Overview 

Impacts 

• Senior executives are starting to challenge the value of digital transformation, having encountered dramatic growth in software and cloud usage without adequate management and optimization. 
• Where software asset management (SAM) and FinOps do exist, they have limited influence or authority to optimize consumption and value across a growing, increasingly complex set of environments. 
• Despite their interdependencies, SAM and FinOps often operate independently, in different silos and with limited resources, eroding their value-maximization potential. 

Recommendations 

Executive leaders responsible for maturing software and cloud governance disciplines should: 

• Consolidate and mandate SAM and FinOps disciplines to drive enhanced visibility and understanding that maximizes value and opportunity while minimizing cost and risk. 
• Create an integrated unit that profits from the synergy of both disciplines to deliver optimum benefit across an increasingly complex technology environment. 
• Check that the consolidated functions are adequately staffed with skilled team members to work with key stakeholders to eliminate unproductive cost overruns. 

Strategic Planning Assumption 

By 2025, 50% of organizations will unify SAM and FinOps into a consolidated discipline delivering portfolio cost management and governance. 

Impacts and Recommendations 

Mandate SAM and FinOps to Optimize Cost and Value 

 
FinOps and SAM are kindred spirits; although founded from different eras of technology adoption, their disciplines share objectives. Both represent coordinated, continuous undertakings to realize value from evolving investments and expenditures. Their frameworks exploit many of the same cost-efficiency principles and capabilities, incorporating a combination of consumption, rightsizing, optimization and mitigation management fundamentals. 

Rightsize SaaS With SAM 

As the organization becomes dependent on each cloud service and its features, buyer bargaining power is eroded (see Predicts 2023: Inflation’s Permanent Impact on SaaS/Software Costs, Commercials and Business Practices). While procurement experts earnestly attempt to resolve these issues, they are often frustrated by their inability to limit cost increases at each contract renewal. 
 
Options to switch to an alternative may be limited and/or costly to execute (see Identify and Mitigate SaaS Switching Costs), while cost increases are most dramatic in monopolistic scenarios. Therefore, organizations require consumption management to offset or limit cost increases in advance of renewal, with estimates of unused applications ranging from 30% to 50%.² Execution requires a well-resourced, adept SAM team with the directive to manage consumption and eradicate waste. 
 

Confront CIPS Wastage With FinOps  

As a core contributor to the cloud center of excellence (CCOE), FinOps fills a key role in reducing waste and costs. In parallel with SAM processes, FinOps-driven optimization will minimize waste.³ For example: 

• Scale back or retire services provisioned without ongoing use cases that remain unutilized. 
• Scale down valid yet underutilized services, including; underutilized CPU, memory, storage, backup or bandwidth, triggering actions to rightsize and reprovision the relevant instances. 
• Deprovision services that served a useful term but have since remained running without any delivered value. Switch off or reassign services accordingly. 

Without effective SAM and FinOps disciplines, waste is inevitable, with the majority of applications and environments significantly underutilized. Meanwhile, unplanned consumption growth in CIPS environments can turn into toxic overconsumption if left unchecked, resulting in significant, ongoing unproductive costs. The combined SAM and FinOps functions must be tasked with eliminating growth of unnecessary costs as one of their key goals. 

Recommendations for Executive Leaders: 

• Establish budget risks by reviewing software and cloud cost escalation rates. 
• Create a mandate for investing in SAM and FinOps as key mechanisms to offset material risks of continually escalating costs. 
• Establish an expectation that both disciplines operate with a shared understanding of what assets and resources are used within each environment or platform. 
• Create authorization, empowerment and a culture that drives action and realization from SAM and FinOps optimization and mitigation recommendations executed throughout IT. 

SAM and FinOps Role in Delivering Business Value From Cloud Adoption 

Cloud services and software both deliver significant value to the organization and its customers, thus representing high-value business capabilities that necessitate management. Executive leaders seek to ensure they’re not only benefiting from rapid adoption, but also seeing broader benefits including understanding costs and leveraging robust processes, particularly in regulated industries. 

SAM plays a critical role in advancing cloud adoption and providing a platform for driving optimization maturity, laying the platform for forecasting future requirements and the resulting costs. Assessing consumption against projections while identifying underutilized licenses must be incorporated into the organization’s overall cloud strategy. Unlike predictable costs of preinvested assets, cloud services scale rapidly, requiring continuous management. SAM professionals have previously addressed virtual server sprawl and its impacts, however, unlike the virtual on-premises data center, cloud services are an unlimited, direct and immediate cost. Accordingly, continuous discipline is required to drive value (see Figure 3). 
 

Ephemeral cloud systems are subject to consumption spikes where costs may rapidly erode expected benefits; accordingly, anomaly detection and management are fundamental to protecting business value. The key is being able to tell the difference between bad growth, creating unnecessary cost and good growth that delivers business value. Therein lies the role of FinOps in underpinning value. For example, alerts for consumption growth trigger investigation to validate authentic spikes in consumption, finding that the spike was driven by onboarding a large new client, supporting validation of valuable use rather than unproductive use. 

Detailed usage data collection and reporting and effective use of analytics depend on asset life cycle management processes, interpreting data and executing the actions they inform. For example, by implementing effective provisioning and metering processes, SAM can align the licensable functionality of an application to appropriate use cases, reducing the likelihood of inflated costs. 

Recommendations for Executive Leaders: 

• Sponsor the governance mandate for software and cloud services management, with clear roles and responsibilities across consolidated SAM and FinOps teams. 
• Verify that SAM and FinOps teams have the skills, resources and processes needed to manage cloud service consumption. 

