Software Compliance
  • Home
  • What We Do
    • Services
    • Tools
    • Experience
    • FAQ
  • Resources
    • Company >
      • About Us
      • Careers
    • Agreements
    • Documentation >
      • Brochure
      • Datasheet
      • Security Measures
      • ComplianceWare >
        • Software
        • Hardware
        • Cloud Configuration
  • Contact Us
  • Latest
  • Search

A Good Audit Outcome ?

27/4/2023

0 Comments

 

... maybe not.

Be aware that without a proper baseline you are basically handing full control of an audit outcome to your vendor - not only in terms of the software inventory but remediation costs that might not even be visible, hidden away in the co-incidental renewal that is now due.

A Software Baseline is essential.

Picture
While companies continue to pursue their relentless campaign of 'moving to the cloud' could they be overlooking their on-premise software position? (similarly, if you're not tracking and aligning your cloud consumption accurately you might be overpaying just the same, but lets just look into on-premise).
At a recent (2022) webinar broadcast a  former Oracle license management services (LMS) manager, ​Adi Ahuja, said that Oracle's audit has become "a sales enablement tool." Although Oracle states that their LMS "operates independently from any ongoing commercial discussions. Our services are delivered by a global team of highly experienced and knowledgeable consultants who collectively offer unrivaled knowledge on all aspects of Oracle's licensing policy."  in practice there was a close relationship between sales and licence audits, Ahuja said.
No surprise to anyone who has been subject to such an audit. But lets not single out Oracle - all of the majors undoubtedly co-ordinate an audit internally - bringing in the product team, finance, sales, and  of course, the account team.

Ok ... we get that, but how does the software baseline assist us in establishing what's really going on? 

Take the often cited audit line of 'we found a few things, but you'll just need to top up those products'. Easy enough - you buy the products in the renewal at your entitled price and all is good. What you're not potentially seeing though is the compliance cost as a result of those findings that has been built-in to your renewal fees.
Compliance cost? The renewal fees look fine - what are we referring to? Well simply, you might have got a better price overall had you been able to breakdown where those costs came from, and that means having a costed baseline (ie. line-item level) that you can apply all of the adjustors to (inflation, price increases etc) and determine whether any 'additional' costs have covertly come in to play - aka, a compliance cost. Only then can you challenge the vendors assertion that 'you'll just need to top up those products' given what the baseline will tell you is how much backdating has been applied, whether the top-up was in fact at entitled price, and ultimately whether the overall renewal fee has been indexed reasonably at all. Consider the room your vendor has to move when you're faced with a multi-million dollar renewal - there are numerous places to 'hide' revenue pulls, and that doesn't change at lower levels, it just scales down.
Establishing and maintaining a baseline can be something companies flinch at - they see it as just not worth the effort - by default then delegating this to their vendors, aka granting free rein to manipulate pricing as they see fit. So while it might take a concerted project (or how about an actual SAM practice!) to get going once established - and maintained in a purpose built system such as ComplianceWare - the overheads are much reduced and the benefits more easily returned. Further, it sends a convincing message to your vendors that you actively manage and are across your software landscape and commercial position, which makes them much more wary of any attempts to hoodwink you with a 'great renewal offer that puts any compliance issues to bed'!
0 Comments

The Oracle Java Precept

23/2/2023

0 Comments

 
Picture

New Java pricing model ...
​... new cost.

Oracle have announced (January 2023) a new pricing model for its Oracle Java SE Universal Subscription offering that is based on the number of employees rather than the prior per user or per processor metrics, and that could prove costly to many customers - firstly, lets look at the Employee definition:
Employee for Java SE Universal Subscription: is defined as (i) all of Your full-time, part-time, temporary employees, and (ii) all of the full-time employees, part-time employees and temporary employees of Your agents, contractors, outsourcers, and consultants that support Your internal business operations. The quantity of the licenses required is determined by the number of Employees and not just the actual number of employees that use the Programs. For these Java SE Universal Subscription licenses, the licensed quantity purchased must, at a minimum, be equal to the number of Employees as of the effective date of Your order. Under this Employee metric for Java SE Universal Subscription Programs(s), You may only install and/or run the Java SE Universal Subscription Program(s) on up to 50,000 Processors, If Your use exceeds 50,000 Processors, exclusive of Processors installed and/or running on desktop and laptop computers, You must obtain an additional license from Oracle. 
Key points - Count all employees, not just users, and this includes those outside the organization that support your internal business operations! How many individuals might that definition capture in a large enterprise, if you can indeed identify and track them accurately at all !! Then you're facing a tiered per user monthly subscription cost (that reduces based on higher volumes, phew) that would see a shop of 500 Employees facing $7,500 per month in subs!

