Last on the list (of IT budget priorities)

I got a call from a frantic CIO, someone I had not spoken to for long; he was upset and I could visualize his agitated state, not that he was prone to such behavior. Listening to him I realized that his situation was indeed worry worthy; so cutting short his outpouring we decided to meet the same evening to help him find a solution. The timing was interesting considering that just a few days back this was a subject of discussion with someone senior from the software industry and how it was putting some customers in a difficult situation.

Almost every enterprise uses some off-the-shelf application to run their business; it could be financial accounting, sales and distribution, ERP, SCM, CRM, BI, or plain and simple office automation tools like word processing, spreadsheets, and presentation. At the base level it also includes the operating system on their compute devices or database on servers. It is a rare case where everything is open source with no licensed software. Licensing norms vary by provider and can be simplistic per instance to complex revenue based.

If we go back in time to more than two decades back, equipment suppliers would freely provide these unscrupulously until software providers started tracking activation keys over the internet and made it difficult to deploy unlicensed software. Enterprise licenses for software were named or concurrent user based with IT being responsible to track use and buy licenses with growth in use. Server instances moved from CPU to core to Cloud and back to user base depending on which model maximized the revenue for the provider.

True-ups became the way to declare use and procure additional licenses for most with occasional audits to ascertain the gap if any. Licensors were willing to forgo minor aberrations in use if revenue continued to flow with increased numbers and annuity from maintenance contracts. Plateauing sales created an industry around rigorous audits by third party to aggressively seek non-compliant customers and corner them to sell at rack rates versus standard volume or relationship based discounts resulting in higher revenue but broken relationships.

Every 2-3 years, whenever there was a threat of legal action, they had bought limited licenses of the software which had now become business critical. He knew the company was living on the edge and could be in trouble should an audit be initiated. The management had tasked the CIO to “manage” the shortfall not willing to spend or allot budget to regularize the licenses. It is not that they could not afford to pay; the mindset was to keep it that way until a confrontation was unavoidable, so the gap just kept growing.

The CEO had called the CIO and handed him a letter instructing him to find a way out; it was a legal notice from the licensor to conduct an audit of all computing equipment across all premises and data centre, including subsidiaries. The CIOs protests and reflection of reality did not appear to make a difference to the CEO. The CIO illustrated similar incidents with much larger enterprises who had not been able to “manage” this situation. Unable to make headway he decided to seek counsel from friends and peers from the industry.

Listening to him, a clear case of wilful non-compliance, we realized it would be a difficult task for him to face the audit which his CEO also did not want; at the same time the vendor was unlikely to back out. His allies within the company were shy to stand up to the CEO; collectively his peers advocated that he take help from the legal function to delay the action on the ground while he talk to the vendor to negotiate a deal. The licensor was known to be amenable to a settlement and that appeared to be the best option.

Licensing complexity indeed puts CIOs and Purchase functions in a bind which has cropped up a new industry around Software Asset Management. That does not obviate the need to actively manage budgets for increasing licensing requirements of a growing business. I believe that it is upto the CIO to keep the business informed of license compliance at all times including new business planning, monthly review meetings, budgeting exercises, and finally in their own dashboards. Don’t wait for a calamity to start the discussion.

Finally, if IT budget is the only place where this is going to be discussed, it will always settle at the bottom of the priority list !

Software Asset Management

You know it is a funny fact, we know where the hardware is (at least most of it) and what it is used for. It is tagged, classified, part of the asset register with clearly defined depreciation rules and possible refresh when it reaches end of life. The same does not always apply to software licenses; software is bought in varied forms, box packs, paper licenses, and enterprise agreements, downloads, handed over on a disk or thumb drive. It’s all over the place with most clueless of where, what, how much, and changing licensing conditions.

We help companies save license costs, manage their software inventory effectively towards compliance and ensure that there are no surprises during renewals or audits. Said so a representative from a large global IT advisory company to an audience of CIOs. He offered data and metrics to the disbelievers on how they helped many companies. Consulting companies have been pitching that everyone has a lot more licenses than they need; rarely anyone creates an inventory of all the software they buy, deploy and retire.

Software vendor representatives in the room nodded away through the sales pitch adding that most CIOs do not look at license compliance actively; it is an afterthought and enterprises need to deploy tools to manage the process of license management. Collectively they incited the CIOs to deploy SAM or software asset management. While a couple of CIOs from IT and software development companies talked about the benefits of SAM and how they were able to improve margins, rest of the CIO audience could not connect.

A FMCG CIO interrupted: when IT is your business and software the tools of the trade, they are managed as well as the machines that define the assembly line in a manufacturing organization.  We know where the finished products that move across the supply chain are the same way you know about your tools and services. We are users of IT to run our business; IT is not our business and we need simpler licensing when compared to the current complexity that makes it impossible to keep track of the ever changing environment and terms and conditions.

