In part 1 of this SAP blog series, we covered SAP’s older indirect use licensing model and some of its shortcomings. To recap, many customers were dissatisfied with SAP’s licensing model, complaining that indirect use was not clearly defined, and that this led to unfair licensing practices and enforcement. Pushed by these complaints, and the visibility around lawsuits involving Diageo and Ab InBev, SAP changed their indirect use licensing model in April of 2018 to the Digital Access Model (DAM).

So what’s new about the Digital Access Model, and did it ameliorate some of the issues with the previous model?

There are two major changes in the DAM. First, the new model focuses on measuring the use of the Digital Core. The new SAP digital core platforms have been updated from SAP ECC to include the SAP HANA in-memory database, SAP S/4HANA and S/4HANA Cloud. SAP also offered a definition of indirect use, grounding the definition in the use of the Digital Core:

“Indirect/Digital Access is when people or things use the Digital Core without directly logging into the system. It occurs when humans, any device or system, indirectly use the Digital Core via non-SAP intermediary software, such as a non-SAP frontend, a custom-solution, or any other third-party application. It also occurs when non-human devices, bots, automated systems, etc. use the Digital Core in any way.” (Source: SAP ERP Pricing for the Digital Age).

By basing indirect use on the Digital Core, customers now have a clearer understanding of the specific instances of indirect use that needs to be licensed. At the same time, SAP remains somewhat vague on how far indirect use extends using all-encompassing phrases such as “in any way” and “any other third-party application.” We’ll cover some potential ramifications of these terms in part 3, but in the meantime, try to grasp Digital Core use in your environment and how your SAM tools can be leveraged to measure such usage.

The second major change that the DAM made was to shift away from user-based licenses, to a document-based model. Instead of licensing the number of users using SAP systems, the DAM calculates licenses based on the number of documents created, regardless of who created them.

The DAM outlines nine (9) system-generated document types that are considered relevant for licensing. The 9 document types are:

  1. Sales Order 2. Invoice 3. Purchase Order 4. Service & Maintenance Document 5. Manufacturing Document 6. Quality Management Document 7. Time Management Document 8. Financial Document 9. Material Document

To count the necessary licenses, SAP multiplies the number of documents by a corresponding multiplier, 1.0 for document types 1 through 7, and 0.2 for types 8 and 9. For example, 10 sales orders would be calculated as:

10 Sales Orders * 1.0 (document multiplier) = 10 licenses,

whereas 10 Financial Documents would be calculated as:

10 Financial Documents * 0.2 (document multiplier) = 2 licenses.

Importantly, license calculations are based on the initial document created, rather than documents read, updated, or deleted.

To give a more concrete example, imagine a customer using a sales management application to store sales, purchase orders, and payment data. Payment data is automatically transferred to the ERP, resulting in the creation of accounting records stored in the SAP system. Since only the financial module is updated through the third-party application, SAP will charge for the total number of accounting documents created in the system and license them based on the “Financial Document” document type.

But let’s alter scenario a bit and imagine that sales orders are registered on a web platform and are ultimately stored in an ERP. In this scenario, the initial sales order generates an invoice order first, and then an accounting entry in SAP. In this scenario, because SAP’s licensing rules specify that only the originally created document is counted, the customer would not get charged for all documents created in SAP (i.e. the sales doc., invoice doc, or financial doc.), but only the original sales order document.

To sum up, the key takeaways are:

  1. Digital Access is based on usage of the Digital Core (S/4HANA).
  2. Digital Access licenses documents, rather than licensing users.

In other words: Digital Access-Digital Core-Document Based

Currently, SAP customers can choose to license their software by named user (the old model) or by the DAM. But how do you know which option is best, and more importantly, less costly for your organization? In part 3, we’ll point out some potential pitfalls of both licensing models to help you make an informed decision about which licensing model is best suited for your organization.

If you want to learn more about how SAP’s licensing models, and how to protect against SAP audits or prepare for an upcoming contract renewal, contact Connor Consulting at today.

Note: This is the first of a four-part blog series

Imagine yourself in this scenario: your company runs an online business that sells products and services to thousands of daily customers and tracks all transactions through an on-premise or cloud-based financial/ERP system. All of a sudden, your ERP software vendor comes to audit you and demands true-up license fees for every single one of your customers that have ever made a transaction through the system, on top of your usual user licensing requirements. Wouldn’t you be disgusted by those findings?

