C Gart63
C Gart63
C Gart63
Digital initiatives are fueling cloud service adoption, making their metering,
management and optimization an inescapable need. Sourcing, procurement
and vendor management leaders should include cloud services within the
scope of SAM to eliminate wasteful consumption and minimize
noncompliance.
Impacts
■ Dramatic growth in cloud adoption requires modernization of the SAM discipline, demanding
governance, transparency of consumption and license compliance across all environments.
■ Toxic consumption of provisioned yet inactive IaaS, and PaaS plus shelfware as a service,
ensuing from SaaS licenses assigned but unused, has become increasingly costly.
■ Software publishers who switched to SaaS have grown revenue per user and reduced audit
activity. This paradigm shift triggers SAM’s primary focus for SaaS to become managing
consumption.
Recommendations
To mature the IT asset management discipline, SPVM leaders responsible for maturing the SAM
discipline should:
■ Expand the scope of SAM and prioritize their organization’s SAM focus on metering cloud
services as a critical function to ensure completeness of governance and eliminate unnecessary
costs.
■ Implement and drive adherence to processes for metering and harvesting of unused software
and cloud services to eliminate unnecessary or costly toxic consumption and shelfware.
■ Demand self-service and granular active usage reporting from the SaaS provider or their SAM
tool vendor before committing to any cloud contract to provide the data necessary for effective
cost management and containment.
Analysis
Software asset management (SAM) has been refashioned by the demands of the cloud. Cloud
services, incorporating applications, middleware, operating systems, virtual machines and
infrastructure, deliver significant value to the organization and its customers, thus representing high-
1
value business assets that necessitate management. IT sourcing, procurement and vendor
management (SPVM) leaders and budget holders must now recognize SAM as a key cost reduction
and governance mechanism by managing the consumption of as-a-service offerings.
In the context of cloud services, SAM as a discipline has expanded. What was once a best practice
driven by compliance with usage rights dictated by software publishers, now encompasses critical
mechanisms that measure and manage cloud services. Dramatic cloud usage growth, and
corresponding expenditure, means budget holders cannot afford to overlook the need to manage
services. Figure 1 shows how SAM must address the extensive range of digitally influenced
platforms, devices and environments.
As the organization becomes dependent on cloud services, mature and effective SAM capabilities
also become necessary to measure utilization, rightsize commitments, contain costs and govern
risk. As cloud expenditure continues to grow, risks and impacts associated with cloud contracting
expand. Acting as a contributor to the cloud center of excellence (CCOE), the SAM function has a
key role in reducing waste, providing transparency and identifying irregularities.
Governance within the SAM discipline provides insight into security vulnerabilities and license
compliance risks. License compliance risk may be reduced with cloud adoption; however, two key
risks remain:
■ Unique usage rights applicable where licenses are ported for use with a platform as a service
(PaaS) or infrastructure as a service (IaaS) provider
■ Access restrictions, such as indirect access, hybrid constraints and device quantity limits
Increasing cloud service dependency combined with providers’ cloud revenue growth (see “Adobe
Reports Record Revenue”) point to potential cost risks. These are clear signals that SPVM leaders
require a solution to manage cloud service consumption, commitments and costs. IT SPVM leaders
responsible for SAM who recognize cloud services will increase cost risks, adding to the demands
on the SAM discipline, will evolve their SAM functions and be best-placed to address emerging
requirements. Figure 2 highlights the impacts of digital initiatives and the top recommendations for
SPVM leaders.
Figure 2. Impacts and Top Recommendations for Sourcing, Procurement and Vendor Management Leaders
To realize these benefits and desired outcomes, robust governance and transparency of
consumption are required to effectively manage the range of cloud service providers utilized and
eliminate unnecessary risk of cost overruns, license noncompliance and security vulnerabilities.
Concurrent with metering usage of on-premises IT services, software asset managers now face the
rapidly growing challenge of managing the consumption of multiple cloud services. Software asset
managers should evaluate the requirements of managing cloud services and any existing
capabilities in a CCOE, and seek to adapt the mandate for SAM within the IT asset management
(ITAM) charter (see “Toolkit: ITAM Mission Statement and Charter”).
PaaS and IaaS are being employed as the basis of digital initiatives. By adapting and expanding the
scope of SAM, and investing in appropriate controls, cloud services will be more effectively
exploited, allowing them to be adopted with confidence that cost overruns will be minimized.
Successfully minimizing expenditures, rightsizing and managing risk require mature processes,
capable tools and resources with assigned responsibility.
By incorporating cloud services within metering processes, SAM functions can address several
issues:
■ Underutilization of CPU and memory in virtual machines can be identified, and the relevant
3
instances rightsized and reprovisioned, with cost per hour trimmed by 40%, for example.
■ Instances and services running with no continuing requirement can be deprovisioned and
services “switched off” accordingly.
■ Assigned SaaS licenses with no usage can be archived or reassigned, eliminating growth of
unnecessary subscriptions and associated costs.
Similarly, incorporation of cloud services within the SAM discipline will enable proactive assessment
and management of compliance with bring your own license (BYOL) metrics, limits and use rights.
