increasing numbers of security incidents, it is paramount that asset managers adopt a proactive stance to reduce corporate risk and support the security goals.

4. Why should IT departments consider an ITAM solution right now?

One of my favorite sayings is that ITAM is equivalent to an insurance policy. Insurance is a key piece of any corporate strategy. When an event happens, such as an audit, a company will be very happy that they invested the time and effort to have visibility needed to respond to an audit.

The average cost of an audit for a medium-sized business runs about $250K,  just for internal expenses. Justifying the investment in an ITAM/SAM program after three or four audits, especially if they happen annually, can be very easy.

5. What’s your favorite movie ever? 

I’m so happy you asked about movies instead of favorite song (although I am really enjoying the soundtrack for the Broadway musical Hamilton right now). Hmm… favorite movie… right now I am enjoying a lot of the foreign films that Delta Air Lines has on their movie menu. The movies all have subtitles so it makes it hard to work at the same time because I have to read to follow the plot.

Click the banner below to learn why LANDESK was named Champion by Info-Tech this year!

InfoTech-blogbanner

How to Integrate a CMDB With IT Asset Management (ITAM)

When I meet with organizations that are looking for an asset management solution, I am often asked whether the configuration management database (CMDB) can be used for tracking IT assets using ITAM best practices.

The issue that arises when implementing a CMDB with an ITAM solution is the belief that there is a feature overlap when using both solutions. For example, an IT asset located in the asset management database could also be a configuration item (CI) in the CMDB, so how do you avoid duplicating an asset in both databases?

Let’s use an analogy by looking at how airlines manage their flights and their equipment and planes.

Imagine booking a flight from New York to London. The flight you are looking for is identified by the flight number 192. In the airline’s database, flight 192 from NY to London consists of a plane, crew, gate, gate agents, and ground crew.
Airlines also maintain another database that tracks their equipment and planes. The database that tracks aircraft contains information such as capacity, purchase/contract information, and performance data along with historical maintenance records.

Let’s imagine that a Boeing 777 identified as B777-1421 is assigned to flight 192; however, a problem has been found on B777-1421. After an equipment change request, the airline removes B777-1421 from service, and replaces it with a plane identified as B777-1502. 2Even though a different aircraft (ID: 1502) will be used to support flight 192, the flight number does not change. Managing a CMDB with IT asset management is similar to managing the flight database with an equipment/plane inventory database.

In most cases, a CI is a combination of IT assets, such as an email server which consists of hardware and software. Let’s use an example of an email CI named EMAIL-SRV that is using a physical server named SRV01.

3SRV01 is an older server with a slower processor and less memory. A change request is issued to replace SRV01 with newer server named SRV02.

4

After replacing the server, the email CI is then updated with the new server’s information and configuration; however, the name of the CI, EMAIL-SRV would not be changed.

5With seamless integration between a CMDB and the IT asset management database, the IT asset can be directly linked to the CI located in the CMDB instead of being recreated. This is similar to how airlines link equipment/planes to their flight database.

CMDB vs ITAM: Why do you need both solutions?

Even though many properties of a CI are similar to those of an IT asset, the lifecycle process for each is much different.

6
CIs are IT assets that affect business processes. CIs are usually associated with ITIL processes such as problem, change, and release management.

Configuration management objectives look at IT assets from an operational and support perspective. Asset availability and stability impact an organization’s day-to-day operations, so assets need to be documented along with their configuration and service offerings.

An IT asset is part of the organization’s IT asset inventory and usually contains information associated with contracts, cost centers, lifecycle status, and location.

 

Asset management processes will assign, unassigned, or re-assigned IT assets to end-users or to CIs so that assets are not misplaced or lost. 7

ITAM objectives focus on managing an IT asset’s overall cost, including ownership, associated contracts with asset lifecycle, warranty, and refresh information. ITAM focuses on IT assets from an organization’s financial perspective.

