Ahead of the Compliance Manager Summit 10-11 March in Santa Clara, we interviewed speaker and VP Product Manager at Flexera Software, Mathieu Baissac about his thoughts on compliance and the ITAM industry in general.
Q. Is it possible to deploy compliance aware software and still be non compliant? I.e. does compliance aware lock usage to prevent non-compliance or is it just an information mechanism?
Application Producers have different options as they weigh how strict their enforcement policies should be.
What we at Flexera Software provide is flexibility to deliver a whole range of enforcement across the spectrum of options. Producers determine enforcement policy by understanding their markets and what works best for their customers. For instance, a market need for flexibility would weigh in favour of loose enforcement (i.e. would it be detrimental to the customer or the customer relationship if non-compliant use resulted in a “denial of service”?)
Strict enforcement may be more appropriate when non-compliance would result in significant cost overages untenable by the customer, such as is the case with very expensive software applications – like those developed for the engineering field. It’s critical that producers be able to make their own decisions around enforcement, and then have the flexibility to build that policy into their software quickly and easily.
In addition, there is a new trend towards providing a usage-based license models where usage is captured in the application and then shared with the producers. This is much like a cell phone plan where a customer purchases 500 minutes per month but is allowed to go beyond-and will be billed for the extra minutes at a pre-negotiated price. So “compliance aware” software can offer a full range of compliant and non-compliant use – depending upon the policies set by the producer.
Q. Many software publishers, notably Microsoft and Oracle, prefer a relaxed and open approach to licensing – preferring to allow developers to use their software unrestrained on a trust basis, placing the compliance emphasis on the customer. Can you describe instances of where companies have previously taken this approach but converted to more automated compliance mechanism? (i.e. how do you overcome the objection of allowing developers access to anything they want).
Many producers have moved from no-enforcement to enforcement and have often seen 20-30% increase in revenues by reducing non-compliance as well as by being able to provide different pricing tiers and different pricing models. The reality is that even Microsoft has moved into an enforcement model with the KMS, MAK and other solutions for their new releases of Office and operating systems. They have done this by providing value to the enterprises: (a) management tools (b) reports and (c) web sites with much information. In addition-they use an informational enforcement approach for most geographies. This is a common approach with producers who move from no-enforcement to enforcement. It provides value to the enterprises with tools, reports, etc. It also introduces licensing with a gentler enforcement approach generally, and then once customers are comfortable with this approach greater enforcement, for instance, for particular geographies and/or certain types of customers.
Q. Can you comment on any trends in the licensing space? Perhaps on the impact of cloud delivery and subscription models on compliance?
All of the major IT trends – from virtualization and the cloud, to mobility, SaaS, consumerization of IT and BYOD – have significant licensing implications. Every environment in which software can be consumed, or manner in which software can be delivered – must be licensed accordingly. Software producers must establish the rules by which their software can be consumed in, say, virtualized or cloud environments – then establish how they wish to enforce those rules – whether strictly or loosely. Likewise – enterprises are accountable to those rules, and therefore must understand their usage needs and licensing implications before they make any decisions to migrate.
In addition to the major trends referenced above (cloud, virtualization, mobility, BYOD, etc.), we’re seeing large momentum for usage-based software licensing models. Enterprises are moving away from perpetual licenses, preferring instead to pay for software based on how they’re actually using it and deriving value from it. With usage-based licensing models being added to the current mix (perpetual, subscription, etc.) – this will only add more complexity. As more software ISVs offer usage-based licensing options, enterprises’ software environments will grow even more complex.
Q. What would your advice be to someone who is struggling with compliance issues?
For enterprise users of software, complexity will not go away – and therefore compliance issues are here to stay. Software Asset Management has emerged as a discipline to help enterprises “future-proof” their software estates, and stay on top of compliance irrespective of the changes occurring in the technology landscape. Compliance is no longer something that can be achieved without automation – so enterprises facing compliance issues will need to invest in automation to stay ahead of the curve.
For producers struggling with non-compliance, we suggest that they start looking at either adding licensing enforcement or adding data/usage capture to their applications. We find that audit-based compliance models are losing favor with both producers and enterprises and a new approach is needed for most. Many producers are finding it desirable to take the burden of compliance off of their customers and assuming it themselves. This is a business decision that producers must make.
Q. Looking at the industry as a whole, outside of Compliance what do you see to be the biggest issue for businesses when it comes to ITAM?
Future-proofing the application estate against constant-change: New licensing models, new delivery models, new environments. Producers need to be able to quickly package their code, make money from them and protect their IP in a growing complexity of environments – all while still needing to focus on their core competency of delivering solutions. Enterprises need to efficiently and cost effectively deliver and deploy their apps in ever-changing environments – all while ensuring they’re buying what they need and using what they have.
Q. Where do you see the ITAM industry in ten years time?
We believe that ITAM will migrate from a compliance to an optimization process. The producers will take the compliance burden and ITAM will then solely focus on ensuring that customers get the best value for their money.
Outside of compliance, optimization or spend management is the other side of the coin. Software spend is growing at three times the rate of other areas of the IT budget (6% vs about 2%). Organizations need to do a much better job of managing software costs and getting the best ROI from their software investment. Even as organizations migrate to the cloud/SaaS delivery model, spend management will still be critical, while compliance will be less of an issue.
Q. Finally, many readers of the ITAM Review will be familiar with Flexera Software for their ELO side of the business – please can you describe this side of the business and how it compliments the ELO business?
Flexera Software is unique in that we provide application usage management solutions for both software producers, and the enterprises using that software. We’re in a position to understand from a first-hand perspective opportunities for efficiency, savings and maximum value that exist throughout the entire software license lifecycle – from creation to retirement. Flexera Software’s producer-focused solutions help software vendors and intelligent device manufacturers more flexibly package and productize their code, monetize their software, protect their intellectual property and electronically deliver their software to customers.
Our licensing, entitlement management and delivery solutions complement our Software License Optimization solutions in several ways. First, we help with updating the software to keep it compliant and ensure delivery of updates that customers are contractually entitled to. In addition, by empowering software producers who wish to implement licensing enforcement, we enable them to assume more of the responsibility of software license compliance. When enforcement is built into the software products rather than left to enterprises to manage, customers no longer have to worry about “discovering the applications,” nor monitoring usage and ensuring it complies with their licensing agreements.
Thank-you to Mathieu for taking the time to talk to us. We look forward to hearing from him at the Compliance Manager Summit in sunny California.