C Gart63

Download as pdf or txt
Download as pdf or txt
You are on page 1of 14

Software Asset Management for the Cloud:

Consumption Management and Optimization


Take Center Stage
Published: 28 November 2018 ID: G00366656

Analyst(s): Stephen White, Ryan Stefani

Digital initiatives are fueling cloud service adoption, making their metering,
management and optimization an inescapable need. Sourcing, procurement
and vendor management leaders should include cloud services within the
scope of SAM to eliminate wasteful consumption and minimize
noncompliance.

Impacts
■ Dramatic growth in cloud adoption requires modernization of the SAM discipline, demanding
governance, transparency of consumption and license compliance across all environments.
■ Toxic consumption of provisioned yet inactive IaaS, and PaaS plus shelfware as a service,
ensuing from SaaS licenses assigned but unused, has become increasingly costly.
■ Software publishers who switched to SaaS have grown revenue per user and reduced audit
activity. This paradigm shift triggers SAM’s primary focus for SaaS to become managing
consumption.

Recommendations
To mature the IT asset management discipline, SPVM leaders responsible for maturing the SAM
discipline should:

■ Expand the scope of SAM and prioritize their organization’s SAM focus on metering cloud
services as a critical function to ensure completeness of governance and eliminate unnecessary
costs.
■ Implement and drive adherence to processes for metering and harvesting of unused software
and cloud services to eliminate unnecessary or costly toxic consumption and shelfware.
■ Demand self-service and granular active usage reporting from the SaaS provider or their SAM
tool vendor before committing to any cloud contract to provide the data necessary for effective
cost management and containment.

Strategic Planning Assumption


Through 2022 in any given month, over 30% of the growing expenditure on software and cloud
services will be unused.

Analysis
Software asset management (SAM) has been refashioned by the demands of the cloud. Cloud
services, incorporating applications, middleware, operating systems, virtual machines and
infrastructure, deliver significant value to the organization and its customers, thus representing high-
1
value business assets that necessitate management. IT sourcing, procurement and vendor
management (SPVM) leaders and budget holders must now recognize SAM as a key cost reduction
and governance mechanism by managing the consumption of as-a-service offerings.

In the context of cloud services, SAM as a discipline has expanded. What was once a best practice
driven by compliance with usage rights dictated by software publishers, now encompasses critical
mechanisms that measure and manage cloud services. Dramatic cloud usage growth, and
corresponding expenditure, means budget holders cannot afford to overlook the need to manage
services. Figure 1 shows how SAM must address the extensive range of digitally influenced
platforms, devices and environments.

Page 2 of 14 Gartner, Inc. | G00366656


Figure 1. SAM Must Address an Expanding Variety of Environments

Source: Gartner (November 2018)

As the organization becomes dependent on cloud services, mature and effective SAM capabilities
also become necessary to measure utilization, rightsize commitments, contain costs and govern
risk. As cloud expenditure continues to grow, risks and impacts associated with cloud contracting
expand. Acting as a contributor to the cloud center of excellence (CCOE), the SAM function has a
key role in reducing waste, providing transparency and identifying irregularities.

Governance within the SAM discipline provides insight into security vulnerabilities and license
compliance risks. License compliance risk may be reduced with cloud adoption; however, two key
risks remain:

■ Unique usage rights applicable where licenses are ported for use with a platform as a service
(PaaS) or infrastructure as a service (IaaS) provider
■ Access restrictions, such as indirect access, hybrid constraints and device quantity limits

Gartner, Inc. | G00366656 Page 3 of 14


Representative of this license compliance shift, Adobe and Microsoft are example providers who
have significantly transitioned revenue to as-a-service subscriptions and notably reduced their audit
2
activity.

