"In the past three years, SAM has been credited with saving Visa over $200 million," says Joe Birdsong, director of software asset management at Visa addressing the crowd at the 2014 SAM Summit in Chicago. "We're making better decisions."
Visa adopted a globalized approach to IT asset management in 2006, but it wasn't until 2011 that the company formed a team dedicated to SAM and developed a company-wide SAM strategy. That first year was busy. Birdsong's team supported four major ELAs (enterprise license agreements) and addressed compliance issues "without incremental spend." They also closed vendor audits with minimal exposure because Birdsong's SAM philosophy is to do more than an auditor would, be more complete. "Understand how [auditors] do things and understand their approach," he advises.
Visa's SAM team also realized that they needed discovery and compliance engine tools. They purchased BDNA Discover and Normalize and Flexera FlexNet Manager, which they continued to roll out through 2013 and 2014. They've also deployed Microsoft SCCM (System Center Configuration Manager) and CA Portfolio Asset Manager.
In the third year of the program, they established a policy to complete a quarterly check on the ROI (return on investment) and compliance on their ELAs, and they identified compliance exposure on several key products in their ecosystem.
"Don't expect any tool to work perfectly out the box," Birdsong says. "We use vendors that can provide the data points we need and a tool that can be customized."
Birdsong points out that Visa prefers this mutually beneficial, highly aligned relationship with SAM tool vendors. He hopes that other companies will find value in the changes Visa helps make to these tools.
Driving the SAM strategy
Birdsong identified three categories of drivers behind Visa's SAM program: financial, legal, and operational. They want to optimize their licenses, make the most effective use of services, and ensure they're getting value out of their software spend. Legally, they're concerned about noncompliance with license agreements. From an operational standpoint, they're involved in title rationalization to choose the best software as well as reducing headcounts to support additional titles.
To meet these drivers, Birdsong has taken a three-pronged strategy: people, process, and tools. His team now includes 15 employees with license compliance experience as well as Windows and Unix system implementation and support expertise. They're also unfailingly good communicators with backgrounds in business.
"People came from the Big Four to do auditing for Microsoft and IBM. If you think one of them will be coming after you, the best thing to do is to hire an auditor," says Birdsong.
His process includes ELA negotiations, audit responses, and title rationalization, and he uses entitlement tools. His team has built baselines for software product utilization that, he believes, are more detailed than what any auditor would build.
"We want to have baselines available and be able to self-report -- and not waste thousands of hours going through an audit," Birdsong says. "If we get wind of vendors doing audits, we'll do a review. We want to be a low-risk candidate."
It's also important to understand what puts you at a higher risk of an audit. He says, "High risk is a vendor that we have a high spend with. If you're reducing spend or have products that are easy to audit and have a high yield, you'll be a target."
Goals for 2014 to 2016
Birdsong isn't resting on his laurels. He's set several short-term goals for his team. His plans for this year include achieving automated and near real-time compliance, cost clarity around software consumption by service, and consolidating software products. Next year, he intends to renegotiate several major ELAs and perform license reclamation. And in 2016, he expects to see maturity in preventive controls and accountability as well as in non-standard metrics and platforms, and he wants to add the discovery of and reporting on open source software.
He also wants to see his SAM professionals expand their work with the sourcing teams and product managers. He points out that, after you've worked through the immediate non-compliance liability, weeded out software that no one uses anymore, and canceled unnecessary support contracts, your SAM program can find other ways to add value to your organization.
Birdsong says that today, "Folks come to us with any questions about what software is deployed where and to understand all the software that's licensed and available. We help them make better and smarter decisions."
Zeb Zigler, asset management analyst at Visa, also participated in this case study presentation.
—by Leslie T. O'Neill