Conclusion 

In conclusion, the integration of SAM and FinOps is essential for organizations to navigate the complexities of software and cloud governance. By leveraging the synergies between these disciplines, organizations can achieve enhanced visibility, cost optimization, and value maximization across their technology portfolios. With the right resources and strategic direction, SAM and FinOps will continue to play pivotal roles in driving business value and ensuring cost containment in an ever-evolving technological landscape. 

Attributions and Disclaimers: 

¹Gartner, “Target Software and Cloud Costs by Uniting Software Asset Management and FinOps” by analysts Stephen White, Yoann Bianic, Stewart Buchanan, 6 April 2023.   

²Unused application rates from Flexera’s October 2022 survey data: desktop, 38%; data center, 34%; SaaS, 33%. According to Nexthink 49% of all software is unused, and according to Zylo, 40% of software licenses are wasted. 

³Reducing Waste Opportunities, FinOps Foundation, and State of ITAM Report, Flexera, which reports that 33% of integration-as-a-service/platform-as-a-service spending is underutilized or wasted. 

³Licensing Oracle Software in the Cloud Computing Environment, Oracle, and Microsoft Product Terms for Azure Services, Microsoft. 

Disclaimer:  
These graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Snow Software. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.   

Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.   

The post How To Target Software and Cloud Costs by Uniting Software Asset Management and FinOps: Insights from Gartner® appeared first on Snow Software.

While common audit triggers include a reduction in spend and recent M&A, not all vendor audits look alike. Some are disguised as free ITAM/license assessments (e.g. Microsoft^® SAM Assessment, Adobe Software Insights Review) to help organizations get more value and stay secure.

Another type of audit is a cybersecurity audit. These are often triggered by your internal audit team or by commercial requirements to have a security certification (e.g. ISO27001, SOC2, etc.). We also find that organizations who’ve encountered a significant security incident conduct third-party audits to identify gaps.

While audits are time-consuming and can be expensive, they can be a blessing in disguise if organizations heed the wake-up call and get their software asset management house in order. Here are three benefits of being audit-ready.

1. Eliminate the practice of paying for software your organization isn’t using.

When you take a look at your effective license position, you are understanding what you’ve purchased against what’s installed and licenses allocated or assigned. If you’re not compliant, then the next question is the software actually being used, and can it be uninstalled? If you perform this activity >90 days before your next audit and are able to get to a positive position, your risk of being fined reduces significantly.

The side benefit of understanding usage data is your organization has one more lever in renewal negotiations if you aren’t using the licenses you’ve purchased. Here are a couple of examples of customers who leveraged usage data to mitigate risk, and reduce license costs.

• Sasol was able to identify license compliance violations to the tune of $28.6M. On top of that, they’ve been able to save an additional $5.4M by optimizing licenses and rationalizing their application portfolio with other vendors including Prometheus GWOS, K2, OMADA, Autodesk, AirWatch, OpenText, Acquire Sentinel, Cloudera, and VMware.
  
• Telkomsel was able to identify $740,000 in license compliance risk. Additionally, they’ve been able to find savings of 10% of their Oracle license costs in addition to $74,000 in potential savings for Microsoft subscriptions.

2. Improve your cyber-security posture.

If you can’t see it, you can’t secure it. Fortunately, many organizations are now seeking to follow this advice, especially with guidance from the United States federal government for all agencies to obtain a complete software inventory.

Organizations can improve security and visibility of IT assets by:

• Identifying the use of unauthorized applications and blocking use (as Max Life Insurance did)
• Identifying free and unauthorized SaaS applications not known by IT (as Christchurch City Council found more than 200 unknown applications in use)
• Locating applications with vulnerabilities and applications end-of-life and end-of-support that are at risk because they are no longer eligible for patching

3. Minimize interruptions and get more value from your team.

The time spent preparing for a vendor audit can consume your team for weeks with all the manual processes involved. With automated reporting of application usage against entitlements, organizations can get near-real-time visibility into how licenses are used to ensure compliance. For instance:

• Telkomsel was able to reduce the time to prepare for audits by 90%.
• Dorset Council used spreadsheets to report on installations of applications and servers. By having all these details in Snow, they were able to reduce processing and analysis time from 2-3 days to 5 or 10 minutes.
• Investec saved an estimated 200 hours by pulling in-depth reports on demand, eliminating the need for time-consuming and complex manual work and the expense of external consultants.

We often hear that organizations only have enough time to proactively manage the top 3-5 vendors. What impact could you drive if you had data for your next 50 vendors at your fingertips?

The post 3 Reasons to Love Software Audits appeared first on Snow Software.

This blog explores our understanding of the key findings, recommendations and other sections from the Gartner^® Market Guide for Software Asset Management Tools¹, to help organizations select the right SAM tools to support their businesses. 

Key findings

• The plethora of legacy perpetual licenses and the accelerated adoption of SaaS and ephemeral infrastructure have left sourcing, procurement, and vendor management leaders struggling to select a single SAM tool or a collection of specialized point solutions.
• Organizations that see SAM tools as a “silver bullet” don’t truly understand the complexity of SAM as a combination of tooling, highly skilled resources and effective processes. These organizations thus continue to struggle to obtain accurate and actionable data out of SAM tools.
• Economic headwinds and the need for strategic cost optimizations have placed cost governance as a priority for SPVM leaders. However, siloed functions and SAM tools delivering partial information hinders achieving cost governance, putting SAM teams and their tools at risk of being sidelined.

