Software Audit - How to Best Prepare for an Audit

April 16, 2019

Matt Ward | Softcat

Darren Wilensky | Product Manager | Ivanti

It's not a question of IF but WHEN your organization will get audited. Get the latest advice on how to handle an audit request and best prepare what the auditors are looking for.

What to Expect

Matt Ward from Softcat PLC and Ivanti Product Manager Darren Wilensky will provide advice on how organizations can best tackle software audits

  • Know what software assets you have and you are entitled to
  • Understand your current SAM maturity and how you can advance
  • Explore best practices for gathering the required audit data and to stay compliant

Transcript:

Female: ...best prepare for a software audit. My name is Maraica [inaudible 00:00:04] and I'm part of the product marketing team here at Ivanti. Some housekeeping rules before we get started: you are currently muted, but if you have any questions that are coming up during the webinar, please feel free to send those to us using the Q&A panel here in Webex. We'll take some time at the end of the webinar and make sure that we can answer your questions at that time. Presenters today, Darren, if you could move the slides, are Matt Ward from Softcat PLC who also currently sits on the Microsoft Global Software Asset Management Partner Advisory board. And I'm assuming now very busy right now to writing ITIL's Guide to SAM V4. Welcome, Matt, today. Thank you for joining our session.

Matt: Thank you and welcome everyone.

Female: And we also have on board Darren Wilesky. He's our senior product manager for ITAM here at Ivanti and he's bringing with over 20 years of experience with IT asset, IT service and IT operations management solutions. Thank you, Darren, for joining us today. And so thank you both Matt and Darren for leading this great topic for us today. And without further ado, I'll hand it over to you to help us understand what to say and most importantly what not to say to an auditor.

Darren: Thanks Mariaca. Just to go over the agenda of what we're going to cover. So we're gonna initially start off talking about, you know, why SAM, get a little bit into SAM maturity and where you may fit and then talk about best practices, what customers are doing. Then looking at SAM from a vendor's point of view and then wrapping up on how Ivanti could help.

So that was Matt and myself, one more time. So why SAM? You know, why even engage in software asset management? What's the point? So there are a lot of different business drivers. Whether it's fear of an audit, issues with security, unsure if you have different software in the estate that may be more prone or vulnerable to attacks, perhaps your issues are trying to manage the lifecycle of software, making things or making sure people are using software that's up to date and still supported by the vendor. Maybe your issue is purely a regulatory obligation, something like GPDR or if you're in the finance or healthcare industry, other regulatory obligations. So there's a lot of business drivers for IT asset management and software asset management in particular.

So managing software is and can be very complex depending on what's in your estate. Nowadays, you know, we're not just looking at endpoints of desktop and laptop and physical servers, but we have a lot of virtualization of servers, virtualizations of desktop, we have the Internet of Things where everything is connecting to our networks whether it's mobile devices or tablets or a whole plethora of other IOT devices. We've got the cloud, whether it's public, private, or a hybrid approach. So there are a lot more variables in the equation in trying to manage your software. And that's just what we're trying to trying to show here. So it's not as simple as it was and it probably will continue to get more complex as we go forward.

So some concerns we typically have when we're thinking about software in our estate are, you know, trying to understand, you know, what software are we entitled to use. You know, maybe not sure, maybe I am I entitled to use this version of, or this edition, or perhaps I have access to SAP or Salesforce or some other products that might be opened up where anyone can access anything and I'm just going to be charged from what I use? But I'm not sure what I'm entitled to use or what I should be using. Perhaps my concern is, you know, one of whether or not I'm in compliance. So you know, this is one we hear a lot, you know, people are engaging on a SAM program or SAM initiative because, you know, they're afraid of an audit, whether it's internal or external and they're not sure of where they stand in terms of are they using the right amount of licenses for what they've purchased. So you know, whether or not I'm in or out of compliance is a concern we typically hear.

