It is not rocket science. But it is still proving a major headache for companies worldwide as they attempt to reconcile the third party software programs they are using with the licences that give them the right to operate those programs.
The two numbers rarely match.
In the past, the principal worry has been underlicensing – using software for which the business has no licence – which potentially opens the company to legal action, fines, even withdrawal of the software in question. Today, just as big a concern is overlicensing – paying for licences, support and maintenance of software that are not being used.
Managers are right to worry: “If you don’t get it right, you can very quickly get yourself into difficulties,” says Ranjit Aulek, a partner in PwC’s licensing services practice. “In companies with 250 and more users are where the problems usually start.”
So how serious is the problem for companies?
A large enterprise licence essentially covers use of the software by anybody employed by the company and is agreed between vendor and customer usually on the basis of the number of staff. The number of people who actually use the software may be substantially smaller, meaning the business is paying for unused licences.
Being able to prove exactly how many people use the software is a first step towards reducing the number of unnecessary licences paid for.
Simon Scarrott, head of business development for Compass Management Consultants, says: “The mismatch arises because the technical people who exploit the functionality that has been purchased do not converse with the people responsible for acquiring the software.” He suggests that savings of up to 12 per cent are possible by removing “shelfware” – software bought but never used.
Mergers and acquisitions are a potent source of shelfware. Research carried out by Computacenter, the international IT company, concludes that reconciling software licences and liabilities is the greatest challenge CIOs face after a merger: a “minefield of software compliance and legal issues” as Computacenter puts it.
But there are substantial financial benefits to be had from rationalisation. David Mitchell of the consultancy, Ovum, estimates that between 30 and 50 per cent of the putative savings from any given merger will come from IT and up to 40 per cent of those from software.
Furthermore, software not entered on a company’s asset register can undervalue the business – often by millions of dollars. As John Lovelock, chief executive of the Federation Against Software Theft, said in the March 7 Digital Business podcast: “In most businesses people don’t realise that while they may be under-licensed, invariably they are over-licensed.
“We work with about 8,000 companies in the UK, many of which have found they have computers in cupboards, computers under the stairs, computers in the warehouse, where they’ve made a department redundant, for example, forgetting that those licences are a valid piece of software that they could use when their business grows again.
“Gaining control and listing every piece of software as well as all of the hardware is a way of making sure that that redeployment can take place.
“We found a well-known financial services firm with £3m of software assets that they had a right to use that were not listed on an asset register. In any merger and acquisition activity, that company would try and sell itself or merge with another organisation with £3m of assets not listed and they could potentially lose that money.”
But gaining and keeping control of software can be difficult. Theresa Bui Friday is vice president, marketing of Palamida, a San Francisco-based company whose software can automatically identify all the open source programs a company has installed on its computers. Its customers include Microsoft and Avaya.
She says: “We have never done an audit – either ourselves or a customer using our product – where we have not found at least five times more open source software in their codebase than they thought they were using.” Palamida software is capable of identifying 780,000 different open source programs in all their variants.
One factor in this growth of unrecorded and unregistered software is the large information technology departments now common to big companies and staffed by thousands of engineers with the right to buy and install external software. She quotes the chief executive of a large insurance group employing 2,000 IT professionals: “I now have an additional 2,000 procurement officers. Software and licences are entering the bloodstream of our company and we have no way of tracking what is going in.”
But Mr Scarrott of Compass Management Consultants says these purchasing patterns reflect sloppy management: “People are purchasing in a fairly lazy way. To cover themselves from reprisals from a software licensing point of view they will buy a large enterprise licence without doing the due diligence of asking themselves: ‘Do I really need this much software?’.”
There are answers, however, but no magic bullets – only the bullet of hard work to be bitten as companies carry out an audit of all the hardware and software they use. John Lovelock of Fast says: “Everybody makes it sound as if it’s a complicated process. It’s not, but it does mean a lot of hard work in the first instance. After that it becomes easier. The first stage is an electronic audit followed by a manual check on every machine that is not connected to the network.
“Companies with a fleet of a couple of hundred cars would generally have a fleet manager. The value of all the software in the organisation is probably greater than the value of the cars but there is no IT licence manager.” Such an individual, if they existed, would combine technical and fiscal responsibilities with the ability to hold a view of the company’s IT requirements.
Change could be in the air, however, as the shadow of compliance legislation lengthens. Steve Reynolds, managing director of Civica Services, a Microsoft Large Account Reseller, says: “Senior managers are more actively involved as corporate governance principles gather momentum, whether driven by Sarbanes-Oxley or ISO licensing standards. Financial directors are demanding better ways to manage costly but intangible assets, such as software licensing, in the same way as physical assets like vehicle fleets.”
Resellers, he notes, are increasingly advocating a control process based on the discovery of what software is employed – using electronic tools of the kind provided by Palamida and other vendors – what software has been bought and the reconciliation of the two: “This provides four benefits,” says Mr Reynolds. “It drives cost savings, allows the reharvesting of licences, achieves compliance and critically, creates a continuous loop to achieve policy improvements.”
The new popularity of “virtualisation”, which can involve running multiple operating systems and applications on the same machine, presents a new level of complexity. Mr Lovelock of Fast says if an organisation has failed to exert control over its software acquisition policy before it attempts virtualisation it will soon be in trouble.
Ranjit Aulek of PwC points to the importance of a new standard for software asset management, ISO/IEC 19770-1, published last year and exemplifying best practice. It is being tested in the UK first and the intention is that it will then be rolled out universally. Looking further ahead, the advent of “software as a service”, where customers buy or rent software when they need it and have it delivered over the internet, could put an end to the problem of over and under-licensing.
But Mr Aulek is cautious: “We may be a little way off software as a service becoming industry-wide. In the meantime there is a real risk that many companies could be non-compliant or paying too much for software they don’t need.”