I don’t want to jump on the bandwagon and, in the grand scheme of things there are bigger, much more immediate concerns, but I do think it’s worthwhile considering the impact the current Coronavirus (COVID-19) outbreak may have on organisations, and ITAM in particular.
The sudden need for a large percentage of many companies’ workforces to start working from home puts pressure on IT in various ways – here I want to look primarily at the licensing and compliance aspects.
Processes not being followed
There’s no time for processes. Often only loosely followed by many people at the best of times, it seems likely a lot of processes will have been forgone during the rush to get people up and running in their newly created home offices/kitchen tables/sofas. The most important thing will be to keep things functioning at as normal a level as possible – if this means bending/breaking/ignoring processes, I’m sure most won’t have too much of a problem with that!
The most likely result of processes going out of the window is going to be under-licensing. Giving people access to software and sorting the licenses out “later” is probably the most common approach right now but as we’ve seen countless times before, “later” rarely comes…and that’s without a large-scale incident such as we’re experiencing now.
This applies to on-premises and SaaS licenses. There is currently a higher than average need for many software programs and this requires companies to buy more licenses.
The obvious candidates are remote working programs such as Zoom/WebEx/GoToMeeting/Teams etc. While it may have been just a portion of your organisation who used these previously, it’s now potentially close to everyone meaning more licenses are required. Additionally, the increased number of users might push you into the next pricing bracket, making your existing users more expensive too.
Equally you need to look at things licensed on a concurrent basis; VPN software is a prime example. For most organisations, many users won’t typically need VPN software and those that do won’t all be using them simultaneously, so typically the number of licenses will be equal to a subset of overall users. Now that the vast majority of the workforce is working from home, more people will need to VPN both at the same time, and overall, so additional licenses will be required.
Licensing rules and making quick changes don’t always go together particularly well – especially when processes aren’t being adhered to anyway.
One of the primary problems facing IT depts is they suddenly have 100s/1000s/10,000s of users in not just 1 different place, but 100s/1000s/10,000s of different places…and they all still need to carry on working – as quickly and as hassle free as possible.
Q: What’s the easiest way to quickly give lots of people access to software?
A: Citrix and/or Remote Desktop Services (RDS)
Q: What’s the easiest way to quickly become non-compliant with a LOT of vendors?
A: Citrix and/or Remote Desktop Services (RDS)
Companies getting stung with big bills for incorrect usage on these centralised servers is something of an ITAM classic. Microsoft Office on a Citrix server is a well-known example, but several vendors have a similar rule; for example, the Micro Focus v Express Scripts case I wrote about recently had a significant Citrix/RDS element to it.
Additional workload may lead to extra server software being deployed on-premises and/or it may equally lead to increased use of public cloud resources. There are 2 main concerns here:
- If on-premises licenses are being installed into cloud VMs in Azure/AWS/GCP etc. you may be falling foul of vendor licensing rules.
- Rise in ongoing cloud costs. All the usual concerns apply, such as have the resources been appropriately sized and are they being turned off when not in use?
This ties back into the earlier processes point quite well. Getting good oversight and governance around the use of IaaS infrastructure can be difficult at the best of times and now clearly isn’t the best of times.
ITAM and Coronavirus: Audits in the future
While making money out of a scenario like this COVID-19 outbreak isn’t a great look to many, I’m sure some vendors are already marking audits on their calendar for 2022 onwards. I doubt that “coronavirus” will stand up as a defence against non-compliance for long which means some big penalties could be on the table.
Earlier this year, we covered that LogMeIn were acquired by Francisco Partners, the private equity partners involved with Micro Focus, Attachmate and Quest – all known for their audit tactics. We’ve covered audits by Micro Focus and Quest and these stories show the tactics one can face can be pretty onerous…the Micro Focus case involved Citrix and Remote Desktop Services too. Doing what you can now, and in the coming months, to keep things under control – or at least documented – will make things easier for future you when the (perhaps inevitable) audits occur.
About Rich Gibbons
A Northerner renowned for his shirts, Rich is a big Hip-Hop head, and loves travel, football in general (specifically MUFC), baseball, Marvel, and reading as many books as possible. Finding ways to combine all of these with ITAM & software licensing is always fun!
Connect with Rich on Twitter or LinkedIn.