How to Maintain the Driver’s Seat During an Audit
Until his recent transition to Anglepiont, Ben Morgan had spent his career working for publishers—including Attachmate, Micro Focus, and Quest—as a senior member and leader of their License Compliance teams. Ben quickly gained a reputation for his firm negotiation skills and tactics. Now on the other side of the fence, he works closely with Anglepoint’s clients to help strengthen their defense against auditors.
Join us as Ben and Kris Johnson, Anglepoint’s Chief Product Officer, discuss what to do to remain in the driver’s seat throughout an audit.
We discuss:
- How to be prepared for an audit by effectively proving license usage
- Strategic positioning based on when an audit takes place
- The cracks auditors are looking for in your SAM practices
- Knowing the strengths and weaknesses of automation
If you’re interested in learning more about Ben, connect with him on LinkedIn.
For more tips and information on navigating software compliance audits, download our ebook.
Dig into more insights from ITAM executives by subscribing on Apple Podcasts, Spotify, or wherever you listen to podcasts.
Listening on a desktop & can’t see the links? Just search for The ITAM Executive in your favorite podcast player.
Webinar/Podcast Transcript
Ben Morgan: We would actually get excited when someone had extreme confidence in their tool because the problem is that the tools are not cheap, right? They cost a lot of money. They cost a lot of money to manage, to implement and to upkeep. So it’s very easy once you have a dashboard telling you’re okay.
There’s so many things going on underneath that if you don’t and are not paying attention to them individually. It’s pretty easy to get outta control. You’re listening to the ITAM Executive, a podcast for ITAM leaders and practitioners. Make sure to hit subscribe in your favorite podcast player and give us a rating.
In each episode, we invite seasoned leaders to share their tips on how to define your strategy, promote the value of ITAM in your organization, and align your program with the latest IT trends and industry standards. Let’s dig in.
Kris Johnson: I was really excited, obviously when you joined. In my mind it’s, oh, Ben Morgan.
He’s one of the hardest negotiators on the other side of the table from an auto endpoint. And customers don’t know what they’re walking into when they’re getting on a phone call with Ben Morgan. And now he’s on the other side of the fence. And what an opportunity it is. For us now to hear from your perspective, so what’s going on behind the scenes in the minds of the negotiator for the publisher?
What should customers know about that dynamic? I’ve likened it when I do the Anglepoint audit support framework. It’s like the teenager going in to buy their first car and the car salesman owns them because that car salesman does this every day. The teenager. Has never done it. If they have done it, they probably haven’t done it very often.
And that power dynamic has been apparent to me in the past. So what can we learn from this season negotiator on the other side to help reinforce that.
Ben Morgan: Yeah, so I think it would be good to give some perspective of why. I’ve arrived at where I’m at from an experience level, as you mentioned, I started out at Deloitte and Touche back in the early 2000’s working for their contractors and compliance team.
Through that, I was a part of many publishers, but the one that I gravitated towards was a company called Attachment back in the day. Attachment, which primarily along with WRQ merged together and created basically the entire market for what you call mainframe emulator software. Primarily a product called Reflection and a product called Extra.
At that point in time, that company was purchased by a private equity firm and that the goal of the private equity firm was to maximize revenue for a future resale. That model is something that I followed throughout the rest of my publisher focused career, not only at Attach Mate. But that what was then considered the they called TAG group, which included the no Nove and SUSE products, which was then eventually formed with Microfocus, and then I went and left Microfocus and then went and worked with Quest.
Every single one of those were privately owned except for the Microfocus team was owned by a private equity firm. Now, all of those, the other thing that they have in common is they’re relatively old software publishers, right? So they’re deep in their product life cycle. They’re owned by a PRI private equity firm whose goal is to minimize expense, maximize profit, and bolster for resale.
What that led to was because they had a historic. Customer base and for the most of those products were desktop applications that were primarily mismanaged in the environment because there was some high complexity to their licensing models. It lent itself to a compliance program that was bent towards aggressive.
So if you look at a spectrum of aggressive, it’s good to note that there’s compliance programs that are sales driven, right? The compliance department will identify a shortfall and then hand it off to a sales team to close a deal. Then there’s those that are looking to help their customers to stay in compliance, right?