Unfortunately, this isn’t exactly a fictional story, and SAP has recently taken the spotlight in the software industry for similar practices related to indirect software usage. Indirect use, which refers to virtual software use by either humans or bots, is a widely known software asset management (SAM) issue, and it has had major consequences for companies licensing SAP products.

If you’re worried about your SAP licensing and want to prepare for a potential SAP audit or right-size for an upcoming contract renewal, then our 4-part Indirect Use Guide will ensure you are ready to make well-informed licensing decisions for your company. In this 4-part SAP audit defense blog series, we’ll walk you through a brief history of SAP’s indirect use licensing methods, the ins and outs their new and improved Digital Access Model (DAM), key considerations before making the switch to DAM, and a guide to completing an SAP license assessment in about 21 days.

Part 1: SAP Indirect Use Licensing – A Brief History

When SAP first started charging customers for indirect use, they required named-user licenses for everyone accessing the SAP system through third-party applications. This meant that sales representatives and business customers who carried out sales and order related activities through a web platform were also required to be licensed for SAP products. The problem with this model was that it was often unclear what was meant by indirect use and how far it extended, as external users could be making updates to SAP database tables through a non-SAP application. Without full transparency and a clear definition of the users that required a license through indirect use, companies had a hard time managing their SAP licensing.

Understandably, many companies were unhappy with this reporting structure, and several companies refusing to pay indirect use licensing fees were brought to court, most notably beverage companies Diageo and AB InBev in 2017. Both companies refused to pay their initial multimillion-dollar license fees related to indirect use, and SAP took legal action on them.

Diageo’s case revolved around their deployment of two systems using SAP’s ERP interface mySAP. The original agreement between SAP and Diageo was signed in early 2004, and the systems in question were deployed around 2011. Ultimately, a high court sided with SAP ruling that Diageo was liable to pay SAP for the additional 54.5 million Euro licensee fees related to indirect use by customers and other sales representatives. For the most part, this case was settled in public and gave a lot of visibility to SAP’s aggressive software audit practices.

However, AB InBev’s $600 million case was settled in private. According to, this came down to the method of enforcement. By enforcing the license agreement through Commercial Arbitration, the court case was able to be handled in private behind closed doors. For this reason, we still do not know how much AB InBev paid SAP to settle the case, although we know that the case was resolved outside of court.

As a result of these lawsuits, and the subsequent backlash from other SAP customers, SAP announced an improved approach for indirect use in late 2017. Organizations could cover any indirect use triggered by the creation of sales and purchase orders in the SAP system by licensing two engines: Sales and Service Order Processing or Purchase Order Processing. In other words, an unlimited number of sales and purchase orders could be created by an unlimited number of users, as long as you licensed the above SAP applications. However, the new model was not helpful or cost-effective to all customers, and many ended up still having to license indirect use by purchasing named-user licenses.

The Switch to Digital Access

Due to these shortcomings, SAP introduced a new licensing model in 2018, known as the Digital Access Model (DAM). While DAM is still a newer licensing model, SAP has been pushing for its customers to make the switch. In part two of this series, we’ll cover how DAM works, and the main changes from the older indirect use licensing model.

Getting Started with Your Audit Defense Strategy

If you want to learn more about how to protect against SAP audits, our compliance and software advisory experts help you successfully prepare for difficult vendor audits and boost the effectiveness of your SAM programs.

To learn more about our SAM and Audit Defense offerings, contact Connor Consulting at today.

In the first and second installments of this series, we looked at some of the technical details you should think about when evaluating and selecting a Software Asset Management (SAM) tool. In this third installment, we’ll cover what insights your SAM tool should be able to provide once it has collected and normalized the SAM discovery information. Said another way, we’ll look at how your SAM tool can take raw deployment data and turn it into actionable intelligence.

To ensure your SAM tool is properly gathering data, you’ll need to start by ensuring your contracts and entitlements are properly accounted for in your SAM tool. Entering the initial set of contracts and entitlements can be a daunting task and is the most challenging aspect to establishing an effective SAM program for many organizations; however, many tool vendors or third party service firms will assist with entering an initial set of entitlements for your top IT vendors. This is a good opportunity to get your SAM staff valuable experience by seeing exactly how your contracts will be translated by the tool.

At a basic level, an effective SAM tool should allow you to make the corresponding connections between your entered contracts and entitlements to your deployed software. For example, your tool should be able to detect licenses that allow unlimited virtual machines (VM) on a piece of hardware, like Windows Datacenter, and notify you that any Windows install tied to that piece of hardware doesn’t need another license whenever you install a new VM. If your licensing is user based, then your tool should be able to understand when a single user has multiple devices and count the license requirement accordingly.