And then, you know, today's session trying to focus on audits is...a big concern is, you know, what should you provide to an auditor when you're being audited. Especially if you've not gone through an audit before, especially if it's a particular vendor, because whether it's Oracle or IBM or Microsoft or Adobe, any of the big vendors, they all kind of operate a little bit differently and they all have different tactics. So trying to understand what information you should provide or shouldn't provide is pretty critical, and something that, you know, I know a lot of customers and prospects are concerned for.

Matt: I'd certainly agree with you there, Darren. I think, you know, if we look at some of the software vendors these days, they're using that compliance piece to potentially push you down the cloud route or another route that they want to go. I think Gartner, in April, just released a statement saying that the vendor audits are increasing. So rather than thinking that they're going away because cloud will sort everything, I think the vendors are really increasing that audit activity.

Darren: Absolutely, that's a great point, Matt. And talking about that point, you know, why organizations really need software asset management, here's just a few little tidbits we found from various research companies. But, like Matt was saying, Gartner just released its statistics that, you know, in the next...through the year 2023, the amount of audits are gonna go up quite dramatically. So, you know, a lot of times we're thinking, you know, we moved to a SaaS subscription model, you know, we're not really going to be audited as much. And that's how a lot of, especially companies like Oracle, are really pitching their new products, trying to get you onto their cloud, as they're trying to give the idea that you wouldn't be audited as much. But you know, Gartner and some other organizations feel that's actually the opposite of what's going to happen.

So anyway, if you look through some of these, you know, this is typical, not just with SAM, but also with just, you know, ITAM in general. Whether it's hardware or software, the discipline is pretty similar across. So things like 25% of organizations still using spreadsheets to track whether software or hardware, whatever it may be, that's a very large number. And we think about spreadsheets, you know, Microsoft Excel's probably the most popular and, you know, 30 years ago it was a very powerful and cutting edge tool. And you know, it's still a great tool, can do a lot with data, but it's not something that's scalable. It's not something that you can rely on if you're a large organization. And it's something that requires a lot of manual intervention. And with all the complexities around SAM, you really need automation.

You cannot rely on any extended manual intervention because it's just not scalable and it's just not accurate. So that goes down, you look at the last statement here about incomplete records, which is basically, you know, just not having that full visibility into your assets. And when you're using things like spreadsheets, if you don't have good processes in place, if you don't have tools that can really show you your compliance and give you visibility into, you know, what are the product use rights for these different products I'm using in my estate, it's really hard to do. So, you know, because of that, we see that data accuracy usually causes...issues of data accuracy causes organizations to spend 10-plus hours a week resolving issues. And I'd argue that that number's probably well over 20, 30, 40 hours when you look at it from the standpoint of how much time this is taking away from other groups.

So if you have help desk tickets being worked on and you don't have a complete CMDB or AMDB and it's causing additional time to figure out, you know, what is this device? What is this software, who owns it, who paid for it, where'd it come from? Things like that, you know, really extends out the time and makes you a lot less efficient across the entire organization. So you know, this is something really all organizations need.

So, talking about software asset management, and I'm sure a lot of you already have programs in place and have processes and tools to do this, but we just kind of wanted to talk over, you know, what information do I need to properly do software asset management? And basically, it's three different questions you have to be able to answer. The first question is what is in my environment, what am I using? And so we have to understand, you know, what are all the devices, all the software in the estate, what is all the relationships of things, especially in the data center. So when I say relationships, I'm talking about, do I have virtual servers or partitions or VDIs? And you know, how are these things related? Because when it comes to software, it's very critical for a lot of products understanding if something's installed on a VM, part of a cluster, how many cores, you know, what type of CPU, all these different things.

To go along with that, I also have to understand, you know, what's my organizational data, so who are all my users, locations, my business units? Whether you track down to a cost center or you only track to a department level or division, whatever it may be, you need these things related back to your devices. So you understand if I have a user base license, okay, I need to know where it's installed, who's using it. So that's the first question, you know, what's in my environment? What am I using?