So they work with their customers to say, Hey, you’re out of compliance. Now. Here’s how in the future you can stay within compliance. So it’s an educational program, and then there’s. Programs that I was involved with, which is, hey, from our perspective as a corporation, this was revenue that should have been received at the time that the consumption happened, and therefore, we are looking to recoup that revenue.
That was lost historically.
Kris Johnson: So essentially, this private equity firm is buying up cash cow platform, almost like a franchise, right? It’s a cash cow product. They’re probably not investing a lot in new features and functions. Mainframe terminal emulation, that, as you mentioned, doesn’t necessarily require a whole lot of investment to keep that product current.
And so they’re just looking to maximize the revenue with a minimal amount of investment. And the compliance program was the she bet for that.
Ben Morgan: Yeah and then, and it was historically mismanaged in the late nineties and early two thousands. That was before Sam. I don’t even know if it was a word at that point or an acronym.
At that point in time. It was really market share and everything, especially desktop applications were licensed. You got a disc in the mail or you downloaded a copy and it was a basically an honor system. And so it was very easy for a lot of organizations, especially large organizations. Were managing their network environments with, hey, especially, one of the things that really got people in trouble historically was placing a, an application on an image or using technology like Citrix or other hosting type technology.
What they didn’t realize is everybody was under the opinion that it was a consumption-based system. It’s not a consumption-based system, especially for. Those older companies, it was installation based. So if somebody had access to that product, then they required a license. In my auditing days as well as running compliance programs, the discussion always came down to, Hey, we’ve deployed this many, but we only use this many, and that was a non-starter for companies like Attach Rate and Quest.
Kris Johnson: Yeah, that’s what you were going after, right? Is that discrepancy and understanding of access or even potential access versus use and this era of you’re helping lead the compliance program and attachment is where our paths crossed a number of years ago in our, both of our former lives where I was.
Auditing on behalf of attachment, working for a different firm at the time. And it’s that fine print of, and sometimes there’s ambiguity in that language where it’s a little bit gray use of the software, access to the software versus potential access to the software. When you talk about people having access to a Citrix environment where they, it’s possible to access, say, reflection over that Citrix client.
Depending on the level of access granted, and the burden of proof becomes coming upon the customer to prove that they’ve restricted it in certain ways. Otherwise, a company like attachment is going to count the worst possible scenario to maximize the revenue potential.
Ben Morgan: Yeah, that’s correct. We had to do it that way.
The issue with, whenever somebody wants to have a discussion around use prior to the ability of the cloud or some of the technology that we have today, which can monitor usage at that time, that wasn’t a possibility. So just because someone it, they could have access, but you couldn’t. Tell specifically who was accessing, who wasn’t, and especially historically who had accessed not.
So while I understand the plight of the customer, it was also the right of the publisher at the same time to say, Hey, because we can’t determine, we have to default to this opinion that if someone has access, then they need a license.
Kris Johnson: Yeah, I remember a presentation I heard from a lawyer, an IT lawyer.
Tell me one time that ambiguity always favors the licensor. The burden of proof is on the licensee, that you’re protecting it in a way consistent with the terms and conditions of the contract. And if the contract is somewhat ambiguous or there’s some gray area that doesn’t benefit the licensee, it benefits the licensor.
Ben Morgan: That’s right. That’s right. And to tie that into today, right? Cause I we’re talking about someplace 15 years ago to tie that into today, customers now can use to their benefit is a basic knowledge of where a company is in their life cycle. Quest is a good example. They’re still held by a private equity firm.
I think this is an even a broader conversation around VMware in the recent acquisition by Broadcom, these companies that are being purchased, Those are the ones that you’re gonna start seeing aggressive compliance programs that, you know, some of the tactics that were used in my past at question and attachment.
I think that the benefit of the customer is that, Knowing that they’re looking at these as revenue streams, they can prepare and whether it’s prioritize those publishers so they make sure that they’re staying within compliance for their with their SAM program, or if they’re currently in an audit, Hey, what are the leverage points for.
This specific company, one of the things that we always were challenged with is we did hold a very strong line in regards to negotiation and we were maximizing revenue, but we’re definitely tied very closely with both quarter and year end revenue. So somebody who’s negotiating in Q1 is going to get a much more difficult negotiation than somebody who’s.
