Because of the continuous ebb and flow of business today, software licensing is just one of those things in IT that never seems to get under control. Cloud, outsourcing, the comings and goings of employees leaves IT managers in an expensive bind when it comes time to pony up and pay the tab for overages they didn't know they even had.
"One of the most commonly dreaded billing experiences for enterprise CIOs is the 'true-up'," said Chris Holland, VP of the Cloud Services division at SafeNet, an information security and data protection company. "This is a bill for all over-usage, generally unintentional, of a software product or service over a defined period of time."
In other words, the true-up translates to pay-up for licensing and related sins. The amount can be staggering but even if it isn't, the bill is still a budget-buster since its unlikely anyone penciled it in.
"This cost is typically not budgeted for, and will more often than not cause major heartburn for everyone involved; from the sales rep delivering the bad news to the IT representative that receives the bill, and the CIO that has to pay it," explained Holland.
Perhaps the most frustrating thing about the entire situation is that nobody wins. Not even the software publisher who may see a temporary uptick in revenue but is also likely to lose a customer over it in the long run.
Counting heads and losing seats
A number of things contribute to the runaway licensing costs. For one thing, few negotiators within any given company truly understand the complexity of software licensing contracts. Nor do they have a good understanding of how many licenses the company actually needs. This leads to excessive licensing.
"The assumption is that the same staff members who needed it last year need it this year as well," explained Vickie Flores, VP of Information Services at Magma Design Automation. Downsizing is amazingly common these days, which can lead to over-licensing if past or planned job reductions are not figured in. Other, less obvious changes in the ranks, should be considered.
"From my experience, there is at least three percent of the staff who do not need access because someone else in their department is doing a majority of the work and passing information directly to them. They no longer require the use of the system on a daily basis," said Flores.
In other cases, employees assume they are adequately covered under existing licensing contracts. IT tends to assume that, too.
"In the past, software vendors have put the responsibility of license tracking and optimization on the end user; many of whom don't have the time or technology in place to manage the thousands of entitlements they have floating around their organization and who generally assume that some measure of control is built into their purchase that prevents over use, said Holland.
"As many CIOs have discovered, most software vendors offer a variety of flexible licensing models, but have no way to enforce them. This leaves the door open to significant overuse and a big bill at the end of the year."
Spin-ups and flame-outs
One of the newest sources for excessive and unexpected licensing costs is in the unauthorized spin ups of virtual machines (VM). Unfortunately, it is fairly common for users to spin up VMs and use trial software only to arrive at IT's door later, in a full panic, trying to get a last minute license before all the work is lost to the end of the trial period.
But that's not the only licensing problem enterprises run into with virtualization. For example, software license agreements often do not recognize partitioning as a method of isolating application instances. This is a mathematical disaster waiting to happen because it could mean that the software publisher will charge your company for every CPU on the server rather than for the CPUs you are actually isolating the application to.
To illustrate: If the application cost is $47,000 per CPU, then IT will likely assume that the licensing costs for four partitioned CPUs would be $188,000. However, if the software publisher actually charges for all CPUs on the server (let's say a 24-way server in this case), this would total more than $1.1 million. It's not hard to see how that huge difference between the bill expected and the bill received can affect the company.
Add to this the number of abandoned projects and virtual machines floating around "out there" somewhere in the data center. These may have licenses that are paid for but lie unused. A 2010 IDC survey found that over half of enterprise applications are underutilized, with anywhere from 25 percent to over 75 percent of licenses paid for but unused.
The flipside of abandoned projects and machines is the advent of unauthorized software copies that can ruin a company if ever discovered in an audit. A 2010 Gartner survey found that software vendor audits are increasing in frequency. Almost two out of three of companies surveyed had been audited by at least one software vendor in the past 12 months. Gartner does this survey annually and in 2009 the number audited was 54 percent; in the prior three years it was between 30 percent and 35 percent. The vendors listed as carrying out the highest number of audits were IBM (41%), Adobe (40%), Microsoft (35%) and Oracle (19%).
"Penalties for use of unauthorized software can far exceed the cost of the software," warned Peter Beruk, senior director of Compliance Marketing for the Business Software Alliance (BSA), the leading global advocate for the software industry with policy, legal and/or educational programs in 80 countries. "This is not a traffic ticket."
What to do
"CIOs in particular have a unique challenge," said Beruk. "Managing software assets is not the same as managing other business assets, though it can oftentimes be even more important."
In answer to this widespread and perplexing problem, BSA has created an online training program, billed as the first ISO-aligned software asset management course, called SAM Advantage. The training can even lead to certification in software management, specifically a Certified in Standards Based SAM professional.
But for those that need some immediate guidelines on reigning in runaway licensing costs, this to-do list provides a good start:
1) Calculate licensing costs beyond attractive discounts - Discounts can cost you money rather than save you money if you are locked in to a set number of seats -- even if you have to downsize, outsource or move to the cloud. Take everything in consideration before you agree to any price and look for maximum flexibility in the contract.
2) Look into Enterprise Licensing Optimization (ELO) and other means of tracking license use - You need to know what's happening in regards to licensing enterprise-wide (and don't forget to track licensing in virtualized machines, too).
3) Seek out software vendors that have the technology in place to enforce the licensing terms - If you agree to pay for up to 25 users the vendor needs to be able to warn you before you exceed that number of users; enabling you to either deny additional users or add more entitlements.
4) Freshen and update your software licensing policies - Many companies are still using old policies. Make sure everyone company-wide knows of the issues and how to properly contain them.
5) Strengthen your provisioning capabilities – This way users can get what they need, when they need it but IT can identify and rapidly decommission unused or underused assets as needed.
A prolific and versatile writer, Pam Baker's published credits include numerous articles in leading publications including, but not limited to: Institutional Investor magazine, CIO.com, NetworkWorld, ComputerWorld, IT World, Linux World, Internet News, E-Commerce Times, LinuxInsider, CIO Today Magazine, NPTech News (nonprofits), MedTech Journal, I Six Sigma magazine, Computer Sweden, NY Times, and Knight-Ridder/McClatchy newspapers. She has also authored several analytical studies on technology and eight books. Baker also wrote and produced an award-winning documentary on paper-making. She is a member of the National Press Club (NPC), Society of Professional Journalists (SPJ), and the Internet Press Guild (IPG).
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.