Rights to use existing perpetual licenses in public cloud environments are regularly available, yet will
require detailed assessment to establish limitations or additional license requirements. By
proactively assessing the parameters that apply to a BYOL scenario, assumptions or mislaid
expectations can be addressed, options navigated and cost overruns mitigated.
Cloud service adopters without usage data risk cost increases due to far greater usage than
anticipated. Cloud economics tend to deliver large and small rates of adoption at similar prices;
therefore, greater rates of adoption and consumption will unlikely translate to dramatically lower unit
prices. Accordingly, a key route to leveraging benefits of cloud economics will be to manage out
unnecessary overprovisioning, with a dependency on quality usage data to identify targets for
optimization, rightsizing and retirement.
4
Cloud services may incorporate metering tools. Any absence of usage data from providers and/or a
desire for independent data sources mean an alternative source of usage data is needed. Those
with immature or no SAM capabilities risk having limited visibility and, with that, diminished ability to
support stakeholders responsible for the management, budget and security of systems and
business information.
SAM tools must cater to the demand for monitoring cloud services, especially the extraction of
functional and quantitative usage data (see “Critical Capabilities for Software Asset Management
Tools” and “Comparing Tools to Track Spend and Control Costs in the Public Cloud”).
Thus, the SAM function must be appropriately resourced, enabled by processes developed to
deliver effective management. SAM resources’ responsibilities will include interaction with business
stakeholders to facilitate options analysis, investigation of anomalies and subsequent resolution. In
the absence of adequate resources, augmentation may be possible through third-party delivery of
SAM services (see “Market Guide for Software Asset Management Managed Service Providers”).
Many software asset managers will have addressed virtual server sprawl and its impacts in the data
center, and now be called upon to extend those capabilities to cloud services. Unlike the virtual on-
premises data center, any cloud instance carries a cost for the time which it exists, thus a more
direct and immediate cost of sprawl applies.
Crucially, the SAM function must ensure complex terms and use rights applicable to BYOL options
are evaluated. Limitations to license rights must be considered and re-evaluated, and implications
understood — with potentially significant costs applicable in case of any misjudgment. For example,
the Oracle Core Factor Table will not apply when used in a BYOL scenario beyond Oracle Cloud,
while Azure Hybrid Benefit for Windows Server applies only to use in Azure. In these and other
cases, the SAM function plays a key role ensuring limitations are understood and assessed prior to
adoption or migration.
Recommendations
Provisioned Yet Inactive IaaS, PaaS and SaaS Licenses Assigned but Unused Have
Become Increasingly Costly
Although it is optimal to match subscriptions to requirements, underutilization and overdeployment
5
are widespread, contributing to cost overruns. Both toxic consumption and shelfware create a
drain on budgets that, once incurred, cannot be recovered. Where excessive and unproductive, they
will erode the benefits and business case of cloud service adoption and jeopardize further initiatives.
Toxic consumption of PaaS and IaaS may occur where services continue to run incurring waste and
unbudgeted costs. Examples include:
■ Services created without validated use cases that remain unused or underutilized
■ Valid services that are underutilized and should be scaled down to a more appropriate tier
■ Services exploited for a useful term, but which remain running without any delivered value
SAM-monitoring processes that focus on cloud usage will facilitate rightsizing of PaaS and IaaS
instances, while better aligning SaaS subscriptions to requirements as the organization and roles
evolve. Core processes that must be in place to effectively control cloud computing costs include:
■ Provisioning: A process that governs access to cloud applications to control subscriptions and
protect access to potentially sensitive data.
■ Deprovisioning: The process of removing access to a cloud service to limit access to
applications at an individual level or retiring the cloud service across the organization.
■ Metering: The process of monitoring consumption of cloud services and usage of applications
to identify targets for optimization including rightsizing instances or harvesting licenses.
■ Planning: A process that allows the organization to forecast its technology needs and leverages
the data that was captured through metering processes to optimize usage.
■ Harvesting: A process of recovering unused licenses typically following the deprovisioning of
software. This action is an important form of cost avoidance, as the recovered, unused license
can be made available to fulfill new requests instead of obtaining additional licenses.
The role SAM plays is vital in advance of adoption. SAM data is critical to providing a platform for
accurately forecasting future requirements and the resulting costs. Reliable metering and data
capture must be used to understand the existing environment, establishing quantitative and
functional requirements as an integral part of the adoption planning process. The use of SAM data
in this fashion should be incorporated into the organization’s overall cloud policy (see “An Overview
of Enterprise Cloud Strategy Approaches and a Pragmatic Template for Setting Your Cloud Use
Policy”).
Cloud-service-centric SAM tool functionality and dedicated cloud metering tools include
increasingly sophisticated data analysis and reporting. However, effective use of analytics depends
on asset life cycle management processes, interpretation of the data and executing the actions it
informs. For example, by implementing effective provisioning and metering processes, SAM can
align the functionality of an application to appropriate use cases, which reduces the likelihood of
inflated costs.
Following service provisioning, SAM data should be used to identify teams and divisions that are
not making cost-effective use of the adopted service. SAM can act as a mechanism to identify
unused or underutilized services and features, thus enabling actions to drive active use and extract
value.