So what are my Java options ...

  • Oracle Open JDK is free, but you'll have to upgrade every six months to stay current (including with security patches) - note though, as Open Source there are other JDK options from other vendors that offer further support.
  • Oracle JDK has Long Term Support (LTS), ie. fully supported by Oracle with quarterly updates and a 2 year LTS release cycle, free for development etc, but you'll likely have to pay for use in production (refer below).
So lets look at the licensing currently available for Oracle Java SE releases​:
  • Oracle OpenJDK releases are under the open source GNU General Public License v2, with the Classpath Exception (GPLv2+CPE) (available since Java 9).
  • Oracle JDK 17 (the 'Program') and later is available under the Oracle No-Fee Terms and Conditions License which permits free use inclduing for your own business operations, however, if you distribute software You must not charge Your licensees any fees associated with such distribution or use of the Program, including, without limitation, fees for products that include or are bundled with a copy of the Program or for services that involve the use of the distributed Program.
  • Oracle JDK 11, Oracle JDK Java 8, and Oracle JRE with Java Web Start in Java 8, are available to Oracle Customers via My Oracle Support and also under the OTN License Agreement for Java SE. This OTN license permits personal use, development, testing, prototyping, demonstrating and some other limited uses at no cost.
  • Oracle JDK 7 releases are available on My Oracle Support for Oracle Customers only.

And how do the LTS and non-LTS releases co-exist?

For product releases after Java SE 8, Oracle will designate only certain releases as Long-Term-Support (LTS) releases. Java SE 7, 8, 11 and 17 are LTS releases. Oracle intends to make future LTS releases every two years meaning the next planned LTS release is Java 21 in September 2023. For the purposes of Oracle Premier Support, non-LTS releases are considered a cumulative set of implementation enhancements of the most recent LTS release. Once a new feature release is made available, any previous non-LTS release will be considered superseded. For example, Java SE 9 was a non-LTS release and immediately superseded by Java SE 10 (also non-LTS), Java SE 10 in turn is immediately superseded by Java SE 11. Java SE 11 however is an LTS release, and therefore Oracle Customers will receive Oracle Premier Support and periodic update releases, even though Java SE 12 was released.
Picture
This fundamentally raises some questions and no doubt financial concerns for many, so if you haven't done so already make sure you're across your Java landscape and can quantify not only future costs, but future efforts, and make the right decisions for how you want to continue with your Java developments and solutions.
0 Comments

SAM Practices - The NASA Experience

25/1/2023

0 Comments

 

Internal Audit Report highlights flaws in NASA's SAM Practices that many organizations will relate to.

Oh oh ... it's 2023 yet we see it all here again: "Software Asset Management practices at NASA currently expose the Agency to operational, financial, and cybersecurity risks with management of the software life cycle largely decentralized and ad hoc."
Picture
The OIG summary of their SAM audit says it all: 
  • Efforts to implement an enterprise-wide Software Asset Management program have been hindered by both budget and staffing issues and the complexity and volume of the Agency’s software licensing agreements.
  • NASA has not implemented a centralized Software Asset Management tool to discover, inventory, and track license data as required by federal policy.
  • NASA’s Software Asset Management policy is not comprehensive or standardized, leaving roles, responsibilities, and processes unclear.
  • Training for software license use and management is inconsistent across the Agency, with aging web-based training randomly assigned to personnel and a lack of a general software licensing training course available to the entire workforce.
  • NASA’s current efforts to compile a complete and accurate report of annual software spending is a time consuming and mostly manual effort.

