Managing Quest Software Licenses
Quest Software has an aggressive compliance program. Properly managing your Quest Software licenses will save your organization millions of dollars in cost savings and audit findings.
The keys to successfully managing Quest licenses are mastering contractual governance, keeping an efficient and robust document repository, maintaining a strong working relationship between product and application owners, effectively monitoring consumption and demand, counting licenses periodically and accurately, and proactively managing your technical environment.
Quest Software Audits
Quest Software, while not a high priority software publisher to most of its customer base, offers a vast range of products that underpin productivity and efficiency. However, with such a broad spectrum of products and licensing metrics comes significant complexity and risk. Coupled with that, Quest is one of the more aggressive publishers when it comes to software compliance and is currently holding a place in Anglepoint Tier 1 Compliance Publisher Listing.
Quest Software looks to their compliance program as a key revenue generator, rather than an education and IP protection initiative. Members of the Quest compliance team are incentivized by audit results, and therefore operate in a manner that is all too often focused on the dollars and far less on the customer relationship.
When you marry this approach from the publisher with a general shortfall in licensing expertise that is prevalent within most licensee organizations, it can and often does lead to very expensive audit settlements and a huge cost in terms of man-hours to coordinate and manage an audit from start to finish.
Common Challenges & Risk Factors of a Quest Software Audit:
– License metric variations and understanding consumption
– Pirated License Keys (Compliance & Security Risks inherent)
– Server & virtual environments
– Limited expertise on licensee teams to understand and manage the product portfolio
– Significant resource efforts required to manage an audit
– Limited awareness of entitlements and ambiguous contractual terms
– Decentralized environments & procurement procedures
– Aggressive and punitive compliance program
The 6 Pillars of Quest Software License Management
It is critical that organizations are proactive when it comes to managing their Quest software licenses. If your organization has not gone through a Quest audit in the last 2-3 years, it is highly likely that you will soon be audited. Taking the following steps will help your organization prepare for a Quest audit.
If you have recently gone through a Quest audit, then following these steps will ensure that the next one runs as smoothly as possible.
Contractual Governance | 14:27 – 24:40
As with most software, governing terms are the cornerstone of management and coordination. Over the years, Quest licensing terms have changed, and they change regularly. When facing a Quest audit, the compliance team may prefer to rely on the current terms and conditions even though licenses purchased under transactional agreements are governed by the terms of the year and month they were purchased. This is just one reason why it’s critical to know your usage terms and conditions.
Additionally, if your organization needed to access key documentation, how quickly could you get it, and would it be complete? We find that this is a challenge for many organizations today.
Points covered, in detail, in the webinar:
– Document Access
– TPA/STA Purchases
– Know your usage terms
– Product Owners
– M&A Impacts
– Manage Change
Document Repository | 24:41 – 31:25
The ability to have intelligent documentation cataloging is greatly lacking in organizations today. The limitation in coordination and structure of how information is maintained cannot be underestimated. Having robust systems and structure around your organization’s document repository is crucial in being able to face an audit efficiently – be that Quest or any other publisher.
Points covered in the webinar:
– Intelligent Cataloguing
– Source of Truth
Product & Application Owners | 31:26 – 35:50
Working across an organization is where ITAM/SAM can have the most significant impact. A Quest audit impacts so many different teams and lines of business within an organization, creating a strong working relationship between product and application owners is crucial to succeeding with Quest Software license management.
– Control the Publisher Interaction
– Accountable & In Control
Monitor Consumption & Demand | 35:51 – 43:15
Tracking software downloads is a common problem for organizations that deploy Quest products.
Details that are covered in the webinar:
– Download Management & Monitoring
– Decentralized Environments
– Contractual Obligations
Count Periodically & Accurately | 43:16 – 54:10
While Quest is probably not a major software publisher for your organization, it does have an aggressive audit program. That is why it is so important to be proactive. You don’t want the first time that you evaluate your Quest software footprint to be when one of its auditors comes knocking. And if you have been audited recently, don’t let things slip – stay prepared.