Negotiating at the end of Q4, knowing where that person is in their financial quarter or that company is in their financial quarter, is a huge benefit If you’re at that stage of the audit.
Kris Johnson: Yeah, it’s a great point. It’s something that we cover in the AnglePoint Audit Response framework is knowing where the leverage points are, and part of that is understanding what is motivating the publisher in the audit activity.
And certainly in the case of Quest and others, those programs are run in some cases out of the legal department, but yet the compliance managers were eligible to go to sales club that revenue that they generated is seen as a sales opportunity or treated it like that from a quota retirement standpoint and from a.
Standpoint. This all feeds into one of the things that we do at Anglepoint with our managed services clients is do a spend and risk analysis of. Our clients publishers to take a look at how much money have they spent on average over the last six years with a particular publisher. And then we actually score that publisher within a rubric of how likely you are to get audited by them.
And how aggressive that audit is likely to be. So those factors that you’re talking about, are they owned by a private equity firm? Are these cash cow products that they have, that they’re just trying to maximize revenue with minimal investment, et cetera, based on our industry experience as well in defending clients against such audits.
There’s a score that we ascribe to a publisher to help fi the publishers that our clients are spending the most money with, as well as the publishers, that they’re most likely to be audited and audited in an aggressive fashion, so that you’re focusing your SAM efforts on where it’s going to matter most.
Ben Morgan: Yeah, and I’ll tell you from experience of mine, I’ve spent 15 plus years targeting customers that have the likelihood of being adequate play compliance for a specific publisher. And I will tell you, we’ve even gone as far as hiring actuaries to go through the data to do that. And it’s surprisingly enough, the correlation that is the highest indicator of at least potential revenue from a compliance scenario is your customers with highest spend, right?
So it’s a little counterintuitive because you would think, Hey, our best customers, meaning there’s customers that spend the most with us, Probably are within compliance because they’re purchasing the most software. But what’s not intuitive is those customers are the ones that are also using your software the most, and so they have the higher likelihood of actually still being.
Over deployed and under entitled spend is a little bit difficult as well because obviously most software companies, at least historically, have had a perpetual license and one year of maintenance as the initial sale, and then you have corresponding maintenance. So you’ll see technically if they don’t buy any more licenses, you’ll see technically from that year one to year two you’ll see a 75% drop in revenue because they’re only obviously renewing their maintenance.
So what we are looking for, especially not only the emulator products in MyQuest days, that towed database products were obviously the biggest cash cow for us from a revenue standpoint. And the problem with all of that software is they didn’t require an all or nothing maintenance program. And those products are so old and have been around so long, they really didn’t update them much.
And so customers would stop their maintenance spend on those products. So one of the other indicators we would do is how much initial product did they own? And has their maintenance decreased over time? So my recommendation to customers when you know they’re looking at their current spend is to know that is one trigger that compliance programs are looking at is reduced maintenance spend over time.
Kris Johnson: Yeah. It’s like we tell our clients, if you’re going to cancel support you, you better be very confident in your ability to track and manage your deployments and. Not just the deployments, but potential access to the software through thin clients and other means as well.
Ben Morgan: Yeah, and to go back to that Toad reference, the other thing is that specifically Toad, as it was deployed, what it actually deployed.
There’s multiple additions of the Toad product, for example, that has all these abilities, modules, whatever you want to call them, and the costs are significant between kind of your base model and your pro model. The way that they actually deployed the product. When you deploy it on your machine, it actually deploys all the modules and then you use a specific license key to unlock, so you’re actually purchasing the license key, not really the software you can get for free.
The license key is what unlocks it. So the problem is that customers would. Reduce their maintenance spend, but then continue to use these new license keys and therefore that’s how they were getting themselves in some serious compliance issues because they had obviously deployed more of a higher addition than they were accessed to.
Kris Johnson: What was your experience working with customers that had invested in SAM Tools? So if you have a, let’s say a practitioner, they might say, oh we’ve got our tow licensing, we’ve got our reflection and extra licensing. Under control because we’ve invested in X, Y, Z tool or platform and we’re able to generate reports and understand what our deployments are relative to our entitlements.