If you’re looking to further level-up your SAM tool, you can use your contract and entitlement data to produce automated license position summaries for various vendors. These reports will really start to drive value, as they can identify where you have potential compliance exposure, true-up needs, or costly shelf-ware.

Beyond these fundamental license position and reconciliation features, it’s worthwhile to look ahead to what kind of cost-savings your SAM tool will enable you to realize. Ideally, your tool will have technical capabilities that will allow you to start planning proactively rather than being in a reactive state. For example, most of the best-in-class SAM technologies support some type of software usage tracking or metering. They’ll record every time a user starts something like Microsoft Project and provide reporting data on who has it installed, who started the software, and how long he/she used it for. The tool should also draw your attention to areas where you have multiple versions of software installed, or even multiple types of software that provide similar capabilities from different vendors, as there could be opportunities for IT vendor consolidation.

Your SAM team could use reports based on this data to send monthly emails to low-usage users, and determine if they really need that software installed. If you’re looking to further optimize the process, you can consider enhancing your SAM tool to automate sending those emails and even automate the process of removing or reclaiming the software from employee devices to support software re-harvesting.

Of course, usage metering isn’t just limited to users starting software on their desktops. You should also consider your server environments and see if your tool can provide any insights there. For example, could your SAM tool monitor a SQL Server over a month and determine that the CPU usage never goes above 5%? This is a good metric to track for identifying server consolidation opportunities in a virtual environment, or maybe even a conversation with the server owner to determine if a particular server even needs to exist. Again, we come back to your SAM tool acting as a source of data, allowing you to be proactive in your environment and optimize your IT spend.

The final key item you want from your tool is a way to help effectively plan for future IT investments. The usage of cloud services, containers, microservices (and every other buzzword you can think of) is expanding and challenging many traditional software licensing models. What does a CPU socket license mean to an “AWS t2.large” instance anyway? Your tool should be able to help evaluate your current on-premise usage and determine what kind of cloud instancing you need, whether in AWS, Azure, or another public cloud environment. However, a 1:1 mapping of on-premise servers or VMs to cloud instances will almost certainly result in overspend on cloud resources. Instead, see if your SAM tool can help analyze Actual Resource Consumption (ARC)—the actual CPU, memory, and storage usage of your environment—and compare that to what each cloud instance can provide through your selected supplier. Instating proper cloud cost management and governance will, without a doubt, help reduce waste in the cloud.

An advanced tool could also provide you with insights on your application dependencies. This means tracing through the applications your organization uses to see how they are connected and find opportunities to optimize your architecture. For example, you could find servers that are ostensibly part of an application, but never actually receive any connections or do any work! It’s easy to add servers to an environment, but having information at your fingertips to identify where they can be taken out or consolidated is invaluable.

While many of the high-end tools on the market can do some of these calculations automatically, it’s important to remember that without staff dedicated to learning, understanding, and using the tool, you won’t realize the value that you should. Whatever capabilities a tool has, there’s still no “silver bullet” or an easy button that you can press to put your SAM program on auto-pilot. The human factor remains critical for a well-functioning and optimizing SAM team.

If your company is currently assessing or evaluating a SAM tool, considering a SAM technology upgrade, or has questions about what questions to ask a SAM solution vendor as part of your selection process, reach out to Connor Consulting at today.


Among the largest software vendors, Oracle is infamous for its aggressive audit practices. Oracle has built a compliance machine comprised of over 150 practitioners worldwide, known as License Management Services (LMS), which conducts audits of its customers in all major geographies. Due to the complexity of Oracle’s licensing rules and policies, and the costly nature of these software reviews, an audit can last for months until an official conclusion is reached.

Put simply, Oracle’s audits are one of the most feared in the software licensing world and they can bury your IT resources if you are not well prepared.

To help Oracle customers gear up and survive an Oracle license audit, we have compiled a list of common software issues that have caught many customers off-guard, leading to excessive fees paid to the vendor. We also share leading practice recommendations so you can mitigate licensing risks and reduce findings during an Oracle review.

