how to work with a vendor during an audit & what not to do – is there such a thing as a win...

13
The ITAM Review US Conference 2016 The ITAM Review US Conference 2016

Upload: martin-thompson

Post on 14-Jan-2017

134 views

Category:

Technology


1 download

TRANSCRIPT

The ITAM Review US Conference 2016 The ITAM Review US Conference 2016

The ITAM Review US Conference 2016

A publishers perspective Brian Ross – Director

License & Asset Management Practice

The ITAM Review US Conference 2016

The  Veritas  Approach:  Holis2c  Informa2on  Management  

Ensure  data  and  apps  are  safe  no  ma<er  where  they  travel  

Informa(on  Insight  

Reduce  risk  with  visibility,  control  and  governance  

Informa(on  Availability  

Ensure  performance,  up2me,  resilience  and  scale  

Informa(on  Management  

Informa(on  Protec(on  

New  Business  Capabili(es    

BI  /  Analy(cs          |          New  Products          |          New  Services          |          New  Processes          |          B2C  /  B2B          |          DevOps        |        LOB  Value    

Heterogeneous  Sources    

On  Premises          |          Hybrid  Clouds          |        Structured  Data          |          Unstructured  Data        |          Open  Source          |          Hyper  Converged        

COMPANY  CONFIDENTIAL  Copyright  ©  2016  Veritas  Technologies  LLC  

The ITAM Review US Conference 2016

Capabili2es  within  Each  Category  

Informa(on  Insight  Informa(on  Availability  

•  Integrated  Appliances  •  Backup  &  Recovery  

•  Copy  Data  Management  

•  SoTware  Defined  Storage    

•  Business  Resiliency  •  Disaster  Recovery    

•  Storage  QoS  for  OpenStack  

•  Archiving  &  Reten2on  

•  eDiscovery  •  File  Classifica2on    

•  Data  Provenance  •  Distributed  File  System  

Informa(on  Protec(on  

COMPANY  CONFIDENTIAL  Copyright  ©  2016  Veritas  Technologies  LLC  

The ITAM Review US Conference 2016

A license review from a Vendor perspective

•  Customers  want  to  be  compliant    Campaigns  for  compliance  yielded  77%  response  

•  It  is  hard  for  customers  to  be  compliant  Complex  environments  and  licensing  models  

•  Customers  are  not  always  compliant  (despite  their  best  efforts)  •  Compliance  ac2on  can  lead  to  be<er,  stronger  rela2onships  

•  More  than  half  of  customers  ordered  through  asset  review  •  Post  asset  review  customers  spend  more  •  An  FY16  Veritas  sample  survey  -­‐  90%  of  customers  had  the  same  or  

be<er  rela2onship  aTer  an  audit  •  Customers  are  being  audited  all  the  2me  by  a  vendor  

They  expect  it,  not  if  but  when.    •  When  renewing  support,  customers  oTen  don’t  know  what  is  deployed  •  Customers  oTen  don’t  know  what  they  are  licensed  to  use  

The ITAM Review US Conference 2016

Review types

•  3rd  Party  audit  External  globally  recognised  accoun2ng  firms  (Deloi<e,  PWC,  KPMG,  EY)  Execu2on  of  our  contract  verifica2on  clause  

•  Self  declara2on  by  customer  (Direct  Audit)  •  Campaigns    

By  product  By  geography  

•  Buying  programs  ELA  agreements  Site  licences  Service  provider  agreements  

•  Partner  led  reviews  •  Sales  led  reviews  

The ITAM Review US Conference 2016

Vendor sample process

- 3 -

Methodology, Approach & Timeline

Key Deliverables ¡ Key Points of

Contact¡ Meeting / Onsite

Scheduling¡ Agreement on

overall milestones

¡ Participate in kickoff meeting with Customer

¡ Agree methodology and approach

¡ Confirm scope

Week 0

¡ Answer data gathering queries

¡ Confirm details of the IT infrastructure

¡ Determine and agree on methods to collect installation information

¡ Project Plan¡ Data Request List

Weeks 0 - x

¡ Collect & analyse software data

¡ Collect & analyse hardware data

¡ Collect & analyse proof of entitlement data

¡ Use existing data source where available

1. Kick-Off 2. Planning & Scoping

3. Data Collection

4. Verification & Testing

¡ Use sampling along with interviews if appropriate, to validate completeness and accuracy of data provided

Weeks x - y

5. Reporting & Close-Out

Week y - z

¡ Prepare draft report¡ Discuss preliminary

results¡ Incorporate

additional data from Customer

¡ Deliver baseline to Customer and Symantec

¡ Summary Table¡ 3-way Handover Call

¡ Completed Software Workbook

The ITAM Review US Conference 2016

Tension points

Common areas of tension in a review : •  Notification

•  Why was I selected ? •  Non-disclosure

•  Protection of what ? •  Scope

•  Products, Geo’s, Organization structure •  Effective License Position (ELP) – the report

•  Tooling accuracy for deployments •  Entitlement records

•  Settlement •  Liability v Buy price

•  Partnerships

The ITAM Review US Conference 2016

Emo2onal  cycle  during  a  se<lement  

9  

Denial Depression Acceptance Bargaining Anger

This  is  ridiculous.    We  are  not  overdeployed  by  15k  licenses  

I’m  going  to  rip  and  replace  you  !!  

Ok  well  we  want  our  normal  buying  price  

I  hope  I  don’t  get  

fired  for  not  doing  my  job  

We  will  learn  from  this  and  now  have  a  be<er  understanding  of  how  to  license  your  soTware  

Important  to  know  what  phase  you  are  in    Never  a<empt  to  nego2ate  anything  while  in  Denial  or  Anger  Phase  

The ITAM Review US Conference 2016

Where  we  typically  see  non-­‐compliance  

Company  AIributes  •  Complex  corporate  structure    •  Purchased  or  sold  as  part  of  its  

business  (M&A  ac2vity)  •  License  administra2on/

Purchasing  is  decentralized,  owned  by  several  groups  

•  Demonstrated  poor  or  completely  missing  SAM  prac2ces  or  processes    

•  Relies  on  outsourcing  partners  for  asset  management  

7  

Consump(on  paIerns  •  History  of  license  transfers  (indicates  environmental  change)  

•  Previously  failed  to  renew  maintenance  coverage  –  without  jus2fied  reason  

•  Called  for  support  or  guidance  for  products  it  is  not  en2tled  to  use  

•  Refuses  to  provide  product  usage  documenta2on,    

•  Avoids  licensing  discussions  •  Has  expressed  concerns  about  a  “true-­‐ups”.  

The ITAM Review US Conference 2016

What shoud you do ? •  Track  all  license  deployments  •  Retain  proof  of  purchases    •  Retain  your  contracts  •  Be  proac(ve  and  review  organiza(on  aNer  mergers  or  acquisi(ons  •  Be  proac(ve  in  reviewing  licenses  due  to  changes  in  technology  •  Have  a  compliance  process/execute  it  •  Install  soNware  asset  management  soNware  •  Periodic  reviews  of  your  process  /  audit  posi(on  •  Verify  soNware  licensing  with  your  soNware  vendor  on  a  regular  

basis  •  Educate  your  organiza(on  •  Communicate  the  importance  of  execu(ng  compliance  process  •  Have  an  established  audit  playbook    •  Be  ready,  be  proac(ve!  

The ITAM Review US Conference 2016

Questions?

The ITAM Review US Conference 2016

The ITAM Review US Conference 2016

Thank You