... with all of the above quantified in cost terms as:

​We estimate the Agency could have saved approximately $35 million ($20 million in fines and overpayments and $15 million in unused licenses) and moving forward could save $4 million over the next 3 years by implementing an enterprise-wide Software Asset Management program.
All very compelling to implement improvements and progress NASA’s Software Asset Management from “basic” — the lowest of the four rating options in the Software Asset Management Maturity and Optimization Model developed by Microsoft — through the scale as per tiers and representations below:
  • Basic. Software is managed on an ad hoc basis with few, if any, comprehensive policies.
  • Standardized. The agency uses a discovery tool or data repository for tracking assets, although the information may not be complete or accurate enough for decision-making.
  • Rationalized. Assets are actively managed, and the agency has put in place policies, procedures, and tools integrated into the full IT asset life cycle.
  • Dynamic. Assets are optimized, with near real-time alignment with changing business needs.
The report is an insightful read for all SAM practitioners - and responsible management and executives - with clear language and succinct descriptions of the scope and challenges in the field of software asset management, and a pragmatic approach to the creation of an effective SAM Practice that applies to any size organization with a notable software inventory, not just those on the NASA scale.

So, to the findings ...

It was recommended that the Chief Information Officer:
(1) establish enterprise-wide (institutional and mission) Software Asset Management policy and procedures;
(2) implement a single Software Asset Management tool across the Agency;
(3) align the Agency Software Manager position to report to the Agency Chief Information Officer;
(4) establish formal legal representation and guidance for vendor software audits;
(5) establish a software license awareness training ‘short course’ focusing on approvals, compliance, and other issues a general user might encounter;
(6) implement a centralized repository for NASA’s internally developed software applications; and
(7) develop an Agency-wide process for limiting privileged access to computer resources in accordance with the concept of least privilege.

Additionally, to strengthen the financial aspects of NASA’s Software Asset Management it was recommended that  the Chief Financial Officer:
8) implement a “penalty spend” classification in SAP to track license infractions and true-up payouts and
9) centralize software spending insights to include purchase cards.

Nothing fresh there, just the usual (and often unheeded) advice. 

0 Comments

Enterprise Software Licensing and Audit Trends - 2022

30/11/2022

0 Comments

 

Despite all of the advances of IT provisioning and supply in recent years (BYOL, managed instances, cloud based offerings etc) it seems nothing in the context of software compliance and audit outcomes has really changed - companies are still getting slammed.

Picture
Unisphere Research, a division of Information Today, Inc., surveyed the readership of its Database Trends and Applications publication, which consisted of database managers, developers, CIOs, and IT directors.  The survey, which sought views and experiences with software licensing and audits, was conducted in partnership with LicenseFortress gathering a total of 283 usable responses of which 155, or 69% of survey respondents, reported having been audited within the past three years, and 79% reported having been subject to a software audit within past five years. 

And the key findings? - the same fundamental approach and issues persist:

  • Moving to the cloud has not alleviated issues or concerns with software licensing and audits. Close to eight in ten enterprises report software compliance issues have either increased or remained the same after moving to the cloud.
  • More than half of enterprises in the survey report being audited by one or more software vendors. Of respondents reporting audits within the past three years, Microsoft was the most frequently cited vendor requesting audits. Activating features outside of original contracts and confusion over virtualization are creating the most license issues.
  • Companies being audited by Oracle incurred the greatest costs. There are hidden costs as well, even if the vendor does not levy additional charges. Most audit processes required at least three employees, and 40% of companies had their CIOs involved with the process.
  • A majority of audited companies did not seek outside assistance to guide them through the process. While many depend on tools or software asset management to support their efforts, a majority fail to keep track of software changes on a continuous basis.

Lets take a closer look ...