Don’t fall into the Virtual Machine (VM) trap

If you use VMware or other virtualization solutions to host your Oracle products you need to be aware of the difference between soft and hard partitioning. Sometimes known as segmenting, partitioning occurs when CPUs on a server are separated or partitioned into individual sections, each operating as its own individual system. Partitioning can be accomplished virtually by having the OS limit the number of CPUs for a particular server, known as soft partitioning, or by physically separating segments of a server, known as hard partitioning. See Oracle’s official definitions here:

As it relates to Oracle’s licensing metrics, soft partitioning is not permitted as a legitimate method of determining or limiting “the number of software licenses required for any given server or cluster of servers.” Basically, if you’re using a virtual machine to limit the number of CPUs used by your Oracle product and only expect to pay for that usage, you will be met with an unpleasant surprise during an audit. That’s because Oracle will take into consideration all CPUs on the server or cluster and not just your virtual machine setup when calculating your deployment. Said another way, if there is a single VM on a node within a server cluster that is running Oracle, all CPUs within the cluster will need to be licensed for the Oracle application under Oracle’s soft partitioning rule.

Obviously, customers have raised a lot of complaints about this practice, but Oracle remains adamant in rejecting soft partitioning, despite most VMware environments being set up through this method. Oracle is unlikely to change its stance on this issue, so we strongly recommend that you review your entire system architecture and underlying hardware’s physical processors before setting up a virtual environment with Oracle software.

License all non-production environments

One of the most frequent mistakes that Oracle customers make is installing software on their non-production environment without paying for it.

According to Oracle’s licensing rules, it is mandatory for organizations to license all development, test, staging, and pre-production environments the same way they would license production environments. Keep in mind that you are required to use the same licensing metrics for both production and non-production environments. When you calculate your license requirements, you also need to consider all instances within your organization, including database and application software. Be especially careful when there are any changes to your system architecture that may increase the processor count, such as the addition of new servers or moving a node from one Oracle server cluster to another.

Some customers may have negotiated special clauses in their agreements to license non-production environments differently, but you should assume that’s not the case for you unless you’ve verified otherwise in your contractual language.

Take the time to understand your Unlimited License Agreement

The Unlimited License Agreement (“ULA”) is one of the most confusing agreements that Oracle offers to its customers. You might think that having “unlimited” in its name grants you full rights over how you use the software and what software you can deploy. In fact, this agreement very specifically limits the number of products you can use, where you can use those applications, and how long you can use them.

ULAs are generally limited to specific entities and include a pre-defined list of products which require an upfront payment. They also include specific provisions regarding the termination of the contract. At the end of a typical 3-year term, customers have two options: to renew the ULA or to terminate it. If you end your ULA, you are required to certify all Oracle products and this certification must be signed by a C-level officer of your company. This means you need to declare installations of each ULA product, providing the required license counts across your IT environment. Oracle then draws a “line in the sand” and grants you perpetual rights to the declared software quantities for which you pay support and maintenance fees, governed by the ULA clauses. Be advised that Oracle may challenge your certification numbers and request additional support or detail to verify the figures. In some cases, the sales team may suggest that you work with LMS to obtain more specific or accurate certification numbers by running their home-grown scripts across your Oracle landscape. In these instances, there is likely suspicion that your counts are inaccurate or that you’re “stockpiling” your deployments which is prohibited by your license agreements.

Also, if you miss any installations during the certification, your usage will not be entirely covered by the perpetual licenses granted at the end of your ULA, and you will be non-compliant for any undeclared software running in your environment.  Another licensing “gotcha” is that Oracle does not allow you to declare software licenses deployed in the public cloud (e.g., AWS or Azure). You can deploy software in these environments, but they are not counted as part of your certification, so upon ULA expiration, you’ll likely be out of compliance for these cloud-based deployments.

In order to avoid paying extra fees after your ULA terms, we recommend performing an internal assessment each year to have a definitive summary of your Oracle deployments before the expiration date approaches. It’s leading practice to leverage LMS scripts or utilities that are recognized by Oracle to baseline your software installations on-premise and in the cloud, and to begin this process at least 6 months before your ULA end date.

Don’t be fooled by pre-installed options and packs

Another issue frequently identified during Oracle audits is the deployment of product options and packs that were not intended. These licensing pitfalls mainly apply to Oracle database products since they have a plethora of supporting features. Depending on the version, the database product includes additional options and packs (e.g., fine-tuning pack) that are automatically enabled during installation, and it’s not highly intuitive for IT users to “unselect” them. This is very common for customers who leverage Oracle Enterprise Manager (“OEM”) to manage their Oracle deployments. Before the release of the 11gR2 database, end-users had the ability to select or deselect the desired options during the installation of the database. However, it was still an issue because most end-users believed they were entitled to use everything that was being offered in the installation panel.

We believe this is the most covert licensing tactic that Oracle employs since the vendor allows you to install these options by default and without any disclaimers, and they are not generally covered by the standard database license in your agreement.