Increasing cloud service dependency combined with providers’ cloud revenue growth (see “Adobe
Reports Record Revenue”) point to potential cost risks. These are clear signals that SPVM leaders
require a solution to manage cloud service consumption, commitments and costs. IT SPVM leaders
responsible for SAM who recognize cloud services will increase cost risks, adding to the demands
on the SAM discipline, will evolve their SAM functions and be best-placed to address emerging
requirements. Figure 2 highlights the impacts of digital initiatives and the top recommendations for
SPVM leaders.

Figure 2. Impacts and Top Recommendations for Sourcing, Procurement and Vendor Management Leaders

Source: Gartner (November 2018)

Impacts and Recommendations


Dramatic Growth in Cloud Adoption Requires Modernization of the SAM Discipline
Many organizations adopt cloud services expecting to:

■ Leverage increasing flexibility and the provider’s economies of scale

Page 4 of 14 Gartner, Inc. | G00366656


■ Reduce upfront investment requirements of business initiatives and improve agility
■ Eliminate a series of costs associated with running services internally

To realize these benefits and desired outcomes, robust governance and transparency of
consumption are required to effectively manage the range of cloud service providers utilized and
eliminate unnecessary risk of cost overruns, license noncompliance and security vulnerabilities.

Concurrent with metering usage of on-premises IT services, software asset managers now face the
rapidly growing challenge of managing the consumption of multiple cloud services. Software asset
managers should evaluate the requirements of managing cloud services and any existing
capabilities in a CCOE, and seek to adapt the mandate for SAM within the IT asset management
(ITAM) charter (see “Toolkit: ITAM Mission Statement and Charter”).

PaaS and IaaS are being employed as the basis of digital initiatives. By adapting and expanding the
scope of SAM, and investing in appropriate controls, cloud services will be more effectively
exploited, allowing them to be adopted with confidence that cost overruns will be minimized.
Successfully minimizing expenditures, rightsizing and managing risk require mature processes,
capable tools and resources with assigned responsibility.

By incorporating cloud services within metering processes, SAM functions can address several
issues:

■ Underutilization of CPU and memory in virtual machines can be identified, and the relevant
3
instances rightsized and reprovisioned, with cost per hour trimmed by 40%, for example.
■ Instances and services running with no continuing requirement can be deprovisioned and
services “switched off” accordingly.
■ Assigned SaaS licenses with no usage can be archived or reassigned, eliminating growth of
unnecessary subscriptions and associated costs.

Similarly, incorporation of cloud services within the SAM discipline will enable proactive assessment
and management of compliance with bring your own license (BYOL) metrics, limits and use rights.
Rights to use existing perpetual licenses in public cloud environments are regularly available, yet will
require detailed assessment to establish limitations or additional license requirements. By
proactively assessing the parameters that apply to a BYOL scenario, assumptions or mislaid
expectations can be addressed, options navigated and cost overruns mitigated.

Success Prerequisite: Reliable Usage Data


The growth in cloud services makes measuring and managing software usage more complex as well
as more critical. SAM must mature quickly to meet emerging requirements for measuring detailed
functional and quantitative cloud services consumption.

Organizations increasingly depend on cloud services to deliver business capabilities. Options to


switch from a chosen provider to an alternative may be limited and/or costly to execute as premium
features such as artificial intelligence are adopted and become integral to the organization’s

Gartner, Inc. | G00366656 Page 5 of 14


offerings. Therefore, organizations that adopt cloud services’ most valuable offerings may find
themselves dependent. The extent of risk, dynamic nature and challenges gaining transparency of
multiple cloud services require capable metering solutions with aligned resources and
responsibilities assigned.

Without an understanding of the functionality consumed, and


insight to identify optimization and rationalization targets across
the cloud services portfolio, potential to eliminate increases in
cost and risk will be significantly limited.