The second question is, you know, what did I purchase? You know, it sounds very straightforward, but in many cases could be quite a daunting task especially if you're purchasing software, you know, 17 different ways across 5 different departments and you've gone through mergers and acquisitions. Trying to find legacy procurement information can be very difficult. So you have to really understand, you know, what did I request? What did I purchase and what was invoiced? And again, those things should also be tied back to different users, departments, cost centers and things of that nature.

And then finally, when we're talking about SAM, the last question we have to answer is what do we need to maintain compliance? And this is where I have to not only understand all my contract information, which would be pertinent for hardware asset management, but I also have to understand my license metrics, my product use rights. So did I purchase SQL Server 2016 Enterprise, maybe I purchased three different SKUs. Maybe one SKUs gives me a secondary right, I can have an additional server, install another server, or maybe one license was an educational license, you know, so I have to understand how this is actually licensed. This is where it gets a bit more complex beyond hardware. And if you can answer those three questions with accurate data, then you're in really good shape. But step one is really making sure you have this data available and can get it on refresh on a regular basis.

So to get this data and to really progress with SAM, you really need collaboration across the entire organization because it really impacts almost every group, whether it's HR, whether it's finance, procurement, whether it's from your vendor, there's a lot of different needs and processes and actions that have to take place when you're talking about the process of bringing software in and out of your environment. So whether it has to do with the process of requesting something, whether it's evaluating what vendor you're gonna purchase it from, whether it's getting approvals internally to pay for something, whether it's paying forward, invoicing, upgrade, whatever it may be, you know, it really touches each division. You know, you think about onboarding and offboarding a new employee, well now you're bringing HR into that equation along with everything else you're seeing here. So it's really something where you need buy-in and cooperation and collaboration across your entire organization.

And typically, if you're just getting started, this is something that you may have some hesitation from certain groups. You know, especially when you're bringing in the contract group and finance, they do things very differently, typically, from IT. But it's real easy to show the value, whether it's ROI, whether it's enhanced security. So typically when you first go on to this journey, you get some hesitation, but then you start showing value, then everyone kind of wants to get on board and be a part of it so they can also take advantage of that value.

So we basically broke down this whole process of how you would do SAM into four steps. Step one is really discovery, which is fundamental to any ITAM strategy. You know, getting visibility to what hardware, software you have in the estate. You know, what all those different, how those things are related, whether things are virtualized, whether things are part of the, you know, partition, physical or logical, it doesn't matter. You just have to understand what is actually there. What am I having to manage? What do I, what am I using? You know, this can include a lot of different integrations where you're pulling data in from multiple discovery sources, wherever it may be. But step one is really get that insight of seeing what is actually in the estate. And that's not gonna tell you what you've purchased, it's going to tell you what's there.

Step two is then do your normalization and reconciliation. Again, a lot of times you have many different sources of data that needs to be more normalized. If I run three different discovery tools scanning for Microsoft Office, I may have one tool pull back Microsoft Incorporated Office. One may not have the incorporated, one may have a different abbreviation, maybe one pulls from the registry, one's pulling from add/remove programs. It just really depends. So the data in most cases is not normalized enough to use, so you have to run it through a cleansing process.

Step three is to get that insight of your compliance. So now you have this information, now you can understand a little bit better of what's there, what you're using. And then step four is to take action. This is where you may do things like reclamation of software so you can pull back all these different licenses and installations of things you're no longer using or maybe things that are out of date and no longer supported. Or maybe there's software out in the estate that was never supported by IT and is something that should have been blacklisted because of a vulnerability and now you can bring that, pull that out. So not only saving money but also reducing your risk. And now Matt, I'll turn it over to you to talk a little bit about SAM maturity.