As cloud services proliferate across organizations, provisioning and deprovisioning processes must
be updated to include the management of access to third-party services (see “IT Asset
Management Best Practice: Improve Personnel Change Procedures to Protect Company Assets
When People Move or Leave”). For example, although many organizations have defined processes
for archiving data and closing internally provided accounts, these processes may be poorly
coordinated for SaaS applications.
Recommendations
Software Publishers’ SaaS Revenue Growth and Reduced Audit Activity Prompts a
Shift in SAM Focus to Managing Consumption
As organizations adopt SaaS, SPVM leaders may be tempted to conclude the SAM function, control
and usage data is of less value. After all, if applications are self-policing, why manage licenses?
Stakeholders throughout the organization will welcome a reduction in audit activity. However, it is
prudent to consider any reduction in audit activity an indication of the extent to which SaaS is
facilitating revenue growth. The repetitive nature of subscription payments and typically higher cost
than equivalent on-premises maintenance make revenue recovery through audit activities a lower
priority for publishers. The same paradigm compels usage monitoring and rightsizing as critical
focuses of SAM.
SaaS provider price increases will be a function of the characteristics of SaaS markets, and may be
most dramatic in monopolistic scenarios. Where the SaaS provider holds dominant market share,
few alternatives are available or switching costs is excessive (see Figure 3). The provider will be able
to engineer price and offering changes to its advantage to accelerate revenue growth.
Created from “Competitive Strategy: Techniques for Analyzing Industries and Competitors,” by Michael E. Porter.
Software publishers converting to SaaS often use management or administration portals to allocate
licenses or provision users. In some cases, usage reporting is either absent or insufficient to provide
granular visibility into which end users are using which components.
Capacity to rightsize in this fashion may be limited in some scenarios. Some examples are when the
license metric is based on the total employee base, transaction quantity or revenue, or price
protection language being conditional on renewing at least the original quantities. Despite
contractual limitations, SAM will remain key to addressing growth in quantities, harvesting licenses
assigned to departed or inactive users, and limiting license assignment to genuine requirements.
We caution against interpreting the reduction in audit activity as meaning that SAM is no longer
required when using SaaS — that is not the case. SAM’s primary focus in the context of SaaS must
switch from a practice of managing conventional license compliance to measuring and managing
the consumption of provisioned services and functions. Managing compliance with limitations to
usage of SaaS will still be required. This is potentially best known in the context of indirect access
(see “SAP Clarifies Indirect Access Licensing, but Costs May Increase and Risks Remain”). Other
potential compliance risks apply where overprovisioning may occur such as tenant-wide features
being activated without licenses for all provisioned users or in the case of limitations to devices per
licensed user.
Should your organization be subject to an audit and cloud settlement concession, and your
organization has no short-to-midterm plans to migrate to the relevant cloud service, be aware of the
risk of shelfware (see “Take Charge of Your Oracle Software Audit With Gartner’s Proactive Audit
Approach”).
■ Support the business case for SAM resources, services and tools with the requirement to offset
material risks of escalating SaaS costs.
■ Demand self-service and granular active usage reporting from the SaaS provider or SAM tool
vendor before committing to any contract.
■ Mature SAM capability so resources can be focused on proactive cost management for both
on-premises applications and SaaS assets.
“Comparing Tools to Track Spend and Control Costs in the Public Cloud”
Evidence
1See ISO/IEC 19770-1:2017 information technology, IT asset management. Annex C characteristics
of IT assets, subsection nature of software, references the complexity of software assets including
SaaS, PaaS and IaaS services accessed or used from additional instances or locations. ISO/IEC
19770-5:2015 (3.2) defines an asset as “item, thing or entity that has potential or actual value to an
organization.”
2 On average, Gartner receives more than 100,000 inquiries per year from end-user clients over all
markets. Gartner audit inquiries between June 2017 and May 2018 changed from the same period
two years prior as follows: IBM down 21%, Microsoft down 49%, Oracle up 10%, SAP up 34% and
Adobe down 24%. The total of software vendor audit inquiry for all software publishers dropped by
6% over the two-year period.
3Representative cost difference, as both core quantities and RAM requirements are reduced — for
example, Azure Windows VM D class pay as you go (PAYG) with 400GB storage reduced from 16
cores and 64GB RAM @ £1.246 per hour to 8 cores and 28GB RAM to £0.751 per hour. Deltas will
vary with specification change.
4 Microsoft
Azure incorporates Cloudyn, AWS Cost Management capabilities, VMware acquires
CloudHealth Technologies
6 “Get the RightScale State of the Cloud Report,” page 23, Cloud Users Underestimate Wasted
Spend (self-estimated wasted spend 30% [997 respondents] plus additional wasted spend
measured by RightScale, 5%). Zylo State of Software Management in the Cloud, showed SaaS
licenses purchased inactive in total at 37%, of which 25% were provisioned and inactive, and 12%
were not provisioned.
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096
Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM
© 2018 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This
publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of
Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication
has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of
such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice
and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy.
Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research
organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and
Objectivity."