Cloud service adopters without usage data risk cost increases due to far greater usage than
anticipated. Cloud economics tend to deliver large and small rates of adoption at similar prices;
therefore, greater rates of adoption and consumption will unlikely translate to dramatically lower unit
prices. Accordingly, a key route to leveraging benefits of cloud economics will be to manage out
unnecessary overprovisioning, with a dependency on quality usage data to identify targets for
optimization, rightsizing and retirement.
4
Cloud services may incorporate metering tools. Any absence of usage data from providers and/or a
desire for independent data sources mean an alternative source of usage data is needed. Those
with immature or no SAM capabilities risk having limited visibility and, with that, diminished ability to
support stakeholders responsible for the management, budget and security of systems and
business information.

SAM tools must cater to the demand for monitoring cloud services, especially the extraction of
functional and quantitative usage data (see “Critical Capabilities for Software Asset Management
Tools” and “Comparing Tools to Track Spend and Control Costs in the Public Cloud”).

Success Dependency: Resources, Skills and Responsibilities


Guiding the organization’s use of cloud services by making effective use of data requires that
responsibilities be assigned and processes developed. Adoption of cloud services requires the SAM
discipline to adapt and apply diligence to a broader set of environments, while understanding the
impact of a greater rate of change.

Thus, the SAM function must be appropriately resourced, enabled by processes developed to
deliver effective management. SAM resources’ responsibilities will include interaction with business
stakeholders to facilitate options analysis, investigation of anomalies and subsequent resolution. In
the absence of adequate resources, augmentation may be possible through third-party delivery of
SAM services (see “Market Guide for Software Asset Management Managed Service Providers”).

Many software asset managers will have addressed virtual server sprawl and its impacts in the data
center, and now be called upon to extend those capabilities to cloud services. Unlike the virtual on-
premises data center, any cloud instance carries a cost for the time which it exists, thus a more
direct and immediate cost of sprawl applies.

Page 6 of 14 Gartner, Inc. | G00366656


Managing cloud services within the scope of SAM extends well beyond a reactive monitoring
function. By definition, a key characteristic of cloud is bidirectional elasticity (meaning volumes can
grow and contract as the business demands). However, monetary commitments, reserved instances
and enterprise SaaS contracts may limit the opportunity to scale down commitments. Any absence
of rights to true down amplifies the role of a proactive SAM function and potential benefit realization
by rightsizing upfront.

Crucially, the SAM function must ensure complex terms and use rights applicable to BYOL options
are evaluated. Limitations to license rights must be considered and re-evaluated, and implications
understood — with potentially significant costs applicable in case of any misjudgment. For example,
the Oracle Core Factor Table will not apply when used in a BYOL scenario beyond Oracle Cloud,
while Azure Hybrid Benefit for Windows Server applies only to use in Azure. In these and other
cases, the SAM function plays a key role ensuring limitations are understood and assessed prior to
adoption or migration.

Recommendations

SPVM leaders responsible for maturing the SAM discipline should:

■ Establish an executive-sponsored mandate and protocol for management of cloud services


within the SAM function by updating the organization’s ITAM charter (see “Toolkit: ITAM Mission
Statement and Charter”).
■ Focus the organization’s SAM capability on metering usage in order to rightsize requirements
and eliminate unnecessary costs by ensuring any SAM tools in place, or being acquired, have
been proven to deliver cloud service metering.
■ Assess demands on the SAM function and its capacity to manage cloud service consumption,
augmenting resources and processes as necessary to enable effective governance.

Provisioned Yet Inactive IaaS, PaaS and SaaS Licenses Assigned but Unused Have
Become Increasingly Costly
Although it is optimal to match subscriptions to requirements, underutilization and overdeployment
5
are widespread, contributing to cost overruns. Both toxic consumption and shelfware create a
drain on budgets that, once incurred, cannot be recovered. Where excessive and unproductive, they
will erode the benefits and business case of cloud service adoption and jeopardize further initiatives.

Toxic consumption of PaaS and IaaS may occur where services continue to run incurring waste and
unbudgeted costs. Examples include:

■ Services created without validated use cases that remain unused or underutilized
■ Valid services that are underutilized and should be scaled down to a more appropriate tier
■ Services exploited for a useful term, but which remain running without any delivered value

Gartner, Inc. | G00366656 Page 7 of 14


Lack of contract elasticity amplifies “shelfware as a service,” a phrase that recognizes that
5
subscriptions will regularly go unused or are underused.