Matt: Thanks, Darren. You know, from our point of view, there are certain stages within the maturity and it's mostly after time. If you go to the next slide, please, Darren. So traditional SAM is failing really, I think. You need to understand where you want to get to with this stuff. If you want to be...if I take, for example, the basic SAM there, that's typically where most customers are that we see. You're very reactive. It's done as a part-time job. You know, you could have a high rate of vendor audits. It's not consistent. You don't have a process for it, just everybody drops everything and, you know, goes and helps the vendor audit. You've got unbudgeted spend, poor visibility, lack of control. License management tends to be in silos across people's divisions, so, you know, server guy will look after the server software. The desktop guy will look after his software. Somebody else somewhere else might look after something else.

And we do find [inaudible 00:18:00] renewals. And of course, going back to Darren's point about spreadsheets, what we're finding is very common is spreadsheets are great, but they sit on people's desktops and the knowledge leaves the business when the people leave. And then people just simply lose control of what's being installed. I guess in the more mature markets like the UK, we are seeing a bit more of the standard sandwiches, you know, being a bit more proactive. We talk about by the time the vendor comes knocking on the door, it's too late. You've got vendor audit ready, which means that you've done an audit yourselves already. You've got yourselves in a good position. You've got a handle on all of those major vendors. We are very hot in the UK on the tail end stuff at the moment, so I think most customers in this mature space have gotten a handle on their major vendors, what we call the tier one vendors. So they're the big vendors that you would have all heard of.

And of course, going back to Darren's point about discovery, you've got a single pane of glass. You can see absolutely everything on your estate. Typically there's processes being followed. We do see some customers then start to light that data up and put it into ITSM, so things like your CMDB or your service desk tool. We're seeing some high levels of automation in the UK now so, you know, people understanding that some of the grunt work... I liken it to the days of the service desk when you, you know, all of a sudden people automated password resets on the telephone or somebody could send an email to request a piece of software and it automatically got installed.

Automation really in SAM is doing that stuff. So it's taking probably your top 5, top 10 processes, stop somebody getting stuck in the operational weeds of this stuff and just automate it. And of course, following on from Darren's point earlier on, which is, you know, the SAM people have a good working relationship with all IT departments. It's not seen as a blocker. You're not known as the software police. Actually what you're trying to do is a really good job, making sure that people can get software quickly to their machines. The more mature SAM customers, and we've got these, and this is probably a three to five-year journey. You know, they're dynamic, they're preemptive, they know that vendors will come knocking. So they know that the ones that are more proactive, they've probably got an additional tool set functionality, as I said to, you know, CMDB linked to service desk.

Interesting one, the cloud integration and cloud SAM optimization. I don't, I think it's less about compliance in that space. It's more about optimization, continual optimization, and governance. And I think, you know, typically you going out and buying a certain level of agreement for all of your users is a thing of the past when you're a mature SAM customer. Actually what you might find is 25% of people need this one, 25% of the people need that, and head off this 50% of the sales force might need this. So you're mixing and matching the software. You're not buying it all the same for everybody.

Darren touched on it earlier. We've got the, you can light up the data for the other areas of the business like GDPR, security, ITSM, procurement. If you're a global company, you might start to look at global agreement consolidation rather than multiple regions. You might look at preempt renewals, strong negotiating arms. What do I mean by that? Well, I mean, you know, knowing exactly what you have installed versus what you own, having a fix on the vendors a strategy for the next two, three, five years and really going out and helping purchasing negotiate a decent deal. We're finding that simply saves between 5% to 20% of the software spend per annum, so it's a big thing. And the other thing that we're seeing more of the mature customers, because they've got a handle on the larger vendors, they're then turning their hands to the Red Hats, the Linux, the open source management, they're making sure they're in line as well with their SAM processes. We're also seeing that for a tail-end software.

So Darren, if you want to go to the next slide? So what do I mean by all of this? This is just a visual that might help you understand that. So traditionally SAM sits in IT Ops. You're very reactive. You might give a bit of detail to procurement. You certainly probably won't work with the business and the demand generation coming in.