Is that sufficient or how would you respond to a person that feels confident because they’ve got a tool deployed that’s producing reports for them, that they’re managing their clients sufficiently.
Ben Morgan: Sure. I’ll tell you up until the day that I left Quest and now working for customers who are either preparing for or managing their Quest environment as well as some that are actually in the middle of Quest audits.
To this day, quest will not take. Any software asset management tool report as evidence of compliance. So they don’t trust them. So what they want to do is they will trust a customer’s, for example, inventory tool. So if the tool is inventory and can look to see specific executables or for example, ad remove program reports, they’ll take those tools.
So if Quest was to audit a customer today, they would still ask you, are you running, for example, Microsoft. Can you run these specific reports? Those reports will pull the data and then they’ll do the analysis to determine what type of license it is, what addition it is, what version it is, when it was deployed, how long it’s been deployed.
They won’t take something, for example, a Flexera report or Snow report or something like that, that would indicate any type of compliance.
Kris Johnson: Yeah, and is the reason for that, the fact that many of these platforms and systems aren’t taking into account these corner cases, which are the cash cow revenue generators for these compliance programs such as access to the software over a thin client.
Ben Morgan: That’s exactly right. The big multipliers, if you will, of how software can be over deployed are gonna be missed by the tool, as well as the tool itself being properly configured to accurately reflect what’s installed, whether it’s on a thin client or not. It’s just, it’s really difficult and to date, I don’t think quests or microfocus, for that matter would take those at face value.
Kris Johnson: I’m just hearing in my mind. People from SAM tool companies saying wait a minute, we’ve got an integration with Citrix where we can bring all that Citrix information into the platform and give you visibility into that type of access and therefore license consumption. What would you say to that?
Ben Morgan: I think for both of us who come from an audit background, the more tools, systems, people, whatever you want to add in there is additional things, the more removed you get from the data itself. And so the problem that the publisher has is it doesn’t know what, how the data’s been manipulated in that string from its raw form to the report.
Right, and so unless they took that report and then worked themselves back to the raw data to make sure that report was correct, they’re not gonna trust it. And so I think that’s why they’re still sitting at that. Hey, we’d rather get the raw data from you, do our own analysis, provide that back to you and show you how we analyzed it than work themselves backwards from a report.
Kris Johnson: Yeah, I think it highlights some of the inherent limitations of automated tools because a customer might have a custom negotiated agreement with custom terms. That tool was programmed to probably calculate consumption based off of the standard definitions and standard use rights of a particular product and particular publisher.
So there’s always gonna be nuances when you have a custom license metric in that regard. But beyond that, just like you’re saying, the more removed you get from the raw data, the more black box it becomes, right? Most SAM tools don’t necessarily publish how exactly they’re calculating these things, and they might consider that to be part of their intellectual property.
That leaves everybody else in this black box mode to just blindly trust that the numbers that are getting spit out or somehow right. And I think you and I both know, having been on the different sides of this, that there’s enough complexity around the gray area, even like the thin client scenario where it’s not just who’s accessing the software, but who has potential access.
I remember very vividly in helping support some litigation or customer along these lines where you really have to dive into. Okay, there’s the application access to the application through Citrix. Then there’s access to the application through Citrix, but also has a credential to log into the application.
There’s a level of who has potential access to Citrix, but hasn’t necessarily accessed Citrix. There’s access to the application, but hasn’t necessarily access accessed the application, right? So there’s all these different layers of access and potential access that the auditor wants to just count it all right.
And again, the burden of proof being on the customer, you’re likely not to get that level of detail from a off the shelf SAM tool that, that’s doing a simple integration at one, perhaps level of those levels of measurement.
Ben Morgan: And even as I’ve joined Anglepoint, and I’ve gotten a much larger perspective on the SAM tool market, even from our perspective as we’re helping our customers.
Integrate, F and m s, whatever the products that they’re using. It does take a lot of manual management of licenses still within those automated tools, and that relies on someone making a best guess on what the metric is, right? Is it CPU? Is it core? Is it whatever the metric may be. That still to some degree for these, especially these specialty publishers, a bit of a gray area.