Interestingly, with all the hype and suggested benefits and advantages of moving to the cloud, close to 80% report that it has not changed their software compliance issues, or, in the case of 38% of respondents, it has increased compliance concerns. Only about one-fifth - 21% - say cloud has reduced their compliance issues. And even with close to half - 46% - reporting significant amounts of applications and data in the cloud (defined as greater than 25%), more than half of enterprises reported being audited by one or more software vendors!
Similarly, audits themselves haven't changed much at all with 60% of respondents reporting their software audits lasting up to two months, 30% reporting audits lasting between three to six months, and 10% had audits extending more than six months into a year and beyond. The length of audits had 41% of smaller companies wrapping` up audits within a month, while half say the process lasted beyond three months, and 64% incurring additional charges for noncompliance. A substantial portion, 35%, had to pay $100,000 or more to achieve compliance with the vendor, while 10% saw $1 million or more in fees.

So, in summary :

Unsurprisingly, given the outcomes haven't essentially changed, the underlying good practice principles have also not changed - Software Asset Management is seen as critical to mitigating the impact of software audits by a significant share of respondents. Close to half, 44%, see SAM as essential to reducing the costs of their software, which is impacted by vendor audits. Another 41% cite the importance of SAM in avoiding compliance issues, with the leading choice being an internal software asset management/IT asset management (SAM/ITAM) team supported by SAM specific third-party tools. Disappointingly, it seems many respondents still remain reliant on vendor resources to support their audit. 

For some of the key underlying data click through the graphs below ...

0 Comments

A New Look for Software Compliance

24/8/2022

0 Comments

 

Well its 2022 ...

... so we figure its time for a logo upgrade!

Picture
Our first logo dates all the way back to 2015, so we figured it was due a revamp - a bit of modernising, a bit of an uplift, a look that reflects the more contemporary state of the company in 2022. 
While we chose to maintain the colour combination of the prior logo, we've gone with a crisper font and a change from the spiral graphic to a more 'pointed' set of two forward facing arrows, reflecting the journey that is moving a business from an unknown to a controlled state.
It's now deployed across our web presence, and will roll-out progressively through the various documents and other published material, so we hope you like it! 

We'd love your feedback - feel free to leave your comments below.

0 Comments

Oracle Cloud Infrastructure - License Manager

26/7/2022

0 Comments

 

Oracle have announced the availability of a free License Manager tool to assist moves to OCI.

Picture
New optional tool supports Bring Your Own Licensing (BYOL) for Oracle Database products to OCI DB PaaS services, and tracks usage of Oracle DB products or third-party products by Compute resource, with basic management, monitoring and reporting capabilities.

While somewhat limited, the License Manager tool may well suit those organisations that don't run a full featured SAM system (such as ComplianceWare), and still need oversight across their OCI deployments.

Currently, License Manager supports the following Oracle products and options:
  • Oracle Database Enterprise Edition
  • Oracle Database Standard Edition
  • Oracle Database Standard Edition One
  • Oracle Database Standard Edition 2
  • Real Application Clusters
  • Multitenant
  • Active Data Guard
... although Oracle have stated that they are 'are expanding the scope of products and image repositories supported in the coming months', so this list may well soon be extended.
It also provides some further capabilities such as apparently automating the license portability rules and API's that could prove useful for batch loads and integration with related systems, ​so if it might fill a gap in your SAM programme could well be worth a look.
0 Comments

Insights on SAM from a CIO perspective

29/9/2021

0 Comments

 
Picture

A recent webinar provided some CIO insights on SAM in the IT landscape today.

Participating in a recent webinar with industry CIO's presented an opportunity to evaluate what has - or hasn't - changed in terms of SAM in the technology space today. Perhaps most interesting - and reassuring - is that CIO's still recognise compliance as the major driver for a SAM function in their organisations, closely followed by the incentive of cost optimisation and savings as represented in the poll below:
Picture
Why reassuring? Well we believe that gaining a robust compliance discipline should be front and foremost in implementing SAM in any organisation - the benefits of properly managing your software assets results in two significant outcomes to your business:
  1. When vendors recognise that you have your software space under control their desire to review and audit is outweighed by the probable lack of return, meaning you save valuable time and resources not having to respond to an exercise that can potentially take months to complete; and
  2. Having tangible oversight of important assets and clear record keeping enhances your business reputation overall - if you can't manage these basic fundamentals for your own purposes how confident can your customers be that you can deliver for them?

