how to work with a vendor during an audit & what not to do – is there such a thing as a win...

The ITAM Review US Conference 2016 The ITAM Review US Conference 2016

The ITAM Review US Conference 2016

A publishers perspective Brian Ross – Director

License & Asset Management Practice


The Veritas Approach: Holis2c Informa2on Management

Ensure data and apps are safe no ma<er where they travel

Informa(on Insight

Reduce risk with visibility, control and governance

Informa(on Availability

Ensure performance, up2me, resilience and scale

Informa(on Management

Informa(on Protec(on

New Business Capabili(es

BI / Analy(cs | New Products | New Services | New Processes | B2C / B2B | DevOps | LOB Value

Heterogeneous Sources

On Premises | Hybrid Clouds | Structured Data | Unstructured Data | Open Source | Hyper Converged

COMPANY CONFIDENTIAL Copyright © 2016 Veritas Technologies LLC


Capabili2es within Each Category

Informa(on Insight Informa(on Availability

•  Integrated Appliances •  Backup & Recovery

•  Copy Data Management

•  SoTware Defined Storage

•  Business Resiliency •  Disaster Recovery

•  Storage QoS for OpenStack

•  Archiving & Reten2on

•  eDiscovery •  File Classifica2on

•  Data Provenance •  Distributed File System

Informa(on Protec(on

COMPANY CONFIDENTIAL Copyright © 2016 Veritas Technologies LLC


A license review from a Vendor perspective

•  Customers want to be compliant Campaigns for compliance yielded 77% response

•  It is hard for customers to be compliant Complex environments and licensing models

•  Customers are not always compliant (despite their best efforts) •  Compliance ac2on can lead to be<er, stronger rela2onships

•  More than half of customers ordered through asset review •  Post asset review customers spend more •  An FY16 Veritas sample survey -‐ 90% of customers had the same or

be<er rela2onship aTer an audit •  Customers are being audited all the 2me by a vendor

They expect it, not if but when. •  When renewing support, customers oTen don’t know what is deployed •  Customers oTen don’t know what they are licensed to use


Review types

•  3rd Party audit External globally recognised accoun2ng firms (Deloi<e, PWC, KPMG, EY) Execu2on of our contract verifica2on clause

•  Self declara2on by customer (Direct Audit) •  Campaigns

By product By geography

•  Buying programs ELA agreements Site licences Service provider agreements

•  Partner led reviews •  Sales led reviews


Vendor sample process

- 3 -

Methodology, Approach & Timeline

Key Deliverables ¡ Key Points of

Contact¡ Meeting / Onsite

Scheduling¡ Agreement on

overall milestones

¡ Participate in kickoff meeting with Customer

¡ Agree methodology and approach

¡ Confirm scope

Week 0

¡ Answer data gathering queries

¡ Confirm details of the IT infrastructure

¡ Determine and agree on methods to collect installation information

¡ Project Plan¡ Data Request List

Weeks 0 - x

¡ Collect & analyse software data

¡ Collect & analyse hardware data

¡ Collect & analyse proof of entitlement data

¡ Use existing data source where available

1. Kick-Off 2. Planning & Scoping

3. Data Collection

4. Verification & Testing

¡ Use sampling along with interviews if appropriate, to validate completeness and accuracy of data provided

Weeks x - y

5. Reporting & Close-Out

Week y - z

¡ Prepare draft report¡ Discuss preliminary

results¡ Incorporate

additional data from Customer

¡ Deliver baseline to Customer and Symantec

¡ Summary Table¡ 3-way Handover Call

¡ Completed Software Workbook


Tension points

Common areas of tension in a review : •  Notification

•  Why was I selected ? •  Non-disclosure

•  Protection of what ? •  Scope

•  Products, Geo’s, Organization structure •  Effective License Position (ELP) – the report

•  Tooling accuracy for deployments •  Entitlement records

•  Settlement •  Liability v Buy price

•  Partnerships


Emo2onal cycle during a se<lement

9

Denial Depression Acceptance Bargaining Anger

This is ridiculous. We are not overdeployed by 15k licenses

I’m going to rip and replace you !!

Ok well we want our normal buying price

I hope I don’t get

fired for not doing my job

We will learn from this and now have a be<er understanding of how to license your soTware

Important to know what phase you are in Never a<empt to nego2ate anything while in Denial or Anger Phase


Where we typically see non-‐compliance

Company AIributes •  Complex corporate structure •  Purchased or sold as part of its

business (M&A ac2vity) •  License administra2on/

Purchasing is decentralized, owned by several groups

•  Demonstrated poor or completely missing SAM prac2ces or processes

•  Relies on outsourcing partners for asset management

7

Consump(on paIerns •  History of license transfers (indicates environmental change)

•  Previously failed to renew maintenance coverage – without jus2fied reason

•  Called for support or guidance for products it is not en2tled to use

•  Refuses to provide product usage documenta2on,

•  Avoids licensing discussions •  Has expressed concerns about a “true-‐ups”.


What shoud you do ? •  Track all license deployments •  Retain proof of purchases •  Retain your contracts •  Be proac(ve and review organiza(on aNer mergers or acquisi(ons •  Be proac(ve in reviewing licenses due to changes in technology •  Have a compliance process/execute it •  Install soNware asset management soNware •  Periodic reviews of your process / audit posi(on •  Verify soNware licensing with your soNware vendor on a regular

basis •  Educate your organiza(on •  Communicate the importance of execu(ng compliance process •  Have an established audit playbook •  Be ready, be proac(ve!


Questions?



Thank You

how to work with a vendor during an audit & what not to do – is there such a thing as a win...

Technology