Kris Johnson: Yeah, so I always tell customers, okay, you might be able to tell me what your tool does do, but if you can’t tell me what it doesn’t do, you fundamentally don’t understand what it does do. That’s where it’s very hard to get to a very detailed technical understanding of the calculations of the license consumption metrics.
What are the artifacts that are being used to determine consumption? How does that relate to a custom metric identified in a custom license agreement? Again, these are all inherent limitations of automated tools, so I think we’re on the one hand sympathetic. To tool vendors because their job is next to impossible to do right all of the time, but also very clear and transparent on the challenges that those realities create for practitioners and the need to go beyond what commercial tools can inherently offer and making sure that you’re managing it even in less automated ways that get you to a level of accuracy that you can be confident in the event that you are audited.
Ben Morgan: Yeah, to just nail that point home it, we would actually get excited when someone had extreme confidence in their tool because the problem is that the tools are not cheap, right? They cost a lot of money. They cost a lot of money to manage, to implement and to upkeep. So it’s very easy once you have a dashboard telling you’re okay, there’s so many things going on underneath that if you don’t and are not paying attention to them individually.
It’s pretty easy to get outta control.
Kris Johnson: Yeah, so to our ITAM executives, maybe the message here is it’s necessary to make investments in tools and platforms to, to be able to house data, to be able to report on data, but be very realistic about the job that you’re asking that tool to do, and any automated capability to do that.
And it needs to have a strong dose of reality added to it that there’s always going to be. Cases and license metrics and scenarios where you’re going to require additional expertise outside of that tooling platform to enrich that information and that data to get to what we would consider an audit accurate result.
Yep. I would agree. As I mentioned before, I hold you in very high regard, Ben, one of like premier, like hard-nosed negotiators on the side of publishers, which is maybe a distinction that you’re wanting to distance yourself from now that you’re on the other side of things, but what would you tell our listeners, practitioners, customers, they’ve gotten an audit letter from any audit firm and are entering in those initial conversations, what would you tell them?
To be on the lookout for, or what would you advise them now that you’re in their court?
Ben Morgan: Sure. Again, we talked a little bit about just knowing who the player is, right? Who are they, where they at? That’s gonna be crucial. Two, there’s a tendency, I think it’s less now than it was 10 or 15 years ago, but there’s this tendency to still be nervous or scared about the audit letter.
I think if people don’t already know, it’s normal practice, right? This is almost every publisher has a compliance program of some sort, and they’re all actively looking to leverage compliance to whatever their end goal may be. Revenue, go forward, relationships, whatever that may be. So remember as a customer, you’re still in the driver’s seat, you’re still the customer.
They don’t have a desire to lose you as a customer, in most cases. I’ll say that. And there’s still an opportunity to be in that driver’s seat. I think one thing, I’m sure you hammer this home in your compliance framework, but managing the data, that’s gonna be critical, obviously, making sure that you understand what they’re asking for.
You’re reviewing it, that it’s in terms and conditions of what your contract states, you’re required to provide them, and then making sure that’s not happening in a black box. On the publisher’s side, if you’re sending data and they’re sending something back, I’ve seen some publishers, other publisher compliance programs, they basically just send back a quote that says, Hey, you’re outta compliance.
You owe this much money, so make sure that you understand. If you haven’t done the analytics or had someone do the analytics for you, you get walked through what their detailing that you’ve deployed and how you’ve deployed it, and don’t be afraid to test that. Also, if you’re to the point where the data is the data and you’re past that point, you’re still in the driver’s seat, right?
Their goal, especially for the revenue generating programs, their goal is to, is money in the door, and people would probably categorize the work that we did at Attachment, the work we did at microfocus. In a Quest, they would probably categorize it as, aggressive. There were cases where we did follow some pretty hard lines of what our range of negotiation, that baseline and maximum ability.
We stayed pretty aggressive on those of the thousands of audits we did. And for the millions of dollars we collected, I think we probably went to court maybe 10 times. That’s something we did not want to do. That was definitely a last course. So if the back of your mind as a customer is, if I don’t immediately comply to this, I’m gonna end up in court.
At least from my experience, that’s a very unlikely end goal.
Kris Johnson: Can happen, has happened. We’ve seen the headlines again, I’ve personally been involved with some of those defenses, but you gotta not let that overly influence your decision making and actions. And very happy to hear you say the customer can still be in the driver’s seat.