Recommendations

To overcome the challenges associated with SAM tools and optimize their usage, sourcing, procurement, and vendor management leaders must consider the following recommendations: 

• Collaborate with cross-functional stakeholders to develop a clear set of measurable use cases for SAM tooling. Assess your strategic priorities as well as current and future ISV licensing requirements to determine whether a platform, stand-alone tool or point solution addresses your needs.
• Mandate as part of the RFP process that SAM tool vendors provide demonstrable examples or a POC using your sample data to validate their marketing claims of what their tools can deliver. Where gaps exist, seek out external expertise in the form of SAM managed service providers to augment tooling and staff.
• Form strategic relationships with FinOps teams, leveraging both a combined framework to standardize on governance and complementary tool functionality to form a complete, trustworthy view of where waste can be eliminated within your organization.
   

Market definition and description

The report identifies SAM tools are products that automate support tasks required to produce and maintain compliance with independent software vendor (ISV) license use rights and improve organizations’ ability to optimize software risk and spend. SAM tools provide in-depth software asset analysis by decoding license entitlements, automate software consumption data collection, establish ISV effective license position (ELP), govern software assets, optimize value delivery, and share information with other tools and stakeholders. 

Key activities of a SAM tool 

The report outlines ten key activities that a SAM tool should possess, including: 

• Platform discovery 
• Entitlement discovery 
• Platform consumption identification 
• Entitlement identification 
• Normalization of consumption data 
• Normalization of entitlement data 
• Reconciliation 
• Governance 
• Optimization 
• Sharing software asset information 

Market direction  

The SAM tool market has diversified to cater to four distinct categories: traditional SAM tools, SAM tools for SAP, SAM tools for engineering and specialty software and SAM tools for SaaS. The market’s evolution has increased consumer choice, but also introduced confusion for organizations in selecting the right tools. Over the next 12 to 18 months, Gartner anticipates the following market changes:

• Continued demand for SAM tools, but tools will come under greater customer scrutiny and be required to provide demonstrable proof of their actual deliverables
• Strategic alliances with partners to develop robust generative AI capabilities
• Greater crossover between SAM tools and FinOps to deliver on greater cost transparency and governance
• Organizations turning to SAM tools for sustainability reporting, such as on greenhouse gasses consumed by running software and SaaS
• Less distinction between foundational capabilities of adjacent tools such as SaaS management platforms (SMPs)
• Increased interoperability between tools and data transformation capability
• Strong relationships with managed services providers (MSPs) to take on the implementation and running of tooling to address skills gaps
• Increased demands for SAM data from cross-functional teams, such as security or enterprise architecture

Market analysis 

The complexity of software licenses and evolving infrastructure pose challenges for SAM tools.  SAM tool vendors focus their resources and products on their ability in supporting larger software publishers, common license types and commonly utilized infrastructure. As the software portfolio broadens, it leads to gaps in addressing custom license types and specialized vendors, products, and infrastructure. The diversified SAM tools market has seen traditional SAM tool vendors take a platform approach, moving into adjacent offerings such as IaaS management, unified endpoint management, SaaS management, workflow/request management, IT service management, vulnerability management and hardware asset management.  

Traditional SAM tool vendors aim to strengthen their single platform offerings, broaden their scope and enter adjacent markets. SAM tools focusing on the niche areas and specialized software such as SAP, specialty and engineering applications and SaaS solutions are being embedded into this market. Despite how this market provides organizations with more choice than previously available, it has also heightened the confusion. The result is organizations not knowing which choice is best while struggling to find and deliver the ROI SAM tool vendors promise.  

Alignment of SAM and FinOps 

As organizations focus on cost optimization, SAM and FinOps functions must converge to bridge data gaps and optimize software spending. The convergence enables SAM teams to track software consumption in cloud environments, providing valuable insights for cost optimization.

Representative Vendors

Snow Software is proud to be recognized as one of the Representative Vendors in traditional SAM tools by Gartner. 

You can find other vendor profiles in the full Gartner report.  

Conclusion 

By following the recommendations and understanding the market dynamics, sourcing, procurement, and vendor management leaders can make informed decisions to ensure SAM tools align with their strategic goals, enhance data quality, and optimize software risk and spend. Embracing the convergence of SAM and FinOps functions will further aid in achieving cost optimization and driving value from software investments.

¹Gartner, “Market Guide for Software Asset Management Tools” by analysts Jaswant Kalay, Ciaran Hudson, and Yolanda Harris, 3 October 2023.   

The graphics were published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Snow Software. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.   

Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.  

The post How to Choose a Software Asset Management Tool: Insights from the Gartner® Market Guide appeared first on Snow Software.

It doesn’t have to be this way. Software audits are disruptive, but there are ways you can lighten the load and mitigate your risk. Before any audit notification comes in, it’s crucial to have effective hardware and software asset management processes in place to ensure your inventory and license compliance positions are current and accurate. This will smooth out reporting and reduce the risk of submitting inaccurate data. 

Common audit triggers

Before we dive into the ground rules of software vendor audits, it’s important to note the events that typically prompt most audits. They include: 

• Change in spend
  • Reducing support and maintenance spending during renewal
  • Moving support and maintenance to a third party
  • Changing licensing model
• Historical proof of entitlement (PoE) requests
• Clause in contract
  • Periodic audits usually aligned to renewal dates
  • Contact termination
• Mergers or acquisitions
• Unhappy employees notifying the vendor of compliance issues

Exercise caution when your vendor offers an assessment review. These reviews may be a veiled attempt to find you out of compliance. Rather than sending any data to the requestor, simply state your information security guidelines for not sending company confidential data to third parties. Soon thereafter, review your usage and address any known issues for that vendor because a proposed assessment review is very often a precursor to an audit.

Once the vendor has informed you of their intent to audit (sent by either letter or email from the vendor or third-party auditor to the person who last signed the contract or renewal), your internal process should launch quickly. Here are 10 steps for successfully navigating a software audit.

