Q&A: The Software Licensing Lessons Vendors Don’t Want You to Learn

Almost every organization is over-invested in its software assets or paying for software it isn’t using. The trick is finding the how and the where

Pat Cicala is a veteran of many a bare-knuckle, drag-down bout with the big ISVs. For years, she’s preached the merits of doing effective software asset management (SAM) to (largely unresponsive) corporate executives, and she’s still preaching SAM religion today.

Cicala, a principal with SAM consultancy Cicala & Associates LLC, says, there’s plenty of ROI to be had from effective software asset management: Gartner, for example, estimates that organizations can typically shave up to nearly a third of their software costs. Because software vendors are adept at hiding charges and dissembling costs, she says companies must be ever vigilant.

Almost every organization is over-invested in its software assets or is paying for software it isn’t using. The trick, Cicala says, isn’t just to take stock of what you have—but also to go over your maintenance and licensing agreements with a fine-toothed comb. Unfortunately, too few organizations take SAM seriously enough, with the result that many, if not most, are over-paying for software.

You’ve said in the past that there’s a lot of ROI to be had in doing effective software asset management. But you’d think that organizations have perfected the art of asset management, given general principles of accounting, tax breaks, and now, regulatory compliance. What’s the problem here?

There’s a tremendous amount of ROI with effective SAM. I think Gartner has put the number at between 10 and 30 percent, and in my experience, it’s sometimes more than that.

But you have to understand that the poor beleaguered asset management person [who] has been tasked with this job, they have to learn this industry to do it. It’s not something they’re comfortable with or that really they have the background for or the expertise [to do]. That’s why there’s a resistance to doing effective SAM—they do not want to touch it. This is something where you’ve got to hire outside help most of the time, because outside help will always find something that can be improved upon, whereas inside the organization, there just isn’t the expertise, or the experience, or even the awareness.

So it’s a task that should best be left to the consultants? You’ve got to concede that’s a little self-serving, isn’t it?

The unfortunate fact is that a lot of people still don’t know how to manage software. Even though the technology industry and consulting industry have been kind of bad words from the perspective [of corporate decision-makers], this is something that a lot of [organizations] just don’t know how to do on their own. But they don’t want to pay those consulting dollars to go out and get outside help. [SAM is] much different from hardware [asset management].

Microsoft, Oracle, SAP, and others have incredibly high profit margins for a reason, then, while hardware-only companies like Dell are concentrating on eeking out profits wherever they can?

That’s exactly it. This is true in the mainframe space, of course, but I will tell you that the margin level and the confusion and the ROI only gets bigger as you go further into the distributed and server realm. It’s harder to do software asset management [in distributed environments], but the payoff can be much, much bigger.

Like, with Microsoft’s [Enterprise Agreement licensing], everybody’s paid up to the latest version, but no upgrades are available—Longhorn isn’t going to ship until next year, right, if then—and the applications you have there are very expensive. But what most people don’t know is [that] those CALs [client access licenses] that are already paid up, they can go to other licenses.

That’s one of the fundamental things—[that] people don’t understand the reuse of that license. They don’t understand that they can harvest it and use it again. So when they buy a new system from Dell, guess what? Usually the cost of the operating system or applications is factored into what they’re paying. But they don’t have to and they shouldn’t have to buy any more licenses.

Is this where most of the ROI comes from? If so, how does that help, say, a customer in a mainframe shop? For all customers, in mainframe and distributed environments, what are the most common sources of SAM over-spending?

It really comes from simple things like understanding that you have a maintenance cap clause, and that every year you get an automatic increase even though no one else did. Simple things like understanding that you have perpetual licenses for things that they’re now cutting out of your agreements, even though you’re still paying maintenance on them.

This isn’t a negotiating-a-deal kind of thing. This is just looking at your agreements and listing your assets and understanding the contracts you do have and understanding what kind of effect that has on your bottom line.

In one particular instance, we found a risk to budget that was one six-hundredth of what we found was the opportunity, so if you’re thinking ROI, your ROI is so much better than your risk. If you applied that to most organizations—I will tell you that if people did software management, not only would they get an ROI, they’d understand that their risk [of doing SAM] is a lot less than what they think they have right now.

When we talked a few years ago, in the midst of the economic downturn, you mentioned that most of your clients were tremendously over-invested in things like Oracle licenses, or SAP licenses, but that—until they started doing effective SAM—they just didn’t know this, and were continuing to pay maintenance accordingly. Has this situation changed now that the economic [environment] has improved—that is, now that companies are again adding employees to maybe account for those unused licenses?

No, it hasn’t. It’s something that the vendors count on, actually. The irony is that if you have too few licenses, [the vendor] is going to nail you, really hold your feet to the fire. But if you’re over-invested, no refund. Nothing. There’s nothing you can really do until it comes time to renegotiate.

The real issue with SAM is that you would think people would figure there’s a reason the vendors do that. The reason they have that rule is that they know you’re probably over-licensed but they want a safeguard. They’ve already booked the revenue, so if you guessed wrong, if you guessed too many, that’s your problem, not theirs. If you guessed too little and you’re caught, they want that revenue.

So what are some areas in which companies are still over-invested in software licenses, even after the economic downturn?

The server consolidation, for one! Companies are getting rid of all of these distributed servers and consolidating from the many to the few. In many cases, they have all of these perpetual licenses that they’ve already paid for, so there’s really no reason for them to buy new [licenses]. But—once again—many of them aren’t bothering to check their maintenance agreements.

What’s the problem here?

If you’re over-invested, even if you have a [SAM] program in place, even if you drop the licenses—if you’re over-invested in perpetual licenses, there’s always a means that you can go to get those back in the future, when the floodgates start opening again [i.e., you start hiring more people, or adding more servers]. But most of the vendors have reinstatement clauses [for these unused perpetual licenses] that say, “If you haven’t paid maintenance on these licenses, you’ve got to pay up to current [on your] maintenance in order to use them.”

In most cases, this is more expensive than just buying new software licenses! This is something you should pay attention to when you’re negotiating, because you want to avoid this kind of [reinstatement clause] if at all possible.

You’ve said that most companies still aren’t getting the message with respect to SAM. [Are] you optimistic that this might change, thanks to [the Sarbanes Oxley Act of 2002 (SOX)] and other [regulatory] requirements, which usually have pretty strict asset disclosure and liability rules?

I don’t know that SOX and some of the other regulatory issues are going to help that along any. What I think it’s going to take—it’s going to take something very scary that happens that’s very public, where somebody gets nailed.

Say they were out of the compliance for the purposes of SOX, they had all of these [software] assets that weren’t disclosed. The day that hits the front covers of the periodicals, that’s when executives will get religious about SAM. You might even see another quasi-governmental agency like the BSA that will help publicize the importance of doing [SAM]. But I think that’s what it’s going to take, unfortunately.