So, what can you do? Although Oracle software which is installed and/or running technically needs to be licensed, in practice LMS usually only charges for options found in use at the time of the audit. Since LMS has its own scripts to scan Oracle environments, it is only during the audit that most of the customers are faced with non-compliance findings and are required to pay extra fees. In order to avoid these unplanned fees, it is recommended to have your Oracle administrators implement internal controls and procedures to keep track of all these enabled options and the associated usage. You should instate a process that allows you to self-audit your Oracle environment and disable features, options, and packs that aren’t needed to support your applications.

Spend a bit more time to understand your licensing metrics

Metrics are often treated lightly by organizations when they buy software, but they are at the core of any licensing model. Despite its importance, most organizations don’t have the expertise or enough bandwidth to go through their agreements, identify their licensing metrics, and understand how they affect purchasing and software requirements.

It certainly doesn’t help that Oracle offers a wide range of licensing metrics and policies for their growing product portfolio. Customers can easily get confused with the various metrics including “Named User Plus” (NUP), “Processor,” “Application User,” “Monitored User,” “Expense Report,” and so on. Each licensing metric measures deployment differently and is used to calculate the applicable fee for the associated software product.

We recommend checking the metrics defined in your agreements with your Software Asset Management (SAM) department or software experts familiar with Oracle licensing, compliance, and audits. Creating a centralized matrix with each Oracle product and the corresponding metric may help you keep track of your Oracle licenses and usage. Ideally, this information should be maintained within your SAM tool, where automated reconciliations are performed against your Oracle deployments referencing these product metrics. At a minimum, mock audits should be conducted to proactively identify and remediate Oracle licensing gaps, well ahead of any ULA certification or contract renewal.

Connor Consulting is here to help

Although Oracle’s licensing rules may seem overwhelming and are not always easy to follow, Connor Consulting can help you successfully navigate through the pitfalls of Oracle’s licensing environment. Our practitioners have years of software licensing, contract compliance, and IT sourcing experience for major vendors including Oracle, SAP, and IBM, and we have helped many IT organizations prepare for difficult vendor audits and boost the effectiveness of their SAM programs.


To learn more about our SAM and Audit Defense offerings, contact Connor Consulting at today.



Software Asset Management (SAM) and Cloud Cost Management (CCM) continue to fall into key priorities for IT organizations across industries. With the proliferation of the cloud, SaaS vendors, as well as on-premises software vendors, the need to have better insight into software or service consumption and organizational value is paramount. A well designed and mature SAM program greatly reduces inaccurate licensing of software, uncovers overspend, and improves overall system and data security. According to Market Research Future (MRFR), the global SAM Market is expected to reach approximately USD 2.45 Billion by 2023, growing at a ~14.18% CAGR over the forecast period 2018-2023.

At Connor Consulting, we have been investing significant resources to provide top-notch advisory services that provide both an auditor’s lens, along with a practitioner’s point of view of effective license management and optimization. With unparalleled experience from thought leaders who have set up and led SAM departments for Fortune 100 companies, Connor helps mitigate IT supplier risks and realize material cost savings, both on-premise and in the cloud.

However, we acknowledge that providing expert services is not always enough to help the world’s top companies manage software and calibrate cloud usage.. In order to provide the best possible solutions to our customers, we have partnered with leading technology vendors to provide a holistic approach to SAM and CCM, including Flexera, Movere, Snow Software, Xensam and Zylo.

“We at Connor Consulting are fully committed to helping companies design, implement and manage highly efficient and impactful Software Asset Management programs,” said Rich Reyes, Executive Vice President of Connor Consulting’s Software Advisory Practice. “Our partnerships with today’s leading solution providers ensure our seasoned consultants are equipped with the best-of-breed tools to help enterprises tame IT spend, limit security and compliance risks, and increase ROI on technology investments.”

These alliances will provide our customers with unparalleled vendor licensing expertise and actionable data for better decision making and IT cost optimization.


About Connor Consulting

Connor Consulting is a leading independent audit and software advisory firm that specializes in contract and supply chain management, compliance, and license & cloud optimization.  Connor is a strategic advisor to industry leaders such as ARM, HDMI, Dolby, and many others.

If you would like to learn more about our services and how we can help you with your compliance or software asset management program, please contact us to explore the benefits for your organization:


+1 (415) 578-5002 or fill out an inquiry at

We are pleased to announce that CIO Applications has named Connor Consulting a Top 10 Software Asset Management Consulting Services Company in 2019. CIO Applications is leading the way in helping enterprises to adopt the best in technology and related services.