If I go to the next one, there's a slight typo there, that should be mature SAM there but, what we're seeing is the mature SAM customers have moved that sort of SAM function out of the ITAM Ops and have moved it into the center of the business is part of IT, as part of the process. So you're lighting up the data for procurement, you're during renewal notifications, you're not missing anything. You're lighting the data up around usage and metering of software. You're helping procurement go out and negotiate a better deal. And of course the business, you know, if you know what's coming around the corner from the business and the demands, you can plan for that as well from a software licensing point of view. So the benefits there, as I said, we're seeing customers claw back 10% to 20% of their annual software spend by making that a more mature function. Thanks, Darren.

So a good example of SAM data lighting up other things is GDPR really, that's a really good one. You know, a lot of the SAM tools out there will highlight to where there might be personal information. So GDPR is probably the most hot topic that we use around this, although you can, you know, as Darren said, regulatory, whatever vertical you're in or organization, there'll be some of these sort of things that you need to follow. You know, just simply by knowing, you know, how many devices are out there. WannaCry was a really good example. We had a virus, you know, and the people that got hit were the people that didn't know that they had the Windows 2003 servers in their environment and they weren't patching them. So my point here with this slide, and it's quite wordy is, you know, if you've got the devices, you can manage them. You'll know where they are, you'll know what's installed on them, and you can make a really good decision about what to do with them. And with GDPR obviously and the large fines that come out of it, that's a good one to sort of concentrate on, really.

Next slide, Darren, please. So, you know, where are you? I guess, where do you start? You know, where are you? You've done your ELP. What do you mean by that? Effective license position. What do I own? What have I got installed and what the difference is? Now, you've got to keep that going. This shouldn't be a project, right? You should keep it going. You need to decide from that vendor, whatever vendor you choose, you know, is it worth doing it monthly? Is it worth doing it quarterly or is it worth doing longer? If you've got a global Microsoft agreement, for example, they do a true-up once a year, so do you need it monthly? Probably not. You might do it quarterly so there's no nasty surprises and you might start, you know, nine months before the true-up to understand what you have installed, but also what your strategy is as a business and also what Microsoft's strategy is moving forward and then you can join them all up together and negotiate.

You might want to think about a managed service. You know, typically on average, a customer will have about 1,500 vendors on their network. It's impossible to manage them all. You know, you might want to get a partner in [inaudible 00:25:58] to help you with that managed service, take on your biggest five, probably reduces your risk by 80%. You certainly could do it yourselves if you've got a team. We do see teams, especially small teams in organizations, getting bogged down with the operational weeds as we like to call it, you know, that requests for software, understanding software. It's a tough job, right? I mean I've got guys that are fantastic in my team and they can't keep on top of it. You've got to do all your software vendors. One of my guys will specialize in one vendor, so it's almost impossible to do it without some outside help at one point or another.

You could take a hybrid model, which is, do some of the stuff ourselves, lean on a partner, and you know, let them do some stuff. Let them train you as you go along, let them help you get the maturity. But actually, at some point take on some of the stuff yourselves as you feel comfortable. And my advice is, already, is to move down the food chain. Do your largest vendors first. We talked about the long-tail assessment. You know, don't ever forget about those long-tail softwares. What I mean by that, well you should have a look at that long tail. Make sure that the renewal at least gets noted. Making sure that you know, you're looking at it from a technology pillar. We see a lot of overlaps in this tail end stuff. A good example of that is PDF software. Why do you need seven different PDF softwares in your environment? You could get a better deal by going with one vendor, but also your support will benefit because you're only supporting one. And there's lots of other benefits that you could do by just minimizing that long-tail software within your estate. And of course, a good byproduct of SAM is that you're going to get some really good hardware asset information as well. Right, Darren, next.