Where does the future take us?

When asked to consider the landscape three years from now the supplier risk element was significantly superseded by cyber-risk, and cost and productivity elevated to the major returns:
Picture
For these results we'd point back to the present - dealing with compliance should be the priority and the returns will follow. Cost optimisation and productivity gains should quite simply be a by-product of properly managing your software domain rather than the core driver - there is an inherent danger in  putting finances ahead of compliance just as in the case of regulatory requirements ... 
 ... you can't opt-out.
0 Comments

The state of ITAM in 2021

28/7/2021

0 Comments

 

Insights from the latest Deloittes report following their global survey.

Picture
2500 individuals from all major sectors of industry across 18 countries were invited to participate in the annual survey of the state of ITAM in their organizations.

Many of the key findings  emphasize the basic requirement of effective tools and processes:
  • A vast majority (84%) of respondents believe that they lack a truly effective ITAM initiative in place in their organizations;
  • ​37% of respondents are currently in the defined, managed or optimized levels while 82% aspire to make significant progress over the next two years to reach these stages;
  • Clear recognition of the need to upgrade ITAM tools and technology to address changing requirements including those related to reporting or performance metrics (67%). In addition to these technical facets of ITAM, we are also starting to see financial concerns being raised by participants. For instance, issues such as chargeback are becoming more and more relevant to respondents.
And of course the investment and value aspects are always front of mind:
Picture
Deloittes rightly call out additional measures that organizations should factor into the value equation:
  • Cost savings achieved by the organizational IT asset management program year-on-year (33%)
  • Results of license compliance audits year-on-year (33%)
  • Timeliness and accuracy of IT asset management reporting (30%)
  • Non-active IT assets repurposed (e.g., inactive IT assets/owner or location unassigned) (18%)
Given the challenges in collecting correct asset utilization data within the organization (29%) and recognition that a greater investment in ITAM tools and technology (25%) is required, it is not surprising that specialist third party support features in the report, in the main operating an on-premise ITAM tool (16%) or providing such as tool through a software-as-a-service (SaaS) platform (14%).  Other key areas where external assistance is being sought includes software vendor-specific licensing expertise that is not often readily available in-house (27%), followed by ITAM tool maintenance (20%) or strategic advice to transform ITAM teams (20%) 
Lets not forget the ongoing bugbear that is audits ... what did respondents face in the past year:
Picture
And finally, we wholeheartedly agree with Deloittes prediction "that the more progressive and astute organizations will increasingly recognize ITAM as a longer-term strategic investment that creates ongoing value across the entire organization going far beyond just their IT team." 
They also go on to say "this would be in sharp contrast to the more traditional (and increasingly fading) mindset that perceives this as a tactical one-off short-term fix, primarily aimed at minimizing costs related to IT assets." ​

... so if you're ready to get started with your SAM program - or want to move faster - we can help, just get in touch! 

0 Comments
    • ​+
    • +
    • +
    <
    >

    Categories

    All
    Adobe
    Agreements
    Appliances
    Audit
    BCP & DR
    Cloud
    Compliance
    ComplianceWare
    Contracts
    Forums
    HCL
    IBM
    Intel
    ITAM
    Licensing
    Mainframe
    Marketplace
    Microsoft
    Negotiating Deals
    Open Source
    Oracle
    Partnering
    Red Hat
    Roles
    SAM
    Software Metrics
    SQL Server
    Support
    Windows Server

    Archives

    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016

Unravelling license complexity for Business
ACN 623 529 751

Privacy Policy | Terms of Use
Copyright © 2016-2024 (SWC) ​​

  • Home
  • What We Do
    • Services
    • Tools
    • Experience
    • FAQ
  • Resources
    • Company >
      • About Us
      • Careers
    • Agreements
    • Documentation >
      • Brochure
      • Datasheet
      • Security Measures
      • ComplianceWare >
        • Software
        • Hardware
        • Cloud Configuration
  • Contact Us
  • Latest
  • Search