The 10-step process

1. Notification. Don’t ignore an audit request. Once the notification letter arrives, notify your ITAM team promptly with “private and confidential” added to the communication. All communication surrounding the audit should be marked as such to avoid any legal repercussions. Don’t make any changes to your current state — limit the deployment of new installations and do not uninstall any applications unless you’re decommissioning the device. 
2. Assemble the audit board. Gather your key stakeholders and don’t assume everyone understands the audit process. Cleary define roles and responsibilities and set timelines.
3. Put the team to work. The first step is to gather and review all license entitlements, contacts and agreements associated to the audit. Then engage with all the necessary areas of the business and review your audit objectives while considering previous audit recommendations. Set a primary point of contact toward the auditor from that point on and continuously circulate all documentation and reports.
4. Acknowledge the letter. Receipt of the request for audit is required and your agreed upon point of contact should handle this communication. Clarify which products are included in the audit at this time.
5. Propose a non-disclosure agreement (NDA). Most software publishers and auditors will typically agree to negotiate NDAs to control the handling of audit data. It protects all involved.
6. Meet with the auditor. During your first meeting, clearly define the scope of the audit, including products, legal entities, geographical locations, etc. The auditor will discuss the required data, form of evidence, and how they want you to provide it to them. The auditor may also mention scripts or tools they want to use to gather data. If they do, they should review this for you.
7. Gather the data. Only collect data that has been defined and in a form that is agreed to by all parties. Normally an audit is focused on network discoverable devices. It’s prudent to identify any standalone devices and their ownership that could be in the audit’s scope. Relay all findings back to your audit board for review and sign-off.

Note: Where possible, it’s a best practice to use tools already within your estate to gather audit evidence, e.g., Snow Spend Optimizer, SCCM, etc. 

• Submit the data. Once you have obtained and understood all the required data, prepare it for submission to the auditor. Redact or anonymize any sensitive information, and don’t omit or manipulate any data.
• Carefully review the results. The auditor will evaluate your submitted evidence against the vendor’s entitlement position and produce a reconciliation report. Never agree to the findings in the first instance — you need to validate the results first and be prepared to challenge them. 
• Settle and close the audit. Often the settlement is a considerable amount, and you can negotiate with the vendor. Once all parties agree to a final figure, you can negotiate a waiver not to audit for 2-3 years. Then, it’s time to rectify the issues identified in the audit. This reconciliation comes in the form of training and an update of centralized ITAM tools. 

Shortlist on what to do – and not do

Software audits are usually lengthy and often take between 3 and 18 months. Here’s a summary of our suggested steps to help streamline the process and position you for a successful outcome:

Additional resources

Though it can be enormously helpful, this short guide is just the starting point for an optimized and successful audit journey. Audits can be challenging (and costly) without clear visibility and manageability of your assets. Check out how our approach to Technology Intelligence can guide you through your audits while providing you with comprehensive visibility to create more efficiencies, save money and minimize risk. Contact a Snow specialist for more information and guidance. 

The post 10 Steps to Navigating a Software Audit appeared first on Snow Software.

If you’re a Security Operations, IT or ITAM professional supporting organizations with any debt, this is not just another warning to invest in a healthy ITAM practice. This news, recently communicated in a report from the S&P Global Ratings agency, states that an inadequate ITAM practice can impact an organization’s ability to have solid cybersecurity controls, and as a result, creditworthiness will be impacted. If your organization’s credit scores are impacted, the cost of financing will go up, and the organization’s reputation will be damaged. If you receive a performance bonus or have invested in company stock, the impact can be quite personal.

Over the years, governmental agencies and standards bodies such as the NIST, CISA, ISO 27001/ISO 27002, SOC2, etc. have been promoting the need for ITAM in cybersecurity processes. The noise around managing these standards have been amped up in recent years with the following disruptions:

Even with all the urgings from federal and state agencies and standards bodies, organizations are still managing IT assets in spreadsheets and with tools that have not evolved to meet today’s complex IT infrastructure and application requirements. These are not mom-and-pop shops managing ITAM processes with bubblegum and toothpicks, but enterprise organizations with 10, 20, or 50 thousand or more employees.

Why has IT asset management been ignored?

There are multiple reasons why ITAM is ignored and not properly funded in organizations. Here are a few of the main reasons:

• Distributed purchasing and users bypassing procurement controls. The majority of applications purchased today are outside IT. With SaaS, all you need is a credit card and internet connection. Most organizations are suffering from application sprawl and are unaware of dozens or hundreds of applications used across the organization. Many ITAM practices are focused on assets they can physically inspect – installed software – and the resulting issue is that no one is focused on governing ITAM for modern technologies.
• It’s a part-time job. Gartner estimates that organizations with more than 5,000 employees should have a software asset management team of at least six people. A lot of organizations relegate the ITAM function to managing the IT inventory and helping out with big audits or renewals and only dedicate minimal resources to the function. Because of the collaborative and data-intensive nature of the job, it is nearly impossible to make much progress in a part-time capacity. Especially with cloud infrastructure and SaaS applications, the role has shifted to be much more proactive from a governance perspective.
• The job is not easy. To be successful, ITAM professionals need a mix of soft skills such as listening, idea selling, cross-functional alignment and relationship building along with technical skills of managing projects, vendor negotiations, and being data driven.
• Revenue-impacting investments win over keeping data secure. This is the same reason why software companies suffer technical debt – everyone wants to work on the shiny, new thing. ITAM has been around for decades, yet we still see unpatched known vulnerabilities, organizations paying penalties for license compliance, managing IT assets in spreadsheets, and having data leak from their company due to unknown applications in use.  