Summary

To efficiently manage IT assets, separate the IT assets from the CIs. Implement ITAM best practices for the IT asset management database using automated ITAM processes. Be sure to use a solution that has a strong integration between the CMDB and the IT asset management database so that asset information can be shared between the two solutions.

Lost Assets and Rogue devices Part II

Rogue DevicesIn part one of this blog series, we discussed how tracking rogue IT assets is very similar to tracking down stray livestock during the annual roundup. With IT assets, that roundup often comes during an audit or annual hardware refresh and often comes in the form of someone looking around the office and cataloguing devices in a spreadsheet; which is not only ineffective but costly. As you know, LANDESK has always offered asset discovery, we have to know what devices you have in order to manage those devices. This has often been in the form of active network discovery. You pick a location (subnet) and start scanning and it will return a report of devices on that network, eliminating the need to send someone around the office. Or does it? As we mentioned in the previous blog, this is just a targeted look into the network. The device might not be on that subnet or might have certain security features enabled that prevent the sweep from being successful. So that leads us to the need for passive scanning capabilities. However, setting this up can take some planning and often serious IT effort.

What does passive scanning offer that active discovery does not? Our passive discovery is listening to the ARP requests to see what devices come online. It send a CBA ping request to see if that agent is managed; if it does not respond to the request, it is marked as unmanaged and a list is sent to the core server. The benefit to this over a standard IP ping is, I have yet to find a way to have a device connect to a network without sending out ARP discovery packets.

Now that we understand that we should have passive scanning enabled, how do we go about reconfiguring my network to do this? LANDESK System and Security Suite 2016 has simplified this by automatically enabling passive scanning by default on all devices. Now, if you have been with LANDESK for a while, you are saying to yourself, “Wait a minute! I have been warned for years not have passive scanning on all devices, especially devices that leave the office as I will often get false positives and create a backlog of devices I need to determine if they are on my network or the local coffee shops.” In 2016 we introduced a new platform technology that will help eliminate this administrative mess while maintaining the benefits of passive discovery. Self-electing subnet services (SESS), is enabled by default for all windows devices, currently multicast and passive unmanaged device discovery (formerly referred to as Extended device discovery (XDD) or the marketing term of neighborhood watch) operate on SESS with more to be added in future releases.

To dive a little deeper into this, SESS is now available to be configured on a per-agent setting, it can also be disabled/enabled per subnet. The configuration options are limited to XDD both for ARP and WAP.  You can set your thresholds and either enable or disable the ability to perform said service. So the next comment that is often mentioned is, I do not want or need all of my devices preforming this service. That is where the advantage of SESS comes into play. Once we have decided what agent settings to use, the devices on that subnet hold an election to designate a host to talk back to the core server. If that device goes offline, another election is held and a new system is elected to talk back to the core server, so you will always have a device preforming these capabilities.

Now that we have discussed needing to find our assets, how to go about doing so? Let’s cover a real-world example that we saw during our LDMS 2016 field test. Remember, I stated earlier that discovery is enabled by default. During field testing, we had a customer that installed the agent to his pilot test group; this covered multiple subnets by chance. As we were discussing the new features in 2016, SESS came up and they stated, “That will probably be useful on our remote subnets but the subnets local we know what is out there.” They pulled up unmanaged device discovery and were a bit surprised to see that we had already located 30 some odd computers on this local subnet alone. Looking at the list, most were laptop and a few were BYOD but somewhere company resources as well as a handful of desktops they had purchased and installed in the last 6 months or so and forgotten about.  They were surprised by the results to stay the least and stated that this was going to a huge help in starting to get full control of their resources both for keeping track of company assets and knowing what rogue devices are on that network that might be causing significant risk to the business.

Lost Assets and Rogue devices Part I

Rouge Devices

Have you ever misplaced something? Of course you have, we all have. When this occurs, the realization that you have lost something or, even worse, that someone else may be in possession of that missing item, causes us to have various reactions from anger to fear and sadness. These reactions cause us to start the next phase of actions which may be anything from panic to a methodical search and recovery.