SAM-monitoring processes that focus on cloud usage will facilitate rightsizing of PaaS and IaaS
instances, while better aligning SaaS subscriptions to requirements as the organization and roles
evolve. Core processes that must be in place to effectively control cloud computing costs include:

■ Provisioning: A process that governs access to cloud applications to control subscriptions and
protect access to potentially sensitive data.
■ Deprovisioning: The process of removing access to a cloud service to limit access to
applications at an individual level or retiring the cloud service across the organization.
■ Metering: The process of monitoring consumption of cloud services and usage of applications
to identify targets for optimization including rightsizing instances or harvesting licenses.
■ Planning: A process that allows the organization to forecast its technology needs and leverages
the data that was captured through metering processes to optimize usage.
■ Harvesting: A process of recovering unused licenses typically following the deprovisioning of
software. This action is an important form of cost avoidance, as the recovered, unused license
can be made available to fulfill new requests instead of obtaining additional licenses.

SAM’s Role in Delivering Business Value From Cloud Adoption


As organizations transition, migrate and replace existing systems, costs will be incurred beyond the
subscription fees. Having invested in the cloud adoption process, extracting value in excess of
costs incurred will be the essence of success.

The role SAM plays is vital in advance of adoption. SAM data is critical to providing a platform for
accurately forecasting future requirements and the resulting costs. Reliable metering and data
capture must be used to understand the existing environment, establishing quantitative and
functional requirements as an integral part of the adoption planning process. The use of SAM data
in this fashion should be incorporated into the organization’s overall cloud policy (see “An Overview
of Enterprise Cloud Strategy Approaches and a Pragmatic Template for Setting Your Cloud Use
Policy”).

Cloud-service-centric SAM tool functionality and dedicated cloud metering tools include
increasingly sophisticated data analysis and reporting. However, effective use of analytics depends
on asset life cycle management processes, interpretation of the data and executing the actions it
informs. For example, by implementing effective provisioning and metering processes, SAM can
align the functionality of an application to appropriate use cases, which reduces the likelihood of
inflated costs.

Following service provisioning, SAM data should be used to identify teams and divisions that are
not making cost-effective use of the adopted service. SAM can act as a mechanism to identify
unused or underutilized services and features, thus enabling actions to drive active use and extract
value.

Page 8 of 14 Gartner, Inc. | G00366656


Principles of agility associated with cloud computing imply that harvesting subscriptions is critical in
order to leverage cloud economics. Metering and harvesting processes can enable unused account
deactivation, changes in usage patterns to be flagged and analysis to be carried out that
determines whether more appropriate license types or instances should be assigned. Best practices
and processes used for license recycling can be adapted for the management of cloud services
(see “How to Recycle Licenses to Optimize Software Costs” and “Software Asset Management Fails
to Deliver Benefits Without License Assignment”).

As cloud services proliferate across organizations, provisioning and deprovisioning processes must
be updated to include the management of access to third-party services (see “IT Asset
Management Best Practice: Improve Personnel Change Procedures to Protect Company Assets
When People Move or Leave”). For example, although many organizations have defined processes
for archiving data and closing internally provided accounts, these processes may be poorly
coordinated for SaaS applications.

Recommendations

SPVM leaders responsible for maturing the SAM discipline should:

■ Eliminate unnecessary, wasteful and costly provisioning of cloud services by implementing


procedures for requesting, provisioning and harvesting cloud entitlements.
■ In advance of any migration and license purchase, profile use based on needs established using
SAM metering data to confirm appropriate license and functional alignment.
■ Integrate cloud services into the deprovisioning process to ensure toxic consumption is
minimized, while access is promptly revoked and subscriptions can be reassigned to avoid
shelfware and unnecessary additional purchases.