ITAM’s new partner – the CFO

Even with the challenges above, organizations will need to mature their ITAM practices. Now with credit ratings on the line, the CFO will become more invested in ensuring cybersecurity controls are in place and be open to fund a proper ITAM practice for modern-day technology environments. No CFO wants to disclose material weaknesses of internal controls in their financial statements and risk having the cost of debt go up.

Another reason CFOs may be more focused on ITAM is the bridging of FinOps and ITAM practices to create a robust governance framework and optimization roadmap. This is especially true in organizations with significant IaaS spend and needing to get a handle on software cost of goods sold.

Learn more about ITAM best practices in this free guide or connect with us to determine how ITAM can improve your cybersecurity posture.

The post Will CFOs Take on ITAM to Keep Credit Ratings Intact? appeared first on Snow Software.

Today, application stacks are comprised of hybrid applications and infrastructure. Many organizations lack visibility to cloud environments added in recent years, and it has become increasingly challenging for IT leaders to see overlaps in technology and identify opportunities for application rationalization during the M&A process.

Businesses experiencing multiple recent acquisitions and mergers have an even greater challenge with SaaS sprawl, resulting in redundancies, risk and waste. According to a Snow survey, 73% of IT leaders have seen an increase in the use of SaaS applications in the last year. And, many of those leaders have reported a host of other challenges when it comes to managing SaaS.

So, what’s the best way to face this integration process?

Due Diligence Pre-Acquisition

One of the most time-consuming tasks of buyer due diligence is understanding risk related to material contracts, including hardware and software IT asset contracts.

The purpose of due diligence is to understand risk of buying the target and what mitigating activities should be prioritized post-deal. Often, M&A triggers audit activities, so it’s important to understand license compliance and contract status to create a mitigation plan that can be acted upon quickly.

To prepare, you should try to understand:

• What are the most expensive contracts, and will the acquiring company have rights to the software after the deal goes through?
• Are there non-cancelable clauses of these contracts? How many licenses are owned, how many are allocated and in use by the target organization?
• If the vendor is in use by the buyer, what does the combined license position look like?
• What are the key upcoming renewal dates you’ll need to be prepared for once the ink has dried?
• What are the significant renewals that have taken place over the last year and the details of these contracts? Once the deal is closed, you might lose access to employees with knowledge of these key contracts so it is important to document these details during the due diligence process. 

If the target organization has a software asset management practice and related tools in place, it should make due diligence a little easier. Due to the maturity of software asset management practices managing modern cloud environments, you may have visibility gaps to overcome.

Mitigating Post Deal Risk

Once the ink is dried, you can get to work on assessing license compliance status and optimization opportunities by discovering software in use throughout the organization, compared to licenses and subscriptions owned.

Another area of risk to assess is whether you have applications running that are out of maintenance. Reporting on application version details will also help your team understand how important it is to standardize on one or few versions to reduce impacts related to patch management.

Even though you’ve identified software contracts and terms, there are likely SaaS applications in use that you’re not aware of. These applications can be free or licensed. Applications that have not been vetted by IT can put your organization at risk for license compliance, and more importantly at risk of compliance failures and data leaks. To reduce risk, but avoid impacting productivity, you should consider implementing guardrails for your organization.

Identifying Post Deal Synergies

Once your risk posture is under control, and you’ve identified all the applications in use in the combined organization, you can get to work on identifying redundant applications in use. This activity can save not only software and maintenance costs, but also IT operations costs for integrating applications and responding to application performance issues.

Looking at application usage through the lens of the application category will also help your team get consistency on how applications are used in the combined company. For example, pre-deal, perhaps both Teams and Zoom were in use and your team decided to standardize on Teams to drive down cost. Monitoring usage of both applications will help IT determine how quickly the acquired organization has moved to the new standard and what additional education is required.

Before going down the path of M&A, it is critical to get your own house in order from a software asset management perspective so that your organization can move quickly to realize efficiencies from the combined organization.

The post Why Application Rationalization Is Key To Accelerating M&A Synergies appeared first on Snow Software.

• IBM Passport Advantage^® products: a “harmonization” of 8% worldwide with some unlucky exceptions
• Adjustment of SAP support fees of 3.3% for on-premises software offerings
• Oracle is set to increase support fees to align with global inflation
• Google Cloud Storage price increases, effective April 1, 2023

Organizations also saw price increases from vendors such as Microsoft and Adobe, which were justified by improved and new features. Adobe Acrobat saw an increase of 20% for perpetual licenses. Adobe Creative Cloud increased prices by 4-7%, while Microsoft increased prices on Microsoft® 365 by 9-25%, depending on the offering.

Adobe also increased prices by up to 40% on subscriptions in the Adobe Value Incentive Plan (VIP) (effective July 1, 2023). The amount of the price increase will vary depending on the specific plan, region, and size of any current commitments and discounts.

This news has understandably caused some frustration and concern among Adobe users, particularly those who rely heavily on the software at the enterprise level. However, it’s worth noting that Adobe has historically raised their prices every few years, and the company has stated that they will continue to offer a range of plans at different price points to accommodate different budgets and needs.

Microsoft announced in July 2023 a $30 per person fee for accessing its AI-powered Copilot service for businesses. The Wall Street Journal estimates the fee to be more than double what Microsoft currently charges for the least expensive version of Microsoft 365. Additionally, Microsoft plans to enhance its Microsoft 365 business offering by integrating the AI-powered chatbot, Bing Chat Enterprise, as an added feature. For non-subscribers, Microsoft has set a monthly charge of $5 per use to gain access to Bing Chat Enterprise.