Points covered in the webinar:
– Internal Health Check
– SAM Tool Governance
– Licensing Metrics
– License Keys
– Server Installs
Manage Proactively | 54:11 – 58:35
Managing your technical environment and software footprint is another key pillar to managing your Quest software portfolio.
Points covered in the webinar:
– Active Directory Maintenance
– Managing the Product Portfolio
– Duplicate Products
Anglepoint Experts Can Help Manage Quest Software Licenses
Anglepoint’s Quest licensing practice group are staffed with ex-Quest compliance experts, who know the Quest compliance program, understand the methodology & technical practices as well as having in-depth awareness of Quest’s commercial strategies. We are here to help your organization enter any engagement with the publisher with confidence and the knowledge that your organization is supported by experts who have operated on behalf of the publisher.
If Quest or any other software publisher is engaging your organization with a Compliance or License Review, contact Anglepoint and talk to our Core or Specialty License Practice Leaders to get the support you need to streamline your efforts and know that you are in safe hands.
Alex Benson: Thanks for joining us today for today’s webinar. I’m your host, Alex Benson. And before we start the presentation, there are a few housekeeping items I would like to go over first. This blog is being, or this webinar is being recorded and will be distributed after the webinar and a follow up email.
And you can expect that either tomorrow or the next. Lastly, if you have any questions, feel free to type them into the Q&A box at the bottom of your screen, or you can reach out to one of us directly. Again, thanks for joining us, and without further ado, I’ll hand it over to Sarah to get things started.
Sarah Marriott: Hi everyone, and welcome to our webinar on the six pillars to manage your Quest software. I’m excited to see so many of you join us for what will be a practical and informative session. Okay, so in terms of our agenda I’m going to give a brief introduction to Anglepoint and to the team. We will then go through a history of Quest and then we’ll go into the six pillars in in a lot of detail before opening for question and answers.
And as Alex just said, if any questions come up during the presentation, please just pop them in the chat and then we will go through them together at the end. So, in terms of an introduction, here we go. We have two presenters today, Alyssa and Dean and of course me. So, Alyssa, would you like to introduce yourself?
Alyssa Kornmann: Yeah, thank you, Sarah. Hi, everybody. My name is Alyssa Kornmann, and I am a senior consultant at Anglepoint. Prior to joining Anglepoint, I spent a little over two years at Quest conducting audits. And prior to that, I spent about three years at KPMG primarily conducting Microsoft’s flaw audits. I’m glad to have left the dark side and enjoy getting to help clients instead of auditing them.
Sarah Marriott: Thanks, Alyssa. We’re glad you’ve moved over to the bright side as well. Dean.
Dean Russell: Thanks, Sarah. Hello, everybody. My name is Dean Russell, and I’m a director with Anglepoint, based in Europe, and I’ve been working with the team for almost two years. Prior to Anglepoint, I’ve spent probably the last 20 years within the IT sector in a few sorts of program and leadership roles for the likes of VMware, Quest, and Dell.
In terms of Quest, and the reason I’m on the webinar is that I was brought into Quest back in 2010, 2011, to develop and run the Quest Compliance Program based on some past experiences in the licensing and compliance space. And I run, I ran the global compliance program for Quest and Dell for several years and have a unique understanding of how the operation is run in terms of customer facing, as well as behind the scenes operation and commercially, and similar to Alyssa I’m probably glad to say I turned a corner and now share my time and expertise with end user organizations to support their quest portfolios and how organizations can make the most from that investment and really to help clients coordinate and manage any sort of publisher audit activity and preparations they want to make.
Sarah Marriott: And a little bit about myself. I am Sarah Marriott, and I am the specialty licensing manager looking after the practice at Anglepoint. I’ve worked in the IT industry for more than nine years across lots of different functions including in finance, procurement, sales operations and in technology departments.
So basically, purchasing, budgeting, consuming, and creating software in various industries. And of course, working in SAM as well. So, my responsibility here at Anglepoint is leading our specialty licensing practice, which includes our non-core vendors, including VMware, Micro Focus, DeSalt and of course, Quest.