With the cloud rapidly changing the landscape of technology services and solutions, the requirements to deploy a modern IT stack is paramount to maintain competitive advantages, enhance cybersecurity, and adapt to evolving technology trends. As organizations migrate to the cloud and eschew legacy, monolithic technologies for cloud-based, best-of-breed technologies, they must instate effective programs to manage software assets throughout their lifecycle, in order to mitigate supplier risks and avoid unnecessary spend from these common IT events.

As a recognized Top 10 professional services company, Connor Consulting has established itself as a valuable ally to its clients implementing or looking to enhance their SAM and/or IT optimization programs.

To learn more about our philosophy and approach to servicing our customers, check out this interview featuring Rich Reyes, EVP of Software Advisory Services and Viresh Chana, Founder and CEO.

If you would like to learn more about how Connor Consulting can assist you with your SAM and ITAM needs, please visit our website.

We also have some great educational resources if you are just embarking on your SAM initiatives and would like some expert guidance pitfalls to look for and best practices to follow. Watch this on-demand webinar to learn more!

IAITAM ACE is the world’s leading ITAM Conference, fulfilling the needs of ITAM professionals with real-world education, vendor exhibitions and networking. This year, IAITAM ACE will take place from May 22 to 24 at the Marriott Marquis in San Diego, California.

Speaking at the conference will be our very own Rich Reyes, EVP Software Advisory. His talk “ITAM 2.0: Current Trends & Leading Practices for Value Transformation” will focus on current industry trends impacting ITAM practitioners, such as cloud, IoT, and IT supplier audits. We’ll also dive into leading practices for transforming your ITAM function from a cost center to a value center, maximizing the ROI for your technology investments (“ITAM as a Business”).

If you’re planning on attending the event, check out Rich’s talk and schedule time for a one-on-one meeting to discuss your ITAM needs. 

Register Now!


See you in San Diego!

Software as a Service (SaaS) has quickly become the largest category of XaaS spend1.  In fact, Gartner estimates that the SaaS segment of the cloud will reach $85.1 Billion dollars in 2019. By design, SaaS providers have made their solutions easy to procure, setup, configure, and enable across your enterprise, both in IT and across the business.  In some cases, an employee can create a new user account simply by authorizing payment through a credit card and activating the cloud application through the internet.

The Hidden Challenges of SaaS

Despite its convenience and benefits, SaaS has caused new problems for IT departments.  The days of fully controlled, centralized IT governance are behind us, as businesses prioritize agility and speed to market in order to stay relevant and compete with industry leaders who have gone digital.  As a result, there is an increase in “Shadow IT,” where SaaS implementation frequently bypasses IT or CIO offices, increasing security risk.  While Information Security teams can manage SaaS access from company networks through cloud brokering and single sign-on solutions, they don’t have much insight into users logging into SaaS applications/data from other locations or the public internet.  This increases data and information risks, and can impact GDPR compliance if the information is being transmitted to foreign locations.

In addition, traditional SAM programs aren’t able to keep up with these growing SaaS footprints, and IT is often being challenged with managing unpredictable cloud spend.  Unfortunately, IT shops generally do not have a “single source of truth” for tracking SaaS applications running across their companies.  While Cloud Cost Management (CCM) sounds fantastic in theory, many SAM programs continue to struggle with on-premise software compliance woes (e.g., vendor audits, true-ups, etc.) and don’t have the time, resources, or “know how” to tame their SaaS consumption and spend.  Many organizations also handle SaaS renewals reactively and cannot identify vendor or product redundancies across cloud-based applications to generate IT cost savings.

Taking SAM to the Next Level

So how do you evolve your SAM function to handle the perils of SaaS, establishing proactive CCM and cloud governance?

It all starts with uncovering what you don’t know, turning over every SaaS stone across your corporate landscape.  SAM teams must identify each SaaS application in use, who is accessing the cloud solution, and the time/frequency of usage.  Once you can inventory your SaaS applications and produce a regular report of this key information, you’ll drive smarter decision making across the organization.  You can then evangelize and share this data with cross-functional teams, which can help rationalize SaaS vendors, users and/or features.  These insights will be actionable and will enable more effective CCM, ensuring tighter alignment between your CIO and company leaders.

Leveraging Cutting Edge Technology for SaaS Management

Pairing Zylo’s innovative platform (click here to learn more) with our SaaS supplier and software licensing expertise, Connor Consulting is able deliver real-time cloud insights and provide you with a reliable and secure system of record for your SaaS-based applications, transforming your SAM program from a cost center to a value center by instating proactive CCM and cloud governance.

