how to work with a vendor during an audit & what not to do – is there such a thing as a win...
TRANSCRIPT
The ITAM Review US Conference 2016
A publishers perspective Brian Ross – Director
License & Asset Management Practice
The ITAM Review US Conference 2016
The Veritas Approach: Holis2c Informa2on Management
Ensure data and apps are safe no ma<er where they travel
Informa(on Insight
Reduce risk with visibility, control and governance
Informa(on Availability
Ensure performance, up2me, resilience and scale
Informa(on Management
Informa(on Protec(on
New Business Capabili(es
BI / Analy(cs | New Products | New Services | New Processes | B2C / B2B | DevOps | LOB Value
Heterogeneous Sources
On Premises | Hybrid Clouds | Structured Data | Unstructured Data | Open Source | Hyper Converged
COMPANY CONFIDENTIAL Copyright © 2016 Veritas Technologies LLC
The ITAM Review US Conference 2016
Capabili2es within Each Category
Informa(on Insight Informa(on Availability
• Integrated Appliances • Backup & Recovery
• Copy Data Management
• SoTware Defined Storage
• Business Resiliency • Disaster Recovery
• Storage QoS for OpenStack
• Archiving & Reten2on
• eDiscovery • File Classifica2on
• Data Provenance • Distributed File System
Informa(on Protec(on
COMPANY CONFIDENTIAL Copyright © 2016 Veritas Technologies LLC
The ITAM Review US Conference 2016
A license review from a Vendor perspective
• Customers want to be compliant Campaigns for compliance yielded 77% response
• It is hard for customers to be compliant Complex environments and licensing models
• Customers are not always compliant (despite their best efforts) • Compliance ac2on can lead to be<er, stronger rela2onships
• More than half of customers ordered through asset review • Post asset review customers spend more • An FY16 Veritas sample survey -‐ 90% of customers had the same or
be<er rela2onship aTer an audit • Customers are being audited all the 2me by a vendor
They expect it, not if but when. • When renewing support, customers oTen don’t know what is deployed • Customers oTen don’t know what they are licensed to use
The ITAM Review US Conference 2016
Review types
• 3rd Party audit External globally recognised accoun2ng firms (Deloi<e, PWC, KPMG, EY) Execu2on of our contract verifica2on clause
• Self declara2on by customer (Direct Audit) • Campaigns
By product By geography
• Buying programs ELA agreements Site licences Service provider agreements
• Partner led reviews • Sales led reviews
The ITAM Review US Conference 2016
Vendor sample process
- 3 -
Methodology, Approach & Timeline
Key Deliverables ¡ Key Points of
Contact¡ Meeting / Onsite
Scheduling¡ Agreement on
overall milestones
¡ Participate in kickoff meeting with Customer
¡ Agree methodology and approach
¡ Confirm scope
Week 0
¡ Answer data gathering queries
¡ Confirm details of the IT infrastructure
¡ Determine and agree on methods to collect installation information
¡ Project Plan¡ Data Request List
Weeks 0 - x
¡ Collect & analyse software data
¡ Collect & analyse hardware data
¡ Collect & analyse proof of entitlement data
¡ Use existing data source where available
1. Kick-Off 2. Planning & Scoping
3. Data Collection
4. Verification & Testing
¡ Use sampling along with interviews if appropriate, to validate completeness and accuracy of data provided
Weeks x - y
5. Reporting & Close-Out
Week y - z
¡ Prepare draft report¡ Discuss preliminary
results¡ Incorporate
additional data from Customer
¡ Deliver baseline to Customer and Symantec
¡ Summary Table¡ 3-way Handover Call
¡ Completed Software Workbook
The ITAM Review US Conference 2016
Tension points
Common areas of tension in a review : • Notification
• Why was I selected ? • Non-disclosure
• Protection of what ? • Scope
• Products, Geo’s, Organization structure • Effective License Position (ELP) – the report
• Tooling accuracy for deployments • Entitlement records
• Settlement • Liability v Buy price
• Partnerships
The ITAM Review US Conference 2016
Emo2onal cycle during a se<lement
9
Denial Depression Acceptance Bargaining Anger
This is ridiculous. We are not overdeployed by 15k licenses
I’m going to rip and replace you !!
Ok well we want our normal buying price
I hope I don’t get
fired for not doing my job
We will learn from this and now have a be<er understanding of how to license your soTware
Important to know what phase you are in Never a<empt to nego2ate anything while in Denial or Anger Phase
The ITAM Review US Conference 2016
Where we typically see non-‐compliance
Company AIributes • Complex corporate structure • Purchased or sold as part of its
business (M&A ac2vity) • License administra2on/
Purchasing is decentralized, owned by several groups
• Demonstrated poor or completely missing SAM prac2ces or processes
• Relies on outsourcing partners for asset management
7
Consump(on paIerns • History of license transfers (indicates environmental change)
• Previously failed to renew maintenance coverage – without jus2fied reason
• Called for support or guidance for products it is not en2tled to use
• Refuses to provide product usage documenta2on,
• Avoids licensing discussions • Has expressed concerns about a “true-‐ups”.
The ITAM Review US Conference 2016
What shoud you do ? • Track all license deployments • Retain proof of purchases • Retain your contracts • Be proac(ve and review organiza(on aNer mergers or acquisi(ons • Be proac(ve in reviewing licenses due to changes in technology • Have a compliance process/execute it • Install soNware asset management soNware • Periodic reviews of your process / audit posi(on • Verify soNware licensing with your soNware vendor on a regular
basis • Educate your organiza(on • Communicate the importance of execu(ng compliance process • Have an established audit playbook • Be ready, be proac(ve!