So I just wanted to talk to you about a vendor's point of view. We sort of touched on it earlier, really, about Gartner saying that actually rather than vendor audits reducing, they're actually going to get more and more common. Here's a couple of stats here. So for every Pound a vendor spends on audit, on average, they're getting back about £28 back in lost revenue. For me that was a, you know, it's been around a while, that one, it's definitely a startling fact. The revenue driver, make no bones about it... You know, the reason they're doing all this and it's linked quite nicely to point one, is that it's a revenue driver. Be no surprise to you that the SAM teams within the software vendors are always the first ones to hit their targets. And of course, we touched on it slightly earlier, which is it's a way to push you to adopt the latest technology, cloud being the big one.

A lot of these vendors will mitigate any of the risks that they found as long as you sign up to their latest and greatest. I do think that, and we shouldn't paint vendors as bad guys. I think, you know, managed by a partner properly, some vendors can be very useful. They can open you up to a lot of resource. You can understand their strategy, but I think you've got to get to a point where you know your own estate first before you can start sharing some of this stuff. Attitudes are slowly changing within the vendor landscape. I think Microsoft is a really good one where they don't have an audit team in the UK anymore but they are certainly preaching about the benefits of software asset management. And really what they to do is come to the table, you know, a three-way relationship between your LSP or your vendor, your reseller and you yourselves and...yeah, you, partner and reseller I think is really where they want to head.

And I think, you know, if you have an open relationship with these vendors, they can really open doors for you. And what we really encourage in the UK is benchmarking within your peers within the same industry. I'm not suggesting for a moment you should go over and discuss intellectual IP or anything like that but, you know what, in the UK here, we've just got together all of the industry, the construction industry firms, the large ones in the UK. Once a quarter they sit down, they talk about topics. They're not sharing projects or any of that intellectual IP, but they're talking about commonalities around vendors, where they're going from a technology point of view, how they're helping customers and it's a really good field group around understanding and I think, talking to a lot of the individuals, they get a lot out of that group. And I can't stress how powerful that is really. Right, Darren. Thanks.

So, you know, the fundamentals of software asset management really is about people, process and technology. So I think more and more it's about maximizing the value in those assets as I said to you before. Making sure you've got accurate discovery but don't go out and think that one glove will fit everybody. It doesn't. You know, you might have a mixture, once you've been able to understand your estate and what users are wanting and needing, you can quite easily go and match that to what they need and reduce costs. The optimization and reduce risk, well, that goes without saying. And the compliance, which I think is getting less and less, but still out there at the moment, and I think it will be out there for the next 5 to 10 years. The renewal efficiencies I think is a really good one for us, which is, you know, making sure that you're lighting up the data for those procurement guys.

If you've got a handle on what's installed, where you want to go, what the vendor strategy is, you can really start to drive those cost efficiencies. And we've got some really mature customers and we're really driving end user experience. So what do I mean by that? Well, if you've got a really nice website where somebody can go with a software store, you've already simplified your software estate because you're only publishing what you want to support on it. That end user can go to that software, he can get that piece of software. There can be an automated workflow for approval [inaudible 00:32:29] it and with technologies these days, you know, we can install it within 20 minutes, you know, so you can really... Don't underestimate that good experience and that satisfaction from an end user. Software asset management has been seen for many years as the software police or the blocker as I said before. If you get this right, you can really drive that end user experience.

Darren: Yeah, and that's a great point, Matt. Something that comes out of that end-user experience is your ability to recruit better talent because as we know with social media and all the different outlets today, if you don't have...when it comes to and user experience, you're also talking about onboarding and offboarding people. So, you know, if you start a new job and you're somewhere and day one, you're not able to work or be productive and it takes two weeks for you to get your equipment and get all the software you need to do your job, it's not a very good experience. And that information, that experience gets out there. And so when you are able to improve end-user satisfaction internally, that gives you the ability to recruit better talent, to keep the people you have, and the happier your employees are and people leveraging this, the better it is for business, you know, the more productive people are. So it really has an impact across the entire organization.