I have seen or experienced many of the different reactions that occur when I’ve lost an asset.

Different types of assets require a difference in the ways that we react to a loss or even a rogue asset. There was a time when I was listening to some ranchers discuss their assets (sheep and cattle), it was the time of year that they were gathering their assets from the vast western ranges that they use to graze their stock on. During the conversation, one of the ranchers stated, “Don’t worry we will find all of the sheep, we have them fully contained, there is no way for them to escape. The Atlantic is on one side and the Pacific is on the other side, how could we possibly come up short?” After much laughter about how impossible it would be if that were the actual boundaries, it became obvious that, at times, that is how IT assets are managed.

Later in the discussion, another mentioned he was missing a few of his assets, he was sure that they were still on location but he just couldn’t find them, every day we would look for them and the next day they would have moved to a different part of the place in the night. Sometimes, in IT, we have the same type of experience with roaming users and their IT assets.

IT asset management starts with a complete inventory of what is in the environment, fortunately IT assets can’t just walk away without help. Many of the technologies that we use to find IT assets may lead us to a similar experience as the rancher looking for his cows, sometimes they are on and other times they are gone. Active discovery of network-attached devices is prone to the same misleading results as looking in different parts of the pasture each day. While the assets are still there, we are unable to know this if we aren’t at the right spot at the right time. Passive network discovery technologies allow us to know when any asset is on the network and reports this. Automated passive discovery is the first step in completing our knowledge about what assets are in the environment, as well as exposing the assets that should not be in there. Rogue devices can bring significant risks to the business and can have devastating impacts.

Implementation of a passive discovery tool should be a high priority to all IT that want to ensure that they are properly managing their assets and securing their environments from unknown risks.

What is IT Asset Management?

IT asset managementAfter working in the IT industry for over 20 years, I’m still surprised when I come across very loose interpretations that claim to define IT asset management. To be fair, the term asset management has different meanings depending upon the audience. If I was on Wall Street, or worked in financial services, the term asset applies to stocks, bonds, real estate and other types of financial assets. When speaking to an audience that is focused on tracking all of the assets a corporation owns, they would think of it in terms of enterprise asset management. This covers the real estate, buildings, fleet, machinery, power plants, planes, basically all of the enterprise assets that are capitalized and on the balance sheet. When it comes to IT assets, we are specifically referring to those assets that enable the IT side of the business to run. In some cases, these technology assets might not be controlled by IT because it is the rare company today that doesn’t have software and hardware that is supporting the development of a product or helping their business to run more efficiently.

Once we narrow the definition down to IT-only assets, there is still confusion. Let me begin by differentiating ITAM from discovery and inventory tools. Discovery and inventory tools are used to scan the network looking for IP addresses. After one is found, it will run a scan of all installed software. If the tool uses an agent, the agent will be pre-installed on the device and a scan will be scheduled to run a specified schedule.

What is an ITAM database?

An ITAM database has three components to it – physical, financial and contractual. The physical info is collected using the discovery and inventory sources to accept data those shows what is deployed. It will also provide visibility into all IT assets that might be in a stockroom, but not yet deployed or maybe scheduled for retirement. This stockroom info is typically collected using manual processes, bar code readers or RFID systems if they are installed.

The second component of ITAM is the financial data. This data is often collected from a purchasing system or from a purchase order. It indicates purchase order #, vendor name, quantity, make and model, purchase price, depreciation, cost center, and other financial attributes that an organization might need visibility into. Tracking financial attributes about an asset is useful to understand total cost of ownership, return on investment and assign costs to projects and IT business services.  It also helps an organization understand technical debt associated legacy applications, for example on the mainframe, and enable better decision making about end of life for an asset.

