How to Make Licensing Audits Less Painful

License compliance is tough, especially after a merger or acquisition. The secret to success of any license audit just may be normalization technology.

By Walker White

After your company completes a large acquisition, IT must identify opportunities for cost savings by rationalizing systems. Your chief financial officer (CFO) will expect a 10 percent (or greater) reduction in the IT budget as part of the planned, acquisition-related cost savings that he promised to Wall Street. You hope to partly achieve these savings by implementing IT initiatives at the acquired company, rationalizing applications, identifying unused licenses, eliminating maintenance fees, standardizing as much as possible on common platforms and systems, and consolidating data centers.

You must also identify potential IT risk from the acquired company’s systems. As a result, you have to assess the IT environment for compliance with license terms and identify unsupported software running on company systems. You will have less than a month to audit the environment, identify opportunities for cost savings, and assess IT risk.

You’re not alone. Hundreds of your peers at other corporations in North America are facing the same deadlines. According to Deloitte's third annual Corporate Development survey, executives anticipate an uptick in merger and acquisition activity over the next two years.

How do you go about this important task for your company?

First, The Bad News

In an ideal world, you would prepare for auditing the acquired company’s IT environment by using its IT asset management (ITAM) systems or its IT operations system, such as Microsoft System Center Configuration Manager or HP AssetCenter. You would run reports in these systems to identify every licensed and installed product to determine:

  • How many installed licenses are still unused
  • How many versions of each software and hardware products exist
  • Where you might have license compliance issues, (i.e., you have more licenses installed than your contractual terms allow)
  • Which installed products are no longer supported and pose a potential IT risk

If only you could pull such reports easily from those systems. Things are never that easy for two reasons.

Problem #1: What was purchased is not what is installed

Let’s use Adobe as an example to highlight the problem. Some users at the acquired company purchased and installed the Adobe Creative Suite, Master Suite, or Design Suite. Other users have purchased and installed individual products such as Photoshop or Illustrator. The ITAM systems of the acquired company are most likely to represent what was purchased, but their operational systems will show a list of individual products with versions numbers installed. In essence, its ITAM systems and IT operations systems are no longer speaking the same language, making it difficult to compare what you purchased to what you have installed or are using.

Problem #2: Discrepancies in vendor and product data

Using another example, an acquired company’s ITAM system says it purchased Hyperion Essbase, made by the vendor Hyperion (since acquired by Oracle), but the IT operational system, which extracts much of its software information directly from the software’s executable files, says that the Essbase product is from Oracle. In addition, the ITAM system may identify some Essbase licenses from the vendor Oracle, some from the vendor Oracle Inc., some from Oracle Ltd., and some from Oracle Corp., depending on where the licenses were purchased. Such discrepancies between systems require extensive manual reconciliation before IT can begin to analyze the data. If you must deal with thousands of products, it will be extremely difficult to use the information from these systems to make accurate assessments and identify potential cost savings.

Forecasting the Cost of License Compliance

Finding answers for your CFO and chief information officer (CIO) can get even harder. If you determine that you are no longer in compliance with license terms, you now must calculate the lowest cost of compliance (aka true-up). Unfortunately, you may end up overpaying because you are missing:

  • Compatibility information: If you’re going to spend money to acquire new licenses, you might as well make sure the software is forward compatible with your other IT system plans, such as Windows 7.

  • Suite information: If the software in question can be purchased as part of a suite or as standalone software, you want to know which licensing alternatives will achieve compliance at the lowest possible cost.

  • Support information: Why would you spend money on a software version that is due to expire soon? Instead, you would want to purchase the latest versions and budget for this in your compliance plan, so you must know the end-of-life dates of the software.

Assessing the Future Road Map

Although you would like to delay as long as possible any new software and hardware investments until you can rationalize the IT plans of the combined company, you may have to green light some of the planned investments earlier, so day-to-day business is not affected. In such a scenario, the more you know about the compatibility, end-of-life and licensing data, the more equipped you are to increase compatibility with your own IT organization’s future plans and to reduce problems later. But the effort required in collecting such data may be daunting.

How to Make an Audit as Easy as 1-2-3

The fastest way to get this data is to first organize the IT systems to address the inconsistencies and gaps in the data. For example, the purchasing systems describe an IT asset in one way, ITAM systems describe the same asset in a second way, and the IT configuration management tools in yet another. In addition, these systems don’t have external market information such as support life cycles, vendor information, licensing details, hardware specifications, etc.

To solve the problem, you must normalize the data. The normalization technology typically solves the problem by first connecting with your current IT inventory systems from vendors such as BMC, Tivoli, HP, and Microsoft and extracting information about your IT environment. Pre-built adapters in the normalization technology make the data extraction process quick and straightforward. Proprietary, rules-based technology is used to match each hardware and software entry in the extracted data against its embedded reference catalogs and normalize information in the extracted data -- updating and correcting vendor names, making product names consistent, and aligning version information. These reference catalogs used by the normalization technology contain information on hundreds of thousands of software product releases and hardware models and are updated daily.

This process will make all release numbers and vendor names consistent as well as determine changes from acquisitions. For example, it will recognize that Macromedia Breeze was acquired and is now called Adobe Connect Pro and accordingly update your data. The technology also uses the same reference catalog to simultaneously enrich the data by adding missing market information about each system, including support information, license details, and compatibility data.

As a result of this process, the extracted data about your IT environment is now consistent and enriched. It speaks the common language and can be easily analyzed or rolled up. The entire process of normalizing data is automated and takes no more than a few hours, depending on the size of the data within the systems. This normalized data now contains a set of correct and complete information that you can either use as-is to analyze and create reports or load back into IT operational, IT asset management, license compliance, configuration management database (CMDB), or reporting systems.

With the data normalized, you can create a report that quickly shows how many installed licenses are still unused, how many versions of each software and hardware you have, where you have license compliance issues, and which installed products are no longer supported and pose a potential IT risk. Regardless of which IT management systems the acquired company is using, software audits will no longer be painful. Instead, you will find yourself ready to provide your CFO and CIO with data that is accurate, comprehensive and actionable.

Walker White is the chief technology officer of BDNA Corporation, creator of Technopedia, an IT reference catalog that lists more than 450,000 hardware and software products from more than 11,000 vendors. You can contact the author at wwhite@bdna.com.