Starting from August 2023, Salesforce has announced a price increase of approximately 9% for certain cloud and marketing tools. This marks their first price adjustment in seven years. The decision comes at a time where like Microsoft, the company is making significant investments to incorporate generative AI into their offerings. The revised prices will apply to Tableau, Sales Cloud, Service Cloud, Marketing Cloud, and Industries, impacting both existing and new customers alike.

Crises can reveal opportunities for better cost management

With the Covid-19 crisis, we experienced a lot of rapid technology innovation. Much of the spend for this innovation happened outside of traditional IT budgets, leading to application sprawl, waste and security concerns. According to the Snow 2021 IT Priorities Report, leaders said SaaS sprawl was their biggest concern around SaaS. In our most recent survey on SaaS management priorities, we found identifying all SaaS usage in the organization was the second highest priority behind managing SaaS security.

A large portion of technology investments over the last two years have hit operating expenses. If your organization is looking for ways to save cash now, SaaS and IaaS costs are good places to start looking. You may also have upcoming maintenance renewals where you can see some savings by performing application rationalization if those products are rarely used. Here are some ideas where you can start identifying cost-savings opportunities.

1. Analyze application subscription data to understand the value you are receiving from contracts.

While it might be difficult to significantly reduce spend on an application your organization is heavily dependent on, you can prevent over-buying and have a better argument for reductions if you know the value you are or are not receiving from the software. Likewise, you can decide to not renew  subscriptions with little-to-no use.

To start, take a look at your contract end-dates and filter by “subscription terms” with contract end-dates coming in the next six months. Sort contracts by highest to lowest cost.

Next, look at the agreement in closer detail. The renewal for this one is in October although it expires in December.

Let’s take a look to see which of these licenses are allocated and what is actually being used to assess potential savings for the next contract period. Right away, we can see 278 licenses assigned to users, but are not being used, resulting in savings of €9403 per month. Additional, potential savings can be found in downgrading users assigned to all app licenses but only needing one app license.

2. Look at alternatives and application redundancies.

Because SaaS applications are so easy to buy, it is very likely you have redundant applications used across your organization, or you may even have multiple agreements in place for the same applications across various business units. This scenario is extremely likely if your organization has multiple business units. To check for application redundancies, discover and inventory your installed and cloud-based applications. Then, run a report of all the applications in use by application type, and filter for applications requiring licenses. From there, you can see where there may be applications you can remove from your environment. In the example below, there are multiple applications used for instant messaging – should the organization decline to renew some of these subscriptions to save cash?

3. Find unused resources across your cloud infrastructure.

Cloud infrastructure can be used by various teams within your organization. Without tagging resources, and allocating costs, your organization won’t have visibility to determine if they are getting the value from these investments.

By obtaining detailed usage metrics on cloud instances, your cloud infrastructure team can take action to right-size or eliminate cloud workloads, as seen in the image below.

Learn more about the hidden costs of the cloud.

4. Assess license configurations for datacenter applications.

For organizations with on-premises datacenters, software costs for applications in these environments can be significant.

For instance, Microsoft offers a huge choice of products and associated licenses for the datacenter. Due to the high license cost for these products, it is possible to create multiple configurations that achieve the same results from a technical perspective but are vastly different in price. Small changes can make big differences to compliance and financial exposure. Getting the structure optimized and maintained from a licensing perspective ensures significant cost savings.

Some software asset management tools give you visibility to how your licenses are currently configured, and provide recommendations to reduce your license costs and improve your compliance position, as in the image shown below.

As organizations are going through budget crises leading into 2023, now is an opportunity for IT leaders to re-think how technology is managed for their organizations to enable ongoing technology cost management and improve the organizations’ risk posture.

Learn more about Snow Software solutions for optimizing technology spend.

The post 4 Ways to Lessen the Impact of Software Price Hikes appeared first on Snow Software.

To put it simply, containers are packages of applications which run in isolated environments. They are not dependent on an underlying operating system the same way that virtual machines (VMs) are, as they are directly working with the host operating system. This means that they are more lightweight than VMs in terms of storage requirement and normally require fewer IT resources to deploy and manage. One could see why this market is growing at a rapid pace.

While the technology has existed for quite some time, widespread adoption and accelerated growth started a few years ago.

According to a publication by Gartner^® in 2022, the container management market will grow at a rate succeeding 25% year over year (YOY) with an estimated market value of $1.4 billion by 2025. One recent analysis by Data Bridge Market Research published in Bloomberg even suggests over 30% YOY growth and a market value of 40+ billion USD by 2030.

New software asset management challenges

What does this mean to you working within the ITAM/SAM area? As with any adoption of emerging technology, disruption follows. The key challenges from an ITAM/SAM perspective include:

Lack of visibility
Containers are isolated environments, rendering traditional technologies extremely inefficient for gathering any information about the software and applications residing within them or how they are being utilized. Existing methods software asset managers utilize to understand software use, largely agents deployed on physical or virtual servers, are not transferrable to container environments due to the ephemeral nature of containers and the potential massive scale of these environments.

Lack of control
The technology is great from a flexibility point of view, but can potentially become a nightmare to manage as changes can occur rapidly with spinning containers up and down as required.

Lack of cost management
The phrase “you cannot manage what you can’t see” is highly relevant in this context. Without sufficient visibility, it becomes impossible to comprehend or quantify the costs incurred, leading to minimal to no cost control when it comes to licensing implications of running software in containers.

Potential risk of software compliance
The licensing rules of running software in containers differs from vendor to vendor. In certain cases, the licensing rules are container-specific. As both control and visibility are key challenges within this area, it makes the task of managing compliance seemingly impossible. This can be especially difficult if there is no clear governance structure within the organization where the SAM/ITAM team is involved in container management.

