Email comment: Flexera comments on OMB software policy

[OMBPublicComments]

Ladies and Gentlemen:

I am the President and CEO of Flexera Software, the leading global technology, consultancy, service provider and subject matter expert in the area of Software Asset Management (SAM) and Software License Optimization. We serve myriad US Federal Agencies as well the largest companies in the world, helping them significantly reduce software spend and waste, and improve software procurement practices to ensure they are buying only what they need and using what they have. In sum, we help customers gain the expertise they need to negotiate better deals with software vendors by helping them manage their software agreements more effectively.

Perhaps more so than any other organization, we are intimately familiar with the industry best practices around SAM/Software License Optimization. In some cases we have been the innovators of those best practices; in other cases, we have provided automation to make implementation easier.

With all of this in mind, we congratulate you in taking the important step of putting forward guidance on better software management in the federal government. Based on what we have learned through over 20 years of experience, we believe that effective software license management can save the federal government up to 25 percent of its $9 billion annual software spend, or $2.25 billion.

As such we are offering the following commentary and recommendations in connection with the OMB’s Category management Policy 16-1: Improving the Acquisition and Management of Common Information Technology: Software Licensing. Once you have had the chance to review these comments, we would be happy to meet with you to provide further insights into our commentary or respond to questions you might have as you move to finalize this policy document.

Very Truly Yours,
Jim Ryan
President and CEO
Flexera Software

Flexera Software Commentary: OMB Category Management Policy 16-2 (FITARA)

Relevant Policy Section: Agency Strategies – Centralizing and Improving Software Management

In item 1), “Appoint a software manager…” we believe that you have captured several important aspects of effective software management. However, we would recommend that in bullet 1, which starts “Develop and implement a plan…”, you add a second sentence which includes the essential data elements necessary for any plan. For example, you might consider adding “This plan should be data driven and rely on A, B, C and D.

Also in item 1), under bullet 3, “Develop a vendor management strategy…” our experience in this area tells us that improving relationships with suppliers is generally one outcome of an effective software management program in which the customer has reliable data on software licenses purchased, deployed and used. With these three bits of information, a customer’s vendor management becomes less of a contentious exercise and more of a collaborative effort that focuses on bringing new capabilities to bear as opposed to annual data-devoid arguments over software entitlements. Therefore, we recommend that you alter this bullet to read “Develop a data-driven vendor management strategy…”

In item 2), “Maintain comprehensive annual inventories,” our experience in this area is clear. Effective software license management is not possible as a periodic (i.e. once annually) process. A single instance of license non-compliance at any point in time throughout the year can trigger expensive true-up penalties charged by vendors during an audit. Accordingly, software inventories, license count management and usage must be tracked on a continual basis to ensure continual compliance, minimizing waste and software license audit risk exposure. As a result of requiring this more rigorous process, OMB will achieve more rapid and significant cost savings, which will be reflected in the annual reporting called for in these guidelines. Therefore, we would recommend that you alter item 2) to replace the word “annual” with the word “continual” so that it reads “Maintain comprehensive continual inventories of software license and subscription spending and enterprise licenses, including license count and usage.”

Also in item 2), the two bullet points call out dates – September 30, 2016 for the commencement for using the recommended tools to report on software inventory and usage, and August 31, 2016, for the agencies to report to OMB on their software license inventories. In our experience, implementing the necessary Software Asset Management people, processes and technology to enable the reports called for in this section requires considerable time for tool selection, up-front planning and implementation. Accordingly we view these deadline dates to be extremely unrealistic, making noncompliance virtually assured.