Software Publishers’ SaaS Revenue Growth and Reduced Audit Activity Prompts a
Shift in SAM Focus to Managing Consumption
As organizations adopt SaaS, SPVM leaders may be tempted to conclude the SAM function, control
and usage data is of less value. After all, if applications are self-policing, why manage licenses?

Stakeholders throughout the organization will welcome a reduction in audit activity. However, it is
prudent to consider any reduction in audit activity an indication of the extent to which SaaS is
facilitating revenue growth. The repetitive nature of subscription payments and typically higher cost
than equivalent on-premises maintenance make revenue recovery through audit activities a lower
priority for publishers. The same paradigm compels usage monitoring and rightsizing as critical
focuses of SAM.

SAM Is a Critical Mechanism to Mitigate SaaS Cost Increases


SaaS price risk is particularly significant, whereby, as the organization becomes dependent on the
adopted service, buyer bargaining power is reduced, ultimately leading to increased prices at
renewal. The facility to eliminate waste, rightsize contracts and offset price increases makes SAM

Gartner, Inc. | G00366656 Page 9 of 14


fundamental to SaaS cost containment and must be geared to managing the consumption of as-a-
service offerings.

SaaS provider price increases will be a function of the characteristics of SaaS markets, and may be
most dramatic in monopolistic scenarios. Where the SaaS provider holds dominant market share,
few alternatives are available or switching costs is excessive (see Figure 3). The provider will be able
to engineer price and offering changes to its advantage to accelerate revenue growth.

Figure 3. Porter Analysis: SaaS Price Risk in Monopoly Markets

Created from “Competitive Strategy: Techniques for Analyzing Industries and Competitors,” by Michael E. Porter.

Source: Gartner (November 2018)

Software publishers converting to SaaS often use management or administration portals to allocate
licenses or provision users. In some cases, usage reporting is either absent or insufficient to provide
granular visibility into which end users are using which components.

Price risks applicable to SaaS take many forms, including:

■ Removal of upfront incentives and discounts


■ Increasing list prices — global changes plus local increases justified by currency movements
■ Rebundling services into premium editions
■ Adding more functions into services and increasing prices

Page 10 of 14 Gartner, Inc. | G00366656


Should cost increases be minor or nonexistent for some titles, active usage data from SAM tools
will deliver more direct savings by enabling rightsizing on renewal if, for example, 30% or more of
6
subscriptions remain unused. Should price increases be more significant, SAM plays a vital role in
countering those price increases, limiting the negative impact and cost implications.

Capacity to rightsize in this fashion may be limited in some scenarios. Some examples are when the
license metric is based on the total employee base, transaction quantity or revenue, or price
protection language being conditional on renewing at least the original quantities. Despite
contractual limitations, SAM will remain key to addressing growth in quantities, harvesting licenses
assigned to departed or inactive users, and limiting license assignment to genuine requirements.

License Compliance Risks Have Diminished With SaaS, Not Vanished


SaaS growth appears to be contributing to a marginal decrease in overall audit activity. Microsoft
and Adobe are illustrative of this transformation, as both companies’ revenue responded positively
2
to SaaS conversion and reduced audit activity. Although the migration to SaaS mitigates much
counterfeit and compliance risk, clients must still manage some compliance issues. Despite an
altered approach, both Microsoft and Adobe retain the right to verify compliance. Those that
7
inadvertently or deliberately misuse software may still be subject to scrutiny.

We caution against interpreting the reduction in audit activity as meaning that SAM is no longer
required when using SaaS — that is not the case. SAM’s primary focus in the context of SaaS must
switch from a practice of managing conventional license compliance to measuring and managing
the consumption of provisioned services and functions. Managing compliance with limitations to
usage of SaaS will still be required. This is potentially best known in the context of indirect access
(see “SAP Clarifies Indirect Access Licensing, but Costs May Increase and Risks Remain”). Other
potential compliance risks apply where overprovisioning may occur such as tenant-wide features
being activated without licenses for all provisioned users or in the case of limitations to devices per
licensed user.