Matt: Yeah, I agree. I agree. And, you know, some of the more mature customers that we have, for example, we've got one that has 120,000 visitors a year to their organization. It took everybody half an hour to sign in, get wireless access. We reduced that to about two or three minutes per visitor, you know. So once you start getting the basics of this, which is things like, you know, requests for software, getting a piece of software on a machine, you can take this so far. You know, even down to meeting rooms and having a piece of software installed in a meeting room that somebody can use. Or even we've got people booking meeting rooms with automation because once you get the basics in there, you can build and build and build on it.

Darren: That's right. [inaudible 00:34:43].

Matt: Yeah. So let's go to the next slide, Darren. Over to you then.

Darren: All right. So how can Ivanti help you with this journey? So, at Ivanti, we have five pillars of products here. You're looking at the screen, you're seeing endpoint management. We're seeing service management, identity security. So where does asset management fit into this? Asset management fits right in the middle, right in the center because it's really the glue that holds all of IT together. Asset management, as Matt was saying, really can help improve, you know, your ITSM, your security, you know, when it comes to onboarding and offboarding understanding, you know, what device, what piece of software, that ties into asset management. Being able to understand what software should be there, shouldn't be there. You know, when you can give that information to security and say, okay, we have this many devices out there with this software on it, this is who is using it, you know, that's information that allows security to take action. So it really helps all across IT and really all across the organization.

So what we have at Ivanti in terms of the ITAM portfolio are these four products. So the first product in the portfolio is Asset Manager, which is an asset lifecycle tool. So this is the tool you're able to manage all of your assets, hardware or software, from cradle to grave. So the ability to request something through purchasing, through receiving, through the use of its lifecycle, through disposal and keeping all that information so you have a holistic historical view of an asset. So if you get audited, you can show how this asset was used, who used it, what was on it, where it went. This is the tool you would use to be able to do things like do vendor management.

As you have assets coming in and out of the estate, you can see, you know, maybe I've purchased 25 Lenovo desktops this quarter and last quarter I purchased 25 from IBM and I can see that, you know, the ones from Lenovo performed better or the ones from IBM have significantly been costing me more each purchase and just being able to have that information. Or maybe you want to manage your contracts or maybe, you know, you are more closely tied to procurement, want them to have a better way of understanding what you've purchased and have integrations, so you can automate some of that, those processes around procurement. So that's our lifecycle management tool.

Then we have License Optimizer for client and server, which is one tool, two SKUs. And this is our software compliance, software asset management tool to manage really what we're talking about today, being able to manage your effective license positions, being able to understand all the different product use rights and having the normalization engine from our library that understands that I've discovered Microsoft Office Professional 2016 and I'm allowed to have this installed on one device, it's a device-based license. Or I have Office 365 E5 in the estate, I have 20 users using it, each user is allowed 5 installations. I found it on five machines for all users, but I'm only counting it as one license per user because in the library it tells me this is how this piece of software is calculated. So, that is License Optimizer.

We have a new product this year called Optimizer for SAP, which is specific just to SAP licensing. I'm not sure how many people on the phone have SAP, but I believe the statistic is about one-third of all organizations are leveraging SAP. And the reason why SAP is different is SAP is just a licensed a bit differently. So they have different metric engines they're licensed by and they license by user, but SAP has to pool their information from all their different clients. So basically these different SAP clients get pushed to your estate and that's what tells them the usage or consumption and that's what they read. So this tool goes out and reads all the information from all those different SAP clients and then has all the different calculation engines and can make recommendations around optimization. Because SAP is one of those products that you may assign someone a low-end, standard profile, but SAP doesn't restrict what a user can do once they're in the system. So you may not have been given a profile that allows you to access the procurement module or HR module, but in SAP you're allowed to, you can access things above your profile.