Contact us at for a free assessment today, and learn how to get a grip on your SaaS spend.


About The Author

Rich Reyes is an Executive Vice President for the Global Software Advisory practice at Connor Consulting.  He brings 20 years of thought leadership around software licensing & compliance, technology asset management, and IT sourcing.  Rich has performed hundreds of software audits on behalf of major vendors, and he’s established and led an ITAM/SAM department for a Fortune 100 retailer.  He continues to advise companies on practical ways to mitigate IT supplier risks, reduce vendor total cost of ownership (TCO) and optimize software licensing environments.  Rich holds CISSP and CISA certifications and is a frequent speaker at industry events.

The on-premise approach to Information Technology (IT) and Software Asset Management (SAM) is continually being disrupted with ongoing digital transformation, IoT, and all things AI.  Traditional IT operating modes which rely on in-house applications and systems are being phased out in favor of multi-mode IT – a combination of on-premise assets and those hosted in the cloud.  Gone are the days of solely acquiring software and hardware from third parties, building data centers, and maintaining them through periodic asset refreshes; in their place, we will continue to see the emergence of public, private, and/or hybrid cloud environments.

As a result, companies have begun to discuss whether a switch to the cloud is necessary to gain ground on cross-industry giants like Amazon, and to stay relevant in a market which leaves behind companies that fail to innovate or go digital.  However, companies have to be wary of increased IT OPEX spend during migration to the cloud, and look out for retiring older equipment and software too early, as it may result in material impairments or write-offs.

The Solution Bias Dilemma

IT suppliers and vendors recognize these paradigm shifts as well, and are becoming increasingly opportunistic, often using cloud migration as a commercial lever to push their newer, and often more expensive, products and technologies.  For example, in what’s known as solution bias, IT vendors upsell their own cloud technologies during migration without giving much consideration to current usage or future needs.  At the same time, these vendors are adapting their license agreements and software counting rules for their own benefit, making it more cost-effective for customers to use their own cloud solutions.

In addition, IT suppliers are revisiting old unfavorable enterprise agreements which granted unlimited product usage, as they were written without the cloud in mind.  In the process, they are capitalizing on any contractual landmines or “gotchas,” such as site or hardware restrictions, to uncover one-time and ongoing license fees.

Currently, licensees who have already migrated to the cloud are often getting a “free pass” from vendors and auditors during a traditional software review.  Due to evolving supplier license models, rules, product metrics, as well as unpredictable customer behavior and patterns, IT suppliers have been excluding XaaS environments from the scope of their license assessments.  SAM tool agents and audits scripts are also not yet commonly installed in the public cloud, so there isn’t an easy or effective way to discover software deployments.  However, XaaS environments will likely soon become a standard part of inspections, unless customers acquire software licenses as a service (e.g., SQL through Azure) through a public cloud supplier.

Proper SAM and Cloud Governance is Critical

With all that being said, companies should not wait on the sidelines and observe how vendors or auditors begin to address software licensing in the cloud.  Without proper SAM, cloud governance and controls in place, the risk of software deployment proliferating is incredibly high due to the agile and scalable design of cloud environments.  Even companies with mature SAM disciplines are at risk, as they are not accounting for the layer of complexity that the public cloud adds to the SAM world.

In order to address these changes, companies must proactively inspect and uncover potential cloud licensing risks in vendor agreements before major migrations occur to help avoid significant license premiums and preserve their leverage over vendors.  Companies should re-evaluate, challenge, and enhance their “people, process, and technology” framework that was standard for on-premise SAM to account for the perils of cloud licensing.  Even when the supplier does not raise any issues, it’s leading practice to determine and assess potential licensing risks before launching into the cloud.  Once software licensing risks are identified, IT Executives can decide whether to assume them or develop a strategy to mitigate their negative impacts, potentially saving their companies millions of dollars and protecting technology innovation funds.

Next Steps to Modernize Your SAM Program for Cloud

Have your IT vendor contracts been evaluated for migration risks or does your CIO prefer to take a “leap of faith” into the cloud?!  To learn more about how you can best prepare for software licensing “gotchas” in the cloud, contact Connor Consulting at today.

In the meantime, check out this on-demand webinar to learn more about how Connor Consulting – in partnership with leading SAM technology vendors like Xensam – can help you take your SAM efforts to the next level.