Even with complex challenges, this is a necessary undertaking

Even though it’s hard, you’ll need to get your arms around how to calculate your effective license position for commercial applications, regardless of the workload implementation (VM, server, container, etc.). When you get audited, the vendor won’t care that it is hard for you to gather the details to prove your compliance position. Key questions to consider in determining your position include:

1. What licensable commercial applications, components or libraries are running in the environment? (OS, application products)
2. What are the applications’ license rules and licenses required based on container limits, nodes, etc.?
3. What is the potential cost?
4. How do I know what my IT/engineering team has set up, taken down, and how long it was run in the environment?
5. How do I measure the usage of software in the container environment?
6. What are the hardware components (underlying infrastructure) to align to the license requirements? 
7. Do I have enough licenses to be compliant?

What licensable commercial applications are running in our containerized environment?

The first step in your research is to understand what your organization is doing with containers, what commercial applications are used and what orchestration platforms are leveraged (some orchestrators include OS licenses – see OpenShift).

Start your research by connecting with your IT Infrastructure Operations teams, Software Engineering teams, or your SRE team. Ask how they track licenses. In speaking to some teams, some tag the images to track the licenses and then pull point-in-time data to determine how many images have those license tags.

Another option is to look into your public cloud billing data to determine if you are being charged for container usage. If you have a cloud cost management tool this will be easy to pull.

What are the licensing rules for running the commercial application in containers?

Licensing commercial applications in containers varies by vendor. We’ve provided a summary of licensing rules with resources for key vendors. Also included are resources to bookmark, as licensing rules can change.

Microsoft container licensing

Licensing Windows Server for containers

Physical Core Licensing Windows Server Standard (with Hyper-V isolation)

• When all cores of the physical server are licensed (minimum 8 cores per processor and 16 per server), you are allowed to run two OSEs or two Windows Server containers.

Physical Core Licensing Windows Server Standard (without Hyper-V isolation)

• When all cores of the physical server are licensed (minimum 8 cores per processor and 16 per server), you are allowed to deploy unlimited Windows Server Containers.

Virtual Core Licensing

• When licensing by virtual machine, customers may use one OSE or one Windows Server container with Hyper-V isolation, subject to a minimum of 8 core licenses per OSE and 16 per customer. Use of any number of Windows Server Containers without Hyper-V isolation are permitted within any properly licensed virtual machine. Licensing by virtual machine requires active Software Assurance or a subscription license.

Windows Server Datacenter

• Datacenter edition provides rights to use Windows Server in unlimited OSEs, and any number of Windows Server containers with or without Hyper-V isolation, when all cores on the server are licensed (subject to the same minimums as standard edition).

Licensing SQL Server for containers

Active SA or subscription is required to license container environments.

Individual Containers

• Using the Per Core model, customers must purchase a core license for each vcore (or virtual processor, virtual CPU, virtual thread) allocated to the container. There is a four-core license minimum per container.
• Using the server license model (standard edition) a server license for each VM or container is required, and a CAL for each user or device.

Physical Core Licensing (SQL Enterprise Edition)

• Customers who have licensed all physical cores (minimum 4 cores) on the server can run any number of VMs/containers equal to the number of core licenses assigned to the server. A server with 16 core licenses can run SQL server software in up to 16 containers.

Virtual Core Licensing (SQL Enterprise/Standard Edition)

• When licensing the VM cores (minimum 4 cores, including HT cores) where the SQL containers are running you may run unlimited SQL containers on that VM.

Resources:

• Containers vs. virtual machines | Microsoft Learn
• SQL Server 2022—Pricing | Microsoft (Review the Licensing Guide and Datasheet for details)
• Windows Server and SQL Server licensing in containers (samexpert.com)

Oracle container licensing

Whenever a container image is pulled to a host or K8 node with Oracle software, the product must be licensed using the Processors metric for the number of processors of the physical host.  If the host is virtual, then use of the Oracle Partitioning Policy dictates the number of processor licenses. This means that all the same hard- and soft partitioning rules that apply on traditional VM’s also apply to containerized environments.

Resources

• Running and licensing Oracle software in Containers and Kubernetes
• Understanding Oracle Docker Licensing Requirements (redresscompliance.com)

IBM container licensing

IBM has provided a tool, IBM Container License Service (CLS), that measures the vCPU capacity at least every 30 minutes and the maximum value will be taken as your available vCPU. If organizations opt to not use this service, they will be charged for all cores in the cluster.

Unfortunately, IBM does not accept reports from third-party tools to track license compliance in containers.

IBM charges based on the sum of vCPU limits of the containers in a pod, capping at the physical capacity the worker node, either virtual cores or physical cores reported by the Kubernetes API. vCPU capacity will be aggregated at the cluster level, rounding up for fractional values.

Resources

• Container licensing | IBM
• IBM container licensing – new rules – The ITAM Review (itassetmanagement.net)
• Red Hat OpenShift | IBM

Red Hat container licensing

Red Hat Enterprise Linux subscriptions seem the most straightforward and containers are counted similar to a VM (the instance of where the software is executed and whether it is the VM or container). 

Resources

• Red Hat OpenShift enterprise Kubernetes container platform
• Try Red Hat OpenShift
• Red Hat Enterprise Linux subscription guide
• Self-managed OpenShift sizing and subscription guide

How do I monitor commercial application use in containers and determine the licenses required to stay compliant?