The third component of ITAM is the contract data. This data is often collected from the reseller directly from the vendor/supplier or from a contract management system if one is in place. It will include the information from the final negotiated version of the contract, not the iterations during negotiation. Details such as version number, license entitlement, license type, vendor SKU, training days, service levels, maintenance and other important contract facts. If it is a cloud or Software as a Service purchase, the details will include quantity, license type, device count, purchase price, whether you are bringing your own software to the cloud instance, contract timeframe to name a few.

Software and hardware asset management

Data from these sources is consolidated into a database which becomes the information hub. Regardless of whether the data is related to software, hardware or services associated with that equipment it is stored centrally. Software asset management and hardware asset management is a subset of ITAM. Without visibility into the hardware, it becomes impossible to ensure software is installed in compliance with the license agreement. Similarly, without insight into contract SLAs and integration into IT service management tools, that provides incident and problem management info, it is difficult to do effective vendor and performance management.

As with most things involving technology, definitions, interpretations and the ways we think about something will evolve over time. When artificial intelligence takes over ITAM, I’m sure the definition will evolve once again.

Recycling Your Assets: Back to the Future!

Plastic bottles in trash bin with recycle sign

I recently stumbled across some old corporate documents and was reminded that our first attempt at “branding” our business involved a logo that incorporated the universal sign for “recycling.”  In hindsight, it is funny to think that we even considered what we were doing at the time to be close enough to “recycling” that we would try to portray that image. But, with no marketing plan or budget, we had no place better to look for “branding” inspiration than the bottom of a milk carton!

This all happened back in 2001 when we really didn’t need to know much about recycling because we could sell pretty much every computer we got in. It seemed like every friend, family member or stranger that heard we were reselling used computers would inevitably come to the conclusion that, for the right price, it sure would be nice to have an extra computer or two around the house.  Maybe one in the basement “just for the kid’s games” or maybe a laptop that they could use to “check emails” while watching TV.

We would often find it funny that people wanted all these “extra” computers. I remember thinking about the scene in the movie “Back to the Future” where Marty McFly (Michael J Fox) finds himself back in 1955 trying to explain that he has two television sets. He is being laughed at and told “you must be rich” or “nobody has two televisions.” I would imagine myself going back in time to 1990 and trying to explain to people that in just 10 years you would have multiple computers around the house, that you could have two gigantic CRT monitors at your desk (assuming you had a very sturdy desk) and that most college kids carried laptops to class!

While the consumer demand for used hardware eventually started to decline, the demand for more access to the internet continues to skyrocket. Those same people that wanted an “extra” computer are now saying “Hey, Siri….send Mike a text message and ask if he can take back this piece of junk he sold me 10 years ago.”

Needless to say, the IT “recycling” industry has evolved drastically in the 15 years we have been involved in it. We now regularly have to recycle over 50% of the hardware assets that come out of corporate environments.

In thinking about this post, I “Googled” the phrase “percentage of emails opened on mobile devices” and quickly found the statto be 55% or more. This means that over half of you likely are reading this from a phone or tablet. So what are we going to do with all these electronic devices that we carry with us everywhere? More importantly, what about all the other devices out there now that we use to run our lives….including the devices that haven’t even been invented or become mainstream yet?

Hopefully, someday we will all be watching “Back to the Future IX” and we will chuckle when Marty McFly the third travels back to 2016 and finds out that before “The Internet of Things” really took off people only had three devices each. Oh the hilarity! Let’s hope he doesn’t slip up and accidentally tell us the answer as to how to manage the environmental ramifications of all these devices because he will mess up the space-time continuum….and we all know what happens then!

There is an interesting segment of the Wikipedia about Earth Day Wiki that talks about the predictions from the first Earth Day event in 1970. The predictions were wild and ranged from beliefs such as 80% of all of earth’s animals becoming extinct, to mass starvation and famine all the way to having no crude oil remaining on the planet. Most of these predictions had targeted the year 2000 as to when all of this horror would become reality.