So, a little bit more around our specialty licensing practice. Here we go. We have a global team of subject matter experts who have experience across more than 85 different publishers, as you can see here. And while we find in many organizations, they have internal teams familiar with the core publishers being IBM, Microsoft, SAP, and Oracle, other software vendors can be more technical and are a bit different requiring a different knowledge set to effectively manage your usage. And we find a lot of these specialty licensing software is also business critical. So, if we take to salt and Autodesk, for example engineering companies need these applications to be running smoothly for them to function.
My team understand the intricacies of these different vendors, and we work closely with our clients to deliver actionable insights. And given some companies can have more than 200 different vendors on their books, we can also support in prioritizing these. So, you get your best return on investment.
So, some of the unique challenges that we find with specialty publishers is particularly in a post COVID world we’re finding a lot of these are aggressively auditing and increasingly so that they can backfill some lost revenue which can be incredibly difficult to manage without that specific, expertise.
Another challenge that we have is many centrals. Don’t have the full coverage that we can rely on for some other publishers. And so, to effectively manage them, it means going to the manual data collection approaches to make sure that you have that complete coverage of your environment. We also know that, unfortunately, sometimes some people access cracked software and so we support security teams as well just to make sure that the best practice controls are in place and so that you’re protecting your environment so that only authorized software is used.
In terms of our leadership, we pride ourselves on our processes to measure. Accurately entitlement, deployment, and consumption. We want to make sure that we’re giving you the complete picture of your environment so you can rely on that for business-critical decisions. We also have an elevate delivery platform that we use for automation and data collection.
The manual collection methods that I mentioned before, including some scripts and proprietary tools. And we are quite proud of the fact that we do have that experience across the 85 different publishers. So, in terms of a bit more broadly, who is Anglepoint? We’ve evolved from Big four managing directors who wanted to create something a bit different when it comes to ITAM managed services.
And so, they have brought together specialist consultants ex auditors’ people who’ve worked at different corporate vendors and within global SAM teams to create a number of practice groups have really embedded us in it, in with our clients to identify. Cost savings, optimization, and risk mitigation.
We’ve really invested in our people. And we have several people working on the global ISO standards, really providing that thought leadership which helps us make recommendations so our clients can plan and deliver to act with confidence. And it’s this level of expertise, which is why we were able to work with some of the largest and most complex organizations across the world.
So apart from specialty licensing, some of our other practice groups include ITAM program design and strategy, same tooling, we have the core group of course, and audit support as well. So, we’ve created this full-service premium offering where we support our clients ITAM. One of the things we take more seriously is our ability to build relationships within organization not just working with the internal SAM teams, but also the technical teams, product owners and users and senior leadership so that we’re working as a partnership with our clients so that people can’t distinguish between the internal Sam team and angle point.
Now something else that’s happened recently is we were named a later in the Gartner Magic Quadrant, the first report for SAM managed services Gartner assessed. Us in the critical capabilities report and we’re identified as a visionary in our complete list of vision and a leader in our ability to execute on that vision.
So, we can see here, we’re in the pointy corner of the graph. Which is super exciting and, is a testament to the investment that we’ve made in our team and the great work that we’ve done with our clients which we are, looking forward to continuing to show that growth when the next report is released next year.
If you would like any more information about the Gartner report or would like a copy, just let us know and we can share that with you. Okay, over to you, Dean.
Dean Russell: Thanks, Sarah. Okay. The history of Quest. I’m not going to try and bore everybody with this slide or spend a huge amount of time on it, to be fair.
But what I did want to do is give everyone some perspective on where Quest came from and why I suppose in the current climate to some of the things Sarah just mentioned, Quest is really considered by many as a priority publisher in terms of risk management and risk mitigation. Quest has been a force within the industry for over 30 years, and despite humble beginnings it was back around 2010 that it broke into the billion-dollar revenue category, which back in the day, put it into a unique club being one of only 25 or 30 or so software publishers at the time that generated those revenues over a billion dollars.
