In part I of Managing Risk you learned how to quickly assess your risk by the amount of software spending your business has performed in the last five years. I love this approach because it works and its relatively easy. And, if you work with resellers, you are bypassing the complexity of dealing with your procurement/sourcing organization.
Part II requires a little more work and will probably take 90 days or so to complete depending on the size and complexity of your organization. But, always start with with you know and in this case, you have identified the top 20% of your software suppliers, comprising 90% of your overall spend.
Key Fact: Know these top vendors and their terms and you have mastered your software compliance risk.
License Types
Let's begin by saying that software is complicated but is easily digestible in chunks. In other words, don't try and understand everything about software when beginning the journey. Simply focus on the the essential core elements: License Types. Also remember that your number one goal is to determine compliance and you don't need a full blown technology implementation in order to determine this. However, you do need a solution if you are going stay compliant.
In my book, all software can be defined as one or many License Types. A License Type identifies how the software product may measured and used from a compliance perspective. Now, each vendor may define a License Type differently but we are not concerned with this right now. Simply, know how each type and how to measure each type from a high level. Let's go through a few:
License Types
- Individual
- Workstation
- Concurrent
- Per Processor
- Per Server
An Individual License Types means one license is assigned to one individual. An individual is measured by a unique name, number or a variant such as an email address. The key here is unique or one license, one person. Don't try and get fancy and think of ways to exploit this License Type...we all know what one individual means. The license may be used by this unique individual for 90 days. After that, if they no longer need it, then assign it to someone else. More on this later.
A Workstation License Type is assigned to a unique workstation. A unique workstation means it has a physical serial number assigned to it. When I think of this license, I imagine a group of scientists working in a lab who have a need to share a device. Each user signs on/off the workstation to use the same device or they use it for experiments.
A Concurrent License means the maximum number of individuals and/or devices accessing the software at any one time. This means the software needs some method of counting the maximum. If it doesn't then we can make projections based on individuals who have the software installed. As long as we are consistent in "how" we count then you are fine and its a point of negotiation with the vendor and shame on them for not developing the "counting" mechanism in the software.
The Per Processor License Types means the license is assigned to a processor (typically on a server). That's right, one license; one processor. But, how do you measure one processor? More details to come but assume for now, your server has one processor and keep it simple and focus on learning the license types.
The Per Server License Type means the license is assigned to a unique server. This is similar to the workstation model and has no limitation to the number of processors, although not always.
Ok, if you look back over these definitions, tell me what you see? Do you see any font highlighted in red? Yep, this is the key to measuring License Types: uniqueness. You have unique individuals, workstation, and servers.
Top Vendors by Spend and License Type
Your goal here is to identify the License Types for each vendor where you spend the greatest sum. Once completed, you will have the following:
Top Vendors by Spend and License Type
Your goal here is to identify the License Types for each vendor where you spend the greatest sum. Once completed, you will have the following:
- Vendor Name
- PO Number
- Product Name
- License Type
- Total Dollar Amount
Now, sort your list by License Type and total dollar value in descending order. Perfect! You have now identified your risk by cost and License Type. License type is the method you will use to count your licenses.
Your software compliance approach and solution should mirror the risks as defined by the License Types. Additionally, you will need to consider the needs of your user community and likely vendor audits prior to the next steps. Stay tuned.