Therefore, our recommendation is to provide an additional year for compliance, and thus modify the text so that it reads:

• “No later than September 30, 2017, agencies shall, to the extent practicable, leverage…”, and
• Beginning August 31, 2017”, and each year thereafter, all departments and agencies shall provide to OMB an annual report of their software license inventory

Also in item 2), in reviewing the first bullet, which reads “… agencies shall, to the extent practicable…” we believe it is important to call out the use of technology tools to help enable the implementation of best practices in software management. Software Asset Management/Software License Optimization is the generic name for a host of capabilities recognized as the industry-standard for solving the problems contemplated by FITARA and these policy guidelines. Having done the work for years, we are confident that CDM or CMaaS tools are not designed for Software Asset Management and would be insufficient, in and of themselves, to ensure compliance with FITARA and OMB’s policy guidelines. Further, CDM/CMaaS tools may not necessarily provide sufficiently comprehensive functionality to deliver effective software license management as called for in these policy guidelines, which is a highly specialized field. Accordingly it is critical that any technology capability called out provide sufficient guidance for effective compliance. Including industry-standard technology descriptors (i.e. Software Asset Management/Software License Optimization) is therefore important to help ensure compliance with these policies.

Therefore, our recommendation is to modify bullet 1 in item 2) so that it reads “No later than September 20, 2016, agencies shall, to the extent practicable, leverage technology that enables implementation of industry best practices and standards for software license management, such as Software Asset Management (SAM)/Software License Optimization (SLO) tools, Continuous Diagnostics and Mitigation (CDM) tools and Continuous Monitoring as a Service (CMaaS) to report on software inventory and usage.”

Additionally, as you know, FITARA, and OMB’s guidelines effectively call for the government to implement industry-accepted SAM/Software License Optimization best practices. The leading technology analyst firm, Gartner, outlines the six essential SAM practices, most recently in a July 29, 2015 report, “Use Gartner’s Tool Decision Framework for SAM to Create your Roadmap.” A copy of that report is attached for your convenience. Those industry-accepted best practices are:

 Platform Discovery: Discovery is the act of interrogating networks to identify network-attached physical and virtualized platforms upon which software executes. This is a foundational activity to effective SAM
 Inventory: The purpose of inventory is to extract and identify all software executing in the environment - also foundational to SAM.
 Reconciliation: Reconciliation harmonizes contract, purchase and product use rights information with normalized inventory data to establish an effective license position (ELP) — the balance of licenses purchased to licenses consumed. ELP forms the basis of compliance, risk-reduction, audit defense, contract (re)negotiations, license "true ups" and optimizing software spend.
 License Optimization: Optimizing license position means reducing the number, type and expense of licenses needed and in use, as appropriate. A typical approach to optimization models reconciled data to examine software, its entitlements, environment and actual usage to recommend the appropriate license type. Optimization is also essential for ensuring the government understand what software it has, what it’s using, and what it needs when negotiating new contracts with vendors.
 Sharing Information: SAM tools both consume and produce data and information, which they must share to be useful. Gathering technical, financial and contractual data in a central system of record for IT assets enables the Federal CIO to manage vendors effectively, and software assets from requisition through retirement.

Given your emphasis on best practices, we believe these six elements, as described by Gartner, are appropriate for inclusion in any federal guidance policy. Therefore, we would recommend adding another sentence along the lines of: “At a minimum, this technology must facilitate automated (1) Comprehensive software/hardware platform discovery; (2) Platform and Software Inventory; (3) Software Inventory Normalization (4) Contract, Purchase and Product Use Rights Reconciliation; (5) License Optimization (6) SAM Data Sharing Capabilities.” That bullet concluding sentence would remain as is - “The agency's centralization plan shall explain how this capability will be implemented.”

Under item 3), which starts “Aggregate Agency Requirements and Funding” you are to be commended for linking software management to agency funding requirements. At the same time, while in this item you note that “Agencies shall develop repeatable processes,” you miss the opportunity to encourage automation of processes – which is a private sector best practice, and which spurs moves from labor-intensive Excel-based software inventory management to more efficient and effective automated software tools.

Therefore, we would recommend that item 3), you alter the first sentence after “Aggregate Agency Requirements” to read “Agencies shall develop automated, repeatable processes to aggregate software requirements…”