140 likes | 262 Views
How to be a less attractive software audit target. Helpful intelligence from License Dashboard. Presented by:. Matt Fisher, Director. Agenda. How did we get here? A short recap from Webinar #1 How to become a less attractive software audit target Volume Licensing
E N D
How to be a less attractive software audit target Helpful intelligence from License Dashboard Presented by: Matt Fisher, Director
Agenda • How did we get here? A short recap from Webinar #1 • How to become a less attractive software audit target • Volume Licensing • Record-keeping & centralized contracts • Define, document & enforce policies • Standard builds • Inventory • License Management • ELP statements • Audit clauses • Lessons to learn & next steps
License Dashboard in 60 seconds • Technology used to successfully deliver 1,000 SAM projects globally • Designed, built & maintained by licensing experts • Used by SAM and licensing consultants in Europe, US, Canada & Australia • Recognized by leading vendors • Microsoft (SAM partner), Adobe, Symantec, VMware and more • Technology supported by licensing expertise • Full range of Professional Services, SAM Consultancy & Licensing Advice • Delivery options to meet your needs: • Perpetual and subscription on-premise or Managed Service
How did we get here? • License = EULA; EULA = right to audit • “(e) You agree that xxx may audit your use of the Software for compliance with these terms at any time, upon reasonable notice. In the event that such audit reveals any use of the Software by you other than in full compliance with the terms of this Agreement, you shall reimburse xxx for all reasonable expenses related to such audit in addition to any other liabilities you may incur as a result of such non-compliance.” • EULA strongly favours the publisher: • Audit at any time with ‘reasonable’ notice • Reimburse… for all reasonable expenses • …any other liabilities • Audits on the increase • 65% chance of audit in next 12 months - GARTNER
How to be less attractive • Top #2 criteria for determining who to audit: • Inconsistency in purchasing • History of poor compliance • Addressing these will lower the risk of audit
1. Use Volume Licensing • Addresses #1 criteria for audit: “inconsistency in purchasing” • Gives vendor better visibility of license transactions • Reduces likelihood of significant compliance failure • BUT…. • Carries an administrative overhead – not automatically ‘cheapest’ option • Needs to be managed… usually includes reporting / true-up
2. Improve record keeping • Collating license entitlements is most painful part of audit • Typically poor record keeping, no centralization, no visibility of OEM, FPP etc • Record-keeping failures can lead to compliance cost • Labor lost to paper-hunting • Upgrade licenses alone are NOT entitlement, need the appropriate BASE license • Begin to collate licenses before an audit • Even if you only use a spread sheet! • Track ALL license purchases • Write a policy on license recording • Better still… • Invest in a license repository or license management solution
3. Define & document policies • Most organizations lack formalized software management policies • Increases risk of lax practices, over-deployment & over-purchasing • What to define: • Who is entitled to what • How software requests are initiated, approved, executed • DOCUMENT the policies: • Provide these to an auditor on-demand • ASK a vendor’s input • Keep updates as organization and practices evolve • Automate the enforcement of policies
4. Standard builds • Make life easy • Minimize the chance of discrepancies by standardizing • Build standards can be stored in many inventory solutions • Quickly see if machines are ‘non-compliant’ • Standardized builds also: • Reduce support overheads • Simplify upgrades and patching • Reduce training requirements
5. Deploy inventory solution(s) • Inventory / Audit / Discovery / Autodiscovery – all the same • Baseline is critical to effective license management • Agent and agent-less options – what suits your needs? • Larger, complex environments may need more than one tool • Windows is the easy part • Linux, Mac, Unix, Citrix, Virtualization much more difficult • Software audit options – EXE and MSI • Looking ahead ISO 19770-2 Software Tagging • BUT… inventory solutions produce A LOT of data! • For License Management, you will need filtering & transformation
6. Reconcile licenses against usage • The hub of effective license management • USAGE (inventory) vs ENTITLEMENT (license repository) • Can’t be done with a spread sheet! • Historically, reconciliation a slow, tedious, highly-skilled task • Solutions now available to automate many of the key steps: • Filtering & cleansing audit data • Importing & validating license entitlements • Associating licenses & recognizing usage rights • Intelligently reconciling licenses • Intelligence is key – HOW can the license be used
7. ENGAGE with the vendor • Don’t wait for a software audit • Volume licensing = account management = better visibility = less audit risk • Make sure vendor knows about your SAM strategy • Consider signing-up to self-certification schemes or attending events • Be vigilant and firm on new contracts • No ‘reasonable time’ clauses in contracts • Insist on 60-days + audit notice
Coming next… • How to survive an audit request • Minimizing cost, risk and disruption • July 19th 2012 – 15:00 UK, 16:00 CET, 10:00 EST • Life after an audit request • Making sure the pain does not continue • July 26th 2012 – 15:00 UK, 16:00 CET, 10:00 EST • Read the white paper • View a weekly live solution demonstration