In Advance of a SaaS Migration, Audit Risk May Increase


Audit patterns reflect the state of the software industry. It is likely that, as software publishers
successfully convert their delivery model to SaaS, they will subsequently reduce audit activity as
their revenue streams transform. Software publishers that are less advanced in their conversions to
SaaS may treat audit settlements as an opportunity to grow their cloud subscription revenue. Such
an approach may increase the risk of audit for clients remaining on-premises, increasing license
compliance risks in the short term ahead of a midterm increase in cost risks.

Should your organization be subject to an audit and cloud settlement concession, and your
organization has no short-to-midterm plans to migrate to the relevant cloud service, be aware of the
risk of shelfware (see “Take Charge of Your Oracle Software Audit With Gartner’s Proactive Audit
Approach”).

Gartner, Inc. | G00366656 Page 11 of 14


Recommendations

SPVM leaders responsible for maturing the SAM discipline should:

■ Support the business case for SAM resources, services and tools with the requirement to offset
material risks of escalating SaaS costs.
■ Demand self-service and granular active usage reporting from the SaaS provider or SAM tool
vendor before committing to any contract.
■ Mature SAM capability so resources can be focused on proactive cost management for both
on-premises applications and SaaS assets.

Gartner Recommended Reading


Some documents may not be available as part of your current Gartner subscription.

“Software Asset Management Is Now a C-Level Imperative”

“Market Guide for Software Asset Management Managed Service Providers”

“Toolkit: ITAM Mission Statement and Charter”

“Critical Capabilities for Software Asset Management Tools”

“Comparing Tools to Track Spend and Control Costs in the Public Cloud”

Evidence
1See ISO/IEC 19770-1:2017 information technology, IT asset management. Annex C characteristics
of IT assets, subsection nature of software, references the complexity of software assets including
SaaS, PaaS and IaaS services accessed or used from additional instances or locations. ISO/IEC
19770-5:2015 (3.2) defines an asset as “item, thing or entity that has potential or actual value to an
organization.”

2 On average, Gartner receives more than 100,000 inquiries per year from end-user clients over all
markets. Gartner audit inquiries between June 2017 and May 2018 changed from the same period
two years prior as follows: IBM down 21%, Microsoft down 49%, Oracle up 10%, SAP up 34% and
Adobe down 24%. The total of software vendor audit inquiry for all software publishers dropped by
6% over the two-year period.

3Representative cost difference, as both core quantities and RAM requirements are reduced — for
example, Azure Windows VM D class pay as you go (PAYG) with 400GB storage reduced from 16
cores and 64GB RAM @ £1.246 per hour to 8 cores and 28GB RAM to £0.751 per hour. Deltas will
vary with specification change.

4 Microsoft
Azure incorporates Cloudyn, AWS Cost Management capabilities, VMware acquires
CloudHealth Technologies

Page 12 of 14 Gartner, Inc. | G00366656


5 “Shelfware as a Service: Paying for Unused SaaS Subscriptions” introduced the problem of SaaS
inflexibility in detail.

6 “Get the RightScale State of the Cloud Report,” page 23, Cloud Users Underestimate Wasted
Spend (self-estimated wasted spend 30% [997 respondents] plus additional wasted spend
measured by RightScale, 5%). Zylo State of Software Management in the Cloud, showed SaaS
licenses purchased inactive in total at 37%, of which 25% were provisioned and inactive, and 12%
were not provisioned.

7 See the License Compliance section (13) of Adobe General Terms.

Gartner, Inc. | G00366656 Page 13 of 14


GARTNER HEADQUARTERS

Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096

Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM

For a complete list of worldwide locations,


visit http://www.gartner.com/technology/about.jsp

© 2018 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This
publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of
Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication
has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of
such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice
and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy.
Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research
organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and
Objectivity."

Page 14 of 14 Gartner, Inc. | G00366656

You might also like