That’s actually step one of Anglepoint to audit defense methodology is. Very practical, tactical things that you can do to stay in that driver’s seat, which we’ve helped customers to do successfully countless numbers of times. What about if you were to make a top 10 list of mistakes customers make in an audit?
What might be to the, some of the top ones on that list?
Ben Morgan: From my perspective, some of the things have some idea whether it’s through it. If you’re leveraging your SAM, whether it’s working with your SAM team, if you have a SAM team, making sure you have some idea of what’s deployed. I can’t tell you how many times I’ve launched audits and the customer doesn’t even have an understanding of what the product does or where it’s at.
Making make sure that whoever is talking to. The publisher from, if you’re in an audit, that person has knowledge of that specific publisher who owns that software, the product owner, how it’s being leveraged within the corporation. There’s scenarios where it may be required for every employee of the organization to use that software, or maybe nobody’s using that software, but some have some idea of where you’re at, where at least what the function of the application is.
Kris Johnson: Yeah. What’s the business need that software is fulfilling or was intended to fulfill at one point?
Ben Morgan: Yep. Also, a knowledge of when you started using that product. The way products were deployed and are currently deployed, that’s gone through its own lifecycle over the last 20 years. And there’s been, and for every organization there’s a different way that they procure.
Deploy, manage and remove software from their systems. We have a good understanding of that because so many times I’ve talked with people and they want to break everything down to a usage based model. I only have this many people who use this product. That’s gold. To his cash cow publishers because they know the software is there, whether it’s being used or not is irrelevant to them.
I think maybe third is having an understanding of the data itself and how you control that data can be critical into, in the situation of an audit, make sure that. If they’re asking for data, you should be looking at that data. You should be checking that data and forming some opinion of what that data states, right?
Knowing where you’re at, going into that conversation with them once they look at that data is gonna be critical as well, because you don’t want to be caught off guard when you said, okay, here’s the raw data, I have no idea what it means, and then all of a sudden they show back up. Then now they have all the cards.
That’s the biggest struggle that I see with. Customers today who are looking to manage all of their software publishers, you’re going up against somebody who does the same thing every single day and they have a very deep skillset on how to audit, look for, analyze and feedback. That data for that publisher, and they’re typically going up against someone who is a broad SAM practitioner who has broad licensing knowledge, but doesn’t have that deep level of knowledge.
So it’s pretty easy for them to railroad that person to say, Hey, we’re right because we know this so well and you’re wrong. Therefore you owe us this money. That position puts you in a bad negotiation spot.
Kris Johnson: Yeah, this aligns exactly with our methodology that we train our clients on. The burden of proof is on the licensee and you better know your proof and it’s not likely that you’re just going to inherently know the nuances of license metrics.
And how products have changed throughout time and how they’re counted, where that gray area is in the contract, how that contract language has evolved over time. The relevance of your different support renewals on that contract and your different purchases, et cetera. This is where outside expertise from someone like yourself that has been on the other side or myself auditing on behalf of some of these publishers really is invaluable in those situations.
Like you said, to level that playing field because. They are absolutely expert in what they do it every day. If you’re knowledge and understanding of licensing comes from being audited, then you’re just getting owned time and time again, and so you get some outside help.
Ben Morgan: I would say the most powerful thing that a customer can have is knowledge.
And knowledge about that product, and I think that’s one of the things that a attracted me to Anglepoint, as well as put me in the seat is, and gave me some perspective of the other side, is the primary thing that we’re delivering to our customers now is effective license positions and recommendations on what they should do for specific publishers.
What I will say is, as I indicated about the current SAM tools and their reports, I will say that this never happened, but if it did or if. I’m sure this has happened cuz you’ve been in, in this seat for a lot longer than me, Kris. But if I started a Quest audit and I said, can you please provide me with this data?
I will analyze it, return to you, and you said, and the customer said to me, Yes, I will provide you with that data. But just so you know, I work with X and X organization, be it Anglepoint or somebody else. I pulled this exact same data. I’ve had it analyzed by someone who has experience with Quest Software, and I’m gonna match that up with what you provide me back from your analysis.
It’s gonna make me realize that they’re paying attention and managing their Quest software at a much higher level than someone who’s relying solely on a SAM tool or may not have a SAM tool at all.