Life in the software industry started with the simplest of forms such as enterprise license for the entire company which gradually moved to concurrent users, named users, and then by server. Later arrived licenses by CPU which soon changed to Core based licensing. Advent of Virtualization created some confusion which was compounded by the Cloud. My software is licensed to run only on physical servers; if you want virtual servers you can only run it on my technology stack. Some innovative guy added memory based licenses.

Mergers and acquisitions in the software industry made life even more interesting with products morphing from one avatar to another, SKU changes, changes in terms and conditions, or licensing models. In many cases these were updated on respective websites and customers expected to periodically check ! Refer to clause on page 179, sub-clause … you signed that enterprise user licensing agreement agreeing to this. It would be good for you to also take cognizance of the inflation clause which raises annuity payments every year.

Unable to stop himself, a veteran CIO asked the audience: I am sure all of you have account managers from the software companies who meet with you frequently; has anyone of them ever engaged with you or offered help to stay compliant with the licenses ? Is there role only to sell more solutions or also to help you leverage what you have and work collaboratively to keep the relationship going ? Why do we CIOs have to face audits like criminals and then get cornered for small aberrations or use beyond the licenses ?

Acknowledging the gap the vendors and the consultants in the room mentioned the need for SAM and why it is important for companies to stay abreast of their licensing. I believe that depending on the size of the enterprise and the complexity of the architecture it would be worth getting hands dirty on SAM. Until the industry learns and decides to work with CIOs on managing licenses, the onus shall remain with the IT teams to stay compliant with process driven provisioning and frequent internal assessments that rationalize use.

Legally Illegal

Last year was a very difficult year for most software companies with slowdown in new licence sales that brought in a negative trend in new business revenue. This happened very quickly after the globally experienced slowdown a few years back compounding the issue. This had all software vendors almost like acting in unison deciding to engage their existing customers in licence audits. If you cannot get new revenues, let’s squeeze some juice out of existing lemons.

So these engagements began to look all over the place; the data centres, servers hidden under tables, desktops converted to servers for a simple test or proof of concept, users created though inactive, resigned employees not deactivated, it did not matter what the event was, if there was an user identity or a database, or an instance of the application, it needed to be licenced. Office automation and other fringe app vendors joined the fray and added to the already harried CIOs blood pressure.

No debate that licence compliance is non-negotiable; licences for software or product or package used for the enterprise that in any way impacts a business process. Most vendors allow disaster recovery to be setup at nominal or no extra investment as long as it is not used conjointly with the production environment. That looks like a good principle though some complicate matters based on number of days used even when the primary was down and not operational.

Some also allow test and development instances to be setup; interestingly most do have a licencing policy that charges the customer, however most sales teams shy away from highlighting this fact during the pre-sales discussions or even when the purchase order is received. Instead they give the CIO a fine printed legal document to sign without pointing out to the salient points that the customer needs to be aware of. I don’t know of CIOs who read those wonderful documents; it’s like pressing “I accept” when we enrol to a new website or app.

So far still so good as each instance expects the customer to get into an engagement with eyes and ears open; the principle being we gave you the full documents, you read and sign or you don’t read and sign, that is a choice. The discussion gets interesting when new or additional licences are required even if a line of code is changed or added to any screen, form or report or an add-on deployed. This now attracts additional investment, sometimes a lot more than bargained for. Now that is hitting below the belt !

If I may add, the same vendors participate during the pre-sales gap analysis and bid and quote for customizations through their consulting arms vying for implementation business. But no mention that if the customer did end up customizing, then … This aspect of licencing is rarely discussed if at all and mostly comes up during licence audits leaving the CIO gasping for life. The management demands that the CIO know all this as it is his/her job to know and manage the vendor.

Page number XX, clause YY, sub-clause ZZ in the sales agreement is cited as the reference for the new demand. Read it and if you can figure it out differently let us know; else here is the bill of material and the timeline in which you need to buy. Consequences you know are not something you want to talk about. Sheepish acceptance and wows to be more careful and read all the fine print is normal behaviour; the management takes a not-so-kind view but goes ahead with the devils choice.

Why does this charade repeat itself globally with many vendors, some more than others ? It does not matter which industry, which country or geography, size of the customer (in fact the bigger the better as they are averse to the publicity it draws), this is becoming one of the relationship breakers between the impacted CIO and the vendor. Stories of these are rarely published by publicity shy individuals and enterprises. Is there a way out ?

I believe there isn’t an easy way out; negotiating from a compromised position does not get any great deals; neither does it do wonders to CIOs careers. Whether they like it or not, CIOs have to get more diligent in their approach to legalese and contracting. As the markets saturate and mature, read changes to changing end user contracts and/or licensing terms. You never know what impact it has on your company.