And what happens is, after the fact, SAP comes back, they view their clients and say, "Okay, I see this person. They only had a regular license, but they've been leveraging things that requires a professional plus license. So instead of paying $500, we need 5,000." And that's where it gets really tricky. So this is a different piece of technology. This actually goes out to those clients, pull that information in and allows you to optimize.

Finally, we have what's called Data Center Discovery, which is an agentless server discovery tool which fits nicely with License Optimizer for Server as this pulls all the discovered information needed for license compliance. So this is really the ITAM portfolio. There's another product that comes in. We're looking at a License Optimizer for Client. We do bundle it with our EPM discovery, which is client-side discovery. So when you do purchase License Optimizer for Client, you are also getting EPM discovery module.

So, but that EPM falls under a different pillar, so we don't include it. It's not part of our portfolio, but we work with it and it does come with License Optimizer for Client. So, you know, the two main products are really, when you're talking about software, License Optimizer. So being able to get to an ELP, being able to establish your compliance and then being able to do optimization. So, you know, wouldn't it be nice if I can go out and understand well, I have, you know, 100 Adobe Professional Plus installations out there, but only one person has used it in the last 90 days and they opened at one time. So wouldn't it be nice if I can go out, just reclaim all those and stop paying maintenance on that? So I've just gone out and saved 30% of my Adobe spend in a matter of minutes.

You know, maybe my issue has to do with, you know, I'm using a lot of versions that are out of date and they're no longer supported. So if I have, you know, critical processes, leveraging software that's no longer supported and something happens, well that's something I need to know. So I want to know what's all the software that is already gone end of life or is about to go end of life. You know, could I have some notification or report sent to me so I can take some action before that happens? So that's License Optimizer.

And then Optimizer for SAP, like I was saying, it goes out, it pulls your usage or consumption from the SAP clients. It can do optimization, so it can do things like understand...with SAP there's something called indirect access. So you may have a backend process, you know, reading or doing something, sending information to an SAP client, you know, not coming from an end user. And, you know, you really don't have visibility into that because it's something you don't really think about. But SAP several years ago started auditing for this without really telling customers. So you know, there were lots of audits, very costly, millions, multimillion-dollar audits that people failed because of indirect access. So this tool [inaudible 00:43:06] to go out and read that and tell you, you know, so you can start looking into things and take action. And then being able to fight an SAP audit, as all the calculations and optimizations can be proven out with Optimizer for SAP. So, you know, if you show that you're only using X amount and SAP comes back and says, "No, you owe us money because you're using Y amount," you're able to show the work of how those calculations got done, and the same thing for License Optimizer. So there's been many audits we've been able to defend and show and prove that our information is accurate. And that is it. So I think we'll turn it over now to Maraica and field any questions anyone may have.

Female: Yes, thank you, Matt and Darren. that was very helpful. There was a question around the presentation, so we will follow up with the presentation as well as the recording of today. And then there's another question around if I have an inventory solution already and more spreadsheets, can I use these to be imported and how does that work to then start to get to my EOP? Can you comment on that?

Darren: Well, I'm not sure which tool where we're talking about, but whatever tool you may have, if you have an Ivanti product or you have something else... In terms of Ivanti, if we're talking about Asset Manager or licensed optimizer, we're able to take in data from any source. So if you have something that is on a spreadsheet, you would be able to import that data. If you have something, if you're already using something like our EPM discovery, we have native internal connectors which automatically bring all the needed data in into those tools.

Female: Great. Thank you. That's all I'm seeing for now. Just keep it open one more minute... Yep, that's it for now. Well, then I guess we are ready to close the webinar. Thank you again, Matt and Darren, and thank you, everyone, from the audience for attending today.

Darren: [crosstalk 00:45:29].

Female: If questions, yeah, do come up, please feel free to send these to us and we'll make sure to get you answers to these right away. Thank you, everyone.

Matt: Thanks all.

Darren: Thank you.