Kris Johnson: Yeah. Yeah, that’s a great point. I think we’d be remiss if we didn’t mention as part of this conversation that publishers, whether it’s Quest or someone else, they are absolutely within their rights to how they perform those audits.
The degree of aggressiveness customers may not like or agree with, but it doesn’t change the fact that publishers are just exercising in most cases a right. There’s a lot of gray area in what the extent of those rights are. This is where also part of our training to our clients in Anglepoint audit response methodology is keeping the publisher to those exact rights to, they may have a right to audit.
There’s a gray area as to what that audit entails and how it’s conducted, and that’s where expert knowledge and experience in this area can help a customer keep the auditor at Just those clear. Bright line rights that they have, which oftentimes is less than the publisher would like. Oftentimes they’re just trying to get in the door and then land and expand.
But if you can, yeah, you have the right to come in the door and breach the threshold, but you’re not getting past the entrance kind of thing because of. The ambiguity in the agreement and the fact that yes, the burden of proof is on us as the customer and we’ve done our homework, and here is the proof.
Even leveraging an outside firm with that expertise to do that, then you’re able to minimize the potential risk that you have in some cases, maybe even being taken advantage of because of that big asymmetry between expertise and where they’re doing this every day and you’re just responding to these maybe a few times a year.
Ben Morgan: Yeah, I think that’s a really good point. A couple things in there I’ll add. People don’t often realize that the reason why compliance programs exist is because in most cases, it’s the only way to effectively protect the only product they sell because it’s all intellectual property, they don’t have the ability to limit production or be able to curtail somebody making that product somewhere else.
It’s easily copied and easily deployed, and therefore the only ability they have to control is to audit and make sure that customers are staying within the contractual agreement that they signed. So this is, and obviously publishers interpret that in different ways of how they go about that, but that’s really why the they exist, is to protect the intellectual property.
I will say I see a lot of customers spending a lot of time and money and effort. On the reactionary pieces of software asset management, right? Determining how much is deployed, determining exposure, determining future spend, all those things about what’s already happened or what will happen in the future.
Looking at what you’re agreeing to, especially if I go back to both Quest and attachment, I don’t, most people didn’t realize that there was audit rights. Most people didn’t realize that in those contracts, it states specifically, if you’re found out of compliance, you have to pay. List price, back, maintenance interest, all those terms are within those contracts, so it’s very important for your SAM practice to also make sure that they’re involved with procurement at the beginning of those license for that software, those software purchases, because that’s really what will help bolster your going to those rights in the contract, which is, doesn’t have audit rights.
You may not be able to remove them, but you can limit what your exposure is. In the event that you’ve mismanaged your software,
Kris Johnson: just having gathered and analyzed and understanding the whole body of terms and conditions that your organization has agreed to. And that can go back 10, 15, even 20 years, right?
Where there’s some portions of your estate that are governed by some terms and conditions, some portions of your estate that are governed by other terms and conditions of the same software. And that is notoriously difficult for customers to get their arms around without the outside help to do this. Even knowing what questions to ask, where the gotchas are, what to look for can be a challenge.
We’ve covered a lot of ground here. Ben. I want to thank you for taking this time and imparting. We’re really excited to have Ben at Anglepoint to leading our specialty licensing team, where he covers a lot of the publishers that we’ve talked about today and others we’re. Hopefully this has been beneficial to ITAM executives and practitioners alike, and hopefully you’ll join us for our next podcast as well.
Ben Morgan: Chris, I appreciate it and looking forward to continuing to work with you.
The ITAM executive is proud to be supported by Anglepoint, a better way to manage software. Anglepoint helps the Global 2000 reduce their costs and mitigate risk in their software and technology assets. Anglepoint is a leader in SAM and ITAM projects, thanks to their team of uniquely experienced experts from across the industry.
Anglepoint’s Managed services provides you immediate access to the people, processes, and technology you need to optimize your entire software estate. To learn more, visit anglepoint.com/schedule.
You’ve been listening to the ITAM Executive, brought to you by Anglepoint. Make sure to hit subscribe in your favorite podcast player and give us a rating. Thanks for being part of the ITAM community. Until next time.