This goes to show that we may not always be the best predictors of what the future holds, but hopefully we are getting better at adapting to change.  Over the last few years, there has been a definite shift in our Clients thought processes about handling assets they no longer need.  Hopefully this will continue and we will somehow find a way to keep adjusting the solutions to keep pace with the rate at which technology is changing.  As they say, only time will tell.

Re-Source Partners is a LANDESK One partner. To learn more, visit the LANDESK One partner page.

What Is The Real Cost of a Software Audit?

Software audit pain

The threat of your organization experiencing a software audit in the near future is genuine. Gartner predicts that 68% of organizations can expect at least one software audit request in the next 12 months. And 52% of organizations say their software has been audited multiple times.1

Software vendors leverage audits as legitimate revenue generators. They’re looking to protect their intellectual property, and are in search of their next target by monitoring inconsistent purchasing or recordkeeping. Anything perceived as suspicious in your organization could trigger an audit, and failing an audit could trigger more audits.

Having established that your next audit may be closer than you thought, it’s important to implement best practices to avoid the financial drain associated with an audit. But have you ever asked yourself how much a software audit really costs? While most organizations recognize the obvious costs involved, few comprehend the actual price tag. Let’s consider some of the potential costs you may face.

Settlements

If your organization is using licenses it hasn’t paid for, be prepared for some hefty fines. The global commercial value of unlicensed PC software installations has reached $60 billion. Vendors have a significant incentive to collect on unlicensed software out there.

Settlements depend on a variety of factors. These may include alleged damages, and whether or not the company wants to include specific provisions like a confidentiality clause. Settlements can be negotiated and many are resolved with an out-of-court settlement. The Business Software Alliance (BSA) reports that most cases settled out-of-court are between 40% and 60% of the BSA’s original demand.

Often vendors won’t grant payment terms longer than six months. To make matters worse, if auditors find that an organization did not fully disclose all information during the audit process, they can hold the company in breach of the settlement agreement.

The bottom line is there is no way to tell how much a settlement will cost. It all depends on the breach-of-compliance level. However, 52% of companies felt that their losses through unlicensed use of software amounted to more than 10% of their entire revenue.

True-ups

True-ups are the way software vendors ensure license compliance. They work to make sure organizations are paying for the software licenses they use. Auditors often require copies of new license purchases with a compliance certificate 30 to 60 days following a settlement. Businesses are usually required to pay full price for unlicensed software in use, which is a financial drain itself given that most software is mass negotiated at a discount. The average true-up cost for companies with over $50 million in revenue is $263,000.

 

Time and Productivity

A software audit takes time and resources, and it disrupts “business as usual”. Many workers experience significant strain on their daily jobs resulting in delayed projects, changes in strategy, and even alternate plans if an audit becomes too lengthy. It’s possible an audit could take up to a year or more to complete. Time, people, and productivity loss account for a large share of the overall cost of an audit.

Without question, software audits are increasingly more common in the business world. The real cost of an audit depends on an organization’s size, scale, and scope—and its compliance status. Indeed, businesses are responsible to license the software they deploy within their environment. By tracking software assets, they ensure the best possible outcome from a vendor’s targeted audit.

 

1 Survey of 250 IT decision-makers conducted by Vanson Bourne in the UK, USA and France in November 2012

Three Ways to Avoid a Software Audit

Notice-Software-AuditOne rainy afternoon several years ago, I waited in a parking lot for a leasing company representative to pick up my car. I leased that car three years earlier so it was time to return it. Unfortunately, I exceeded the mileage in the agreement so I had to provide the representative with a check before he would take back my car. I exceeded the mileage by 3,000 miles and the penalty was 25 cents per mile.

When software auditors come knocking on your door, they are looking to see if your organization has exceeded the number of licenses purchased. Similar to how a penalty is applied for exceeding mileage on a leased car, a penalty is applied when you exceed your license count