SOFTWARE AUDIT CHALLENGES OVERVIEW
Software audits disrupt operations, consume resources, and can result in massive, unbudgeted financial exposure. Even as organizations invest in the people, process, and technology to track and manage their entitlement and deployment data, Software Asset Management (SAM) programs often fail to protect against frequent and aggressive supplier audits.
Software audits are a central component of supplier sales strategies. Audits are used to drive revenue, gain visibility into product use, and push organizations to adopt new products or cloud solutions as a way to address compliance issues. Clients must protect themselves from these practices by understanding their own SAM programs, contracts, deployments, and entitlements — and learn how to fight back.
The software audit challenges that are addressed in this report includes:
1. Software Audit Virtualization
There are many ways that virtualization can cause non-compliant behavior and software publishers consistently take advantage of this by requiring that their customers follow non-contractual policies to govern the licensing of their virtual environments. This section details the tactics used by top software publishers to maximize compliance fees related to virtualization.
2. Software Audit Data Collection & Analysis Errors
It’s common for auditors to employ crude data collection methodologies that may not capture the full picture of your entitlements and deployments. As a result, many errors are made due to incorrect assumptions, lack of context, and even lack of experience from new or low-level auditors completing the work. These mistakes often translate to increased software audit fees and compliance costs. We detail how customers can mitigate data collection and analysis errors in their conducted audits to minimize software audit cost and exposure.
3. Software Environment Designations
Most software publishers have different licensing rules for production, development and testing, disaster recovery, and failover environments. Environment designations can sometimes be unclear, resulting in incorrect assumptions made by software auditors that can increase the total cost of your software audit bill. This section provides insights on how to identify incorrect assumptions made in an audit report related to environment designations, as well as ways to ensure licenses are counted correctly by the software auditor.
4. Indirect Access and Multiplexing
Indirect access or multiplexing can occur when a system is accessed or queried through a 3rd-party application, interface, gateway, middleware, or automated process. In situations like these, a single user account in a system could actually represent hundreds of unseen users that need to be licensed. As a result, compliance fees can easily be accrued for those that do not have a defined process in place to monitor and limit user access and maintain harmony with license agreements.
5. Software Audit Extrapolated Findings
In situations where the auditor’s software scans result in low inventory coverage, auditors sometimes default to an “extrapolation” approach. This means that they will take the findings from one portion of your environment and make the assumption that this applies to the rest of the environment. Results from extrapolation are rarely correct, often over-simplified, and inflated compared to the actual compliance exposure. This section details ways to prevent a software auditor from using an extrapolation approach and methods to rightsize the audit findings to correct levels.
6. Convoluted Metrics and Software Licensing Changes
Every vendor has unique licensing rules and metrics that your organization needs to keep track of to ensure compliance. Additionally, these licensing rules and metrics are continually updated as new editions, releases, and re-brands are made to product sets. Many of these metrics are convoluted with respect to how to correctly license, count, or utilize software owned by the business. We detail the risks that convoluted licensing metrics pose and methods to help mitigate future compliance fees.
7. Pirated Software Licenses
Software piracy is the unauthorized use of software due to duplication, installation, or sharing of license keys onto a device. Pirated license keys exist in most environments to some degree and are easy for users to obtain. Piracy occurs with respect to a wide range of vendors and can surmount to large compliance-related fees. This section provides advice on the best ways to address software piracy with your organization and software publishers.
The best defense against an audit is preparation. Understanding the tactics that vendors and auditors deploy will put you ahead of the curve during an audit to identify risk and mitigate optimization opportunities. Those that continually monitor their license positions and run self-audits of their environment will find the most success in mitigating compliance costs.