About The Author

Rich Reyes is an Executive Vice President for the Global Software Advisory practice at Connor Consulting.  He brings 20 years of thought leadership around software licensing & compliance, technology asset management, and IT sourcing.  Rich has performed hundreds of software audits on behalf of major vendors, and he’s established and led an ITAM/SAM department for a Fortune 100 retailer.  He continues to advise companies on practical ways to mitigate IT supplier risks, reduce vendor total cost of ownership (TCO) and optimize software licensing environments.  Rich holds CISSP and CISA certifications and is a frequent speaker at industry events.

In our first entry, we talked about some of the technical limitations of Software Asset Management tools in the software and data discovery of data of your environment.  Once you’ve tackled that issue and determined that you have complete and accurate data from your environment, you need to actually DO something with it!

On an average Windows desktop or laptop, opening up the “Programs & Features” panel could easily show fifty or a hundred installed pieces of software.  I counted 87 on my laptop just now, and that’s everything from Microsoft Word to Slack to the Windows Calculator app.  Now consider that in your environment, you probably have multiple versions of applications so your data set could have lines like:

  • Microsoft Word 2013
  • Microsoft Office ProPlus 2016
  • word.exe

Multiply that by a few different versions and a few thousand desktops and laptops and you can start to envision the giant mess and piles of data you’ll be dealing with.

The Importance of Software Asset Management

This is where Software Asset Management (SAM) tools start to demonstrate real value as they use a process called data mapping to comb through your records and provide useful summaries.  Some tools call this application recognition, but it’s all the same idea: taking the various software signatures identified in your discovery process and mapping them back to a singular software product, as well as deduplicating the data.  Most tools that have a feature like this should also have some way to update their data mappings regularly and reliably, so new vendor products or releases are accounted for by the mapping function.  This should be one of your critical requirements in sourcing a SAM tool.  Software is constantly changing and evolving, and if your tool isn’t keeping up, then you won’t be able to make smart decisions about your purchasing and mitigate license compliance risks with a high degree of confidence.  SAM teams should test the veracity of tool mapping data on a regular basis to determine if any updates need to be made.

As you evaluate SAM tools, you should try and test out the data mappings on your real data or production installs.  Have the vendor create a demo environment where you can load some of your live data and ensure that your critical applications are properly captured, evaluated, and reported.  In our example above, we’d want our tool to be smart enough to recognize that “word.exe” and Microsoft Word are the same thing, and we only need to see it (and count it) once.  But going even further, I really want the tool to know that Microsoft Office ProPlus is a bundle that contains Word so counting it separately would end up costing me extra money in support fees.  Product bundling is an essential requirement for a SAM tool and a challenging feature for vendors to consistently get right, since software products evolve at a very rapid pace and product bundles or inclusions often change.  In addition, there could be limited use non-OEM licenses offered in a vendor product (e.g., IBM DB2 offered through SAP R3); however, when used as a standalone product or in support of another application, it would trigger a separate or additional licensing requirement.

You should also consider how easy and important it is to make your own modifications to the data mapping library when your SAM tool falls short.  You might have some obscure software titles that the SAM vendor hasn’t seen before, or perhaps internal software that needs to be tracked and reported.  Additionally, you should make sure the tool warns or notifies you when there are software installations that it can’t recognize, so you can trigger your SAM process to map and tally the unknown product going forward.

The Devil is in the Details

I’ll give you a specific example from a prior engagement that emphasizes “the devil is in the details” premise. I had a customer who had created a custom installer for a certain piece of vendor software and deployed it out to their users.  This is a normal function and allows them to do things like set some custom configurations and make sure every authorized user could access company resources.  But in the process, they renamed the software to something that was unrecognizable to their SAM tool.  Because it wasn’t recognized or tracked, it was able to spread throughout the company without IT and the SAM team knowing that they had consumed all their licenses and then some, leading to significant non-compliance findings.  Under a vendor audit situation, they would have been on the hook for all of those licenses and liable for paying millions of dollars in software audit fees.

So now we’ve talked about how to make sure you get all the data we need or ensuring completeness and accuracy of your SAM tool, and of course, how to turn that discovery data into useful information through proper data mapping and analysis techniques.  In our next installment, we’ll discuss what tools should do to turn software deployment data into proper licensing data, aligning to product metrics in vendor agreements.


If you would like to learn more about Connor Consulting and how we can help with Software Asset Management, please contact us today for an initial briefing or complimentary assessment.


About the Author

Russell Lewis is a SAM professional with over 12 years of experience consulting with companies looking to improve their SAM processes and with software vendor compliance programs.