Aug 22, 2019

Deep Dive: 7 Layers of Essential Data to Beat a Software License Audit

Data is king in a software license audit. But it’s more than grabbing as much information as you can and throwing it at the auditor, hoping something sticks. You need the data that’s relevant to defend your software license compliance; you need to dig deep down into the data details to beat the audit.

Essential Data to Beat the Software License Audit | Aspera Blog

Your audit-ready data comes in seven layers, which progressively reveal the secrets of your software license compliance, and give you an edge in your software compliance audit response. Collect these seven pieces of essential data to ensure your software license compliance.

Want to take a deeper dive into software license audit defense?

This focus-driven session gives your team an audit defense plan delivered by software license audit experts from Connor Consulting and Aspera.

Watch this webinar >>

1) Commercial data

This is all about the software licenses your company purchased:

✔ How many?
✔ Which business unit owns what?

It’s the low-hanging fruit that most procurement/spend management tools can pick.

But! Just counting licenses isn’t enough in a software license audit – your software vendor will demand more. You must go deeper than the first layer and read the contracts, note the licenses and metrics, and record Product Use Rights, maintenance terms and dates, license transfers. Getting the first layer of commercial data is only scraping the surface in an audit.

2) Effective licenses

To understand whether you’re compliant, you must find your effective license position. This is the licenses needed based on actual usage in your company. To find it, you’ll need to answer these questions about a license:

✔Is it a base license, update license, or pure maintenance license?
✔Does the base or update license, or even the entire contract, entitle you to maintenance?
✔What do the Product Use Rights allow?
✔What is the license metric?

3) Licensable software inventory data

Here’s an important tip: Discovery is not the same as inventory. Discovery is when your IT asset management tool finds or “discovers” the installed and running software from all devices in an IT environment, both physical and virtual. Inventory is how you use the discovery information to count the software and hardware on the devices.

It’s easy to believe that discovery is about collecting all the executable files. But this process will gather far too much data that won’t be relevant from a licensing or compliance point of view.

Never submit raw discovery data! Ever. These reports contain more than the necessary information for what you need to reveal to an auditor and may lead to discrepancies in the software vendor’s license compliance audit report. It also hands the vendor detailed information about your software estate, which they could use to your disadvantage during negotiations after the audit.

Instead, submit your inventory reports, which is an organized version of your raw data that your vendor requires to audit your usage of their products. A dedicated software license management tool can automatically sort your data and ensure you’re giving only what’s needed – nothing extra.

4) IT architecture data

This is where your software runs, and from a compliance perspective, this data can get murky. Here are important questions to ask yourself in the data collection phase of before or during software license audit:

✔Who owns the machines on which the software is running?
✔How is the hardware configured?
✔How is the IT architecture designed? Is the software running on a hard-partitioned virtual server or on server in a cluster?
✔On which platform is the software running?
✔How is the software used?
✔Which applications are running on top of what server software?

When you enter “Serverland,” licensing can get complicated and mistakes can get costly. But this information is relevant to the Product Use Rights (possible savings for you – fist pump!) and vital for certain metric calculations. Be thorough and use your software license management tool if you have one.

5) Metrics & effective demand data

You’re going to need to know the actual contents of the licenses because they define the metric and the vendor’s calculation. In this layer, the goal is to use the metric to calculate the licenses needed to cover your software usage: That’s your Effective Demand.

In Serverland, software license metrics are a snarl to calculate because they take various factors like hardware details, configuration, platform, virtualization – all those 4th layer IT Architecture questions you had to answer – and put them through complex calculations.

Then, because Serverland is a dark and murky land, there might be alternative metrics. You might end up with several calculation results for the same software usage. Some might even be more favorable for the vendor than others.

For an idea of how mind bending this can get, here’s the data needed to make sense of Oracle’s metrics:

  • Database instance name
  • Server status
  • Installed software
  • Metrics 
  • Processor model
  • Number of processors or used sockets
  • Database options
  • Total amount of processor cores
  • Number of named users
  • Server hardware partition
  • Database management packets

Manually doing the calculations — for the hundreds of metrics for server software — would require specialized knowledge about each license and a significant amount of time. It’s also error-prone, labor-intensive, and might make you cry.

6) Applying license data

This layer is all about assigning update and maintenance licenses to base licenses and applying those helpful Product Use Rights. Your license position will be accurate, and your license demand won’t be exaggerated – both of which are gigantic potential cost surprises. No one likes those kinds of surprises.

The auditor may follow guidelines that say if there are any "holes" in the update or maintenance chain of a longstanding license then the license’s current usage isn’t compliant. Applying license data properly requires an understanding of your software usage and device ownership. A SAM tool can plug those “holes” with the correct, complete data.

When you do assign update and maintenance licenses to base licenses and apply your Product Use Rights, you’re protecting yourself in an audit and saving on license costs.

7) Software license compliance balance

Finally, the core layer is applying the Effective License Position (see Layer 2) to the Effective Demand (see Layer 5) – what you truly have versus what you need. The result of this comparison is your company’s compliance balance.

The crucial data for audit compliance is multi-faceted, and there are many — not always easy — ways to decipher conclusions a company needs to draw from it. These data requirements can be fulfilled with a SAM tool, which gathers and processes all this beautiful, high-quality data you can apply its detail to your advantage in an audit.

Download our Complete Guide to Audit Defense for more expert tips that will help you own your next software license audit.

Get started >>

Topics: Audit Defense, SAM Education