As mentioned previously, container management is an evolving market and how to track license compliance in containers is not an easy problem to solve because of the large scale and ephemeral nature of containers. Snow Software is actively working to solve this problem and is now able to recognize some commercial applications in Kubernetes environments with minimal configuration. To learn about future product enhancements, subscribe to our newsletter and see what’s new at Snow Software.

The post Containers: With Emerging Technology Comes New Software Asset Management Challenges appeared first on Snow Software.

Understanding the impact

As per Gartner report, senior executives are starting to challenge the value of digital transformation, having encountered dramatic growth in software and cloud usage without adequate management and optimization. Where software asset management (SAM) and FinOps do exist, they have limited influence or authority to optimize consumption and value across a growing, increasingly complex set of environments. Despite their interdependencies, SAM and FinOps often operate independently, in different silos and with limited resources, eroding their value-maximization potential.

Key considerations

To address these challenges and enhance visibility & understanding while maximizing value and minimizing costs, executive leaders should consider the following recommendations:

• Consolidate SAM and FinOps: Consolidate and mandate SAM and FinOps disciplines to drive enhanced visibility and understanding that maximizes value and opportunity while minimizing cost and risk. Create an integrated unit that profits from the synergy of both disciplines to deliver optimum benefit across an increasingly complex technology environment.

• Adequately staff the consolidated functions: Ensure that the consolidated SAM and FinOps team is equipped with skilled team members who can effectively collaborate with key stakeholders and eliminate unproductive cost overruns.
  
• Mandate SAM and FinOps disciplines: Establish a mandate for SAM and FinOps as key mechanisms to offset material risks of continually escalating costs. Create authorization, empowerment and a culture that drives action and realization from SAM and FinOps optimization and mitigation recommendations executed throughout IT.

By 2025, it is predicted that 50% of organizations will unify SAM and FinOps into a consolidated discipline that delivers portfolio cost management and governance. SAM and FinOps are critical disciplines for managing software and cloud costs effectively. By consolidating these disciplines, organizations can achieve enhanced visibility, optimize consumption and minimize unnecessary cost overruns. 

To fully understand how you can increase collaboration between SAM and FinOps, and enable delivery of maximum value across your technology portfolio, we believe you should download the full Gartner® report: Target Software and Cloud Costs by Uniting Software Asset Management and FinOps.

Gartner, Target Software and Cloud Costs by Uniting Software Asset Management and FinOps, Stephen White, Yoann Bianic, Stewart Buchanan, 6 April 2023.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.  

Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.  

The post The Importance of Consolidating SAM and FinOps for Optimal Cost Management and Governance appeared first on Snow Software.

Understanding the risks associated with EOL assets

End-of-life assets refer to software applications that have reached their expiration date, either due to vendor discontinuation, obsolescence, or strategic changes within an organization. Ignoring these assets can lead to various risks, including security vulnerabilities. Snow products collect vulnerability data from the National Vulnerability Database and provide reports on what vulnerabilities exist in your organization, their severity and where those vulnerabilities reside. The problem with EOL applications is these assets can no longer be updated and therefore, these assets hold even greater risks. Identifying EOL applications and removing these applications from your network is critical to prevent security incidents. However, many organizations have not implemented this preventative measure.

The challenges of discovering EOL assets

Discovering EOL assets can be a complex and daunting task, especially in organizations with a large number of software applications. Several challenges may arise, such as:

• Lack of visibility: In multi-departmental setups, different teams may acquire applications independently, resulting in siloed information and limited visibility into the overall software asset landscape.
  
• Inadequate documentation: Outdated or incomplete records of software applications can make it challenging to track their lifecycle and identify EOL assets accurately.
  
• Vendor transparency: Software vendors may not always provide sufficient advance notice about discontinuations or changes in their product offerings, making it difficult for businesses to plan accordingly.

Strategies for discovering EOL assets

To build a strong software asset lifecycle management practice, here are a few strategies you can implement:

• Conduct a comprehensive software audit: Initiate a thorough audit to gain a holistic view of all the software being used within the organization. This process should include evaluating usage patterns, contract terms, renewal dates and integration dependencies.
  
• Encourage cross-department collaboration: Foster collaboration between IT, procurement, finance, and other relevant departments to ensure better communication regarding applications and their lifecycle information. This collaborative approach promotes transparency and keeps the flow of information going, so you don’t lose any valuable details.
  
• Establish regular vendor communication: Maintain open lines of communication with software vendors to stay informed about any upcoming changes, product sunsets, or end-of-life announcements. This proactive approach allows you to adapt your software asset management strategies and make informed decisions for your organization.
  
• Implement an asset retirement plan: Develop a systematic process for retiring EOL assets, including proper data backup, migration strategies and knowledge transfer. Ensure compliance with data protection and privacy regulations during the retirement process.
  
• Leverage software asset management tools: Explore software asset management technology to find the right fit for your organization’s needs. The right tools can automate the discovery process and proactively help you manage EOL assets before you end up in a vulnerable position.

Discovering EOL assets is a critical step towards maintaining an optimized and secure software landscape. By proactively identifying and managing EOL assets, organizations can reduce security risks, optimize costs and ensure seamless operations. Having the strategies above in place can help you implement proactive asset lifecycle management to drive long-term success in your software asset management journey.

How Snow Software helps you discover end-of-life assets

Snow Software can help you scan your environment to reveal:

• IT assets already at the end of life
• IT assets reaching end of life within 12 months
• How many devices are impacted
• Where these assets are located

“With Snow, we gain real-time insight into our security risks, software consumption and asset inventory to help the Council make better strategic decisions in support of service delivery.”

Colin Lawrence, christchurch city council

The post Strategies for Detecting End-of-Life Software Assets appeared first on Snow Software.