When we go through and we hit 2012, that was another big year for Quest, as it was acquired by Dell, and that really significantly changed, the approach and the parameters under which it operated as a company, and where Quest was really used as the foundation stone for what was provisionally Dell’s 5 billion software division, and over a number of years, That sort of relationship and that sort of infrastructure certainly had its challenges, but it also introduced a lot of sort of other changes and opportunities request.
However, that approach and that sort of methodology for Quest changed fundamentally at the end of 2016 and starting 2017 when the Quest business was sold off by Dell as it was restructuring itself as it looked to take over EMC. And essentially, at the back end of 2016, Quest was acquired by a venture capital company.
The executive leadership team was swapped out and was replaced with what was a significant proportion of new executive staff coming predominantly from Attachmate. And that group brought with them a very extensive history regarding compliance and auditing. I’m sure many people on this call may have had the pleasure of being.
I suppose going through and being on the opposite side of an attachment compliance audit. But they had a reputation in the industry and a specific approach to compliance. And that approach was pretty much instituted at Quest from 2017 onwards. I suppose since then there’s been other changes.
Obviously, this year there’s been a new executive leadership installed with Quest, but they still retain a strong reliance on compliance revenues to support their business model and they continue to push an assertive and aggressive compliance program. Which obviously everybody needs to be aware of.
So that’s enough said about the history. We’ll move on. I suppose we really want to focus on the main event. So, Alyssa and I are going to provide a sort of high-level walkthrough of the approach typically taken by Anglepoint in supporting our customers coordination of their software portfolio.
Again, different customers have a slightly different sort of insights and tweaks to this. But realistically, I think this sort of frames up how we look to work with our clients. So without further preamble we’ll work through the next series of slides, which I hope will prompt some Q and A at the end of the webinar, and maybe allow us to dig a little deeper into where people on this audience may have some issues or concerns with And as a pointer, based on comments highlighted, If you do have any questions as we go through the next sort of series of slides, please drop those into a chat and Alex will coordinate those so we can look over them during the Q&A session, which hopefully will be the last sort of 10-15 minutes of the webinar.
Let’s go into the contractual governance slide. As with most things software governing terms are really the sort of cornerstone of management and coordination. And so, one of the core challenges for most organizations is maintaining access to those documents and the materials for pretty much any publisher.
And probably whilst technology is starting to play a significant part in this area, the importance of procedures and standard practices and the people that you know, operate that can’t be underestimated to ensure you have an effective process that’s robust and that you can rely on having that audit trail of content.
I suppose the why its important factor is that having access to all that documentation and communication content between your organization and the publisher is typically key to aligning a number of sort of factors, but key to those are really Considerations that are due between parties, and it provides that framework of how transactions and other business obligations are going to be interpreted.
I suppose, looking back in the past, in my experience, I found many organizations tended to have a reliance on tenured staff. especially around quest regarding that history with the publisher. Staff do move on and there’s knowledge is often lost when that happens. It’s crucial to have that sort of process and protocol in place to retain as much of that information as possible.
I’ll spend a couple of minutes on documentation a little bit later in the deck. But I suppose the key question I want to pose to this audience is really for you to ask yourselves if your organization needed to access key publisher documentation. How quickly could you get your hands on that material, and would it be complete?
Switching over to TPA and STA Quest probably sold more products transactionally than it ever did through its master or framework agreements over the years. And these transactions, these sort of EULA terms were very specific to the period when they were sold. Historically, they were called TPAs, or They’re referred to as transactional product agreements.
And I should say by EULA terms, I mean end user license agreement. Nowadays for Quest, it’s called STA or the software transaction agreement. But going back over time, those purchases, those specific end user licensing terms become very impactful as they change on a regular basis. And by that, in some cases they would be changed a couple of times a year, in some cases at least once every year.
And licenses purchased under those transactional arrangements are governed by the terms of that particular year and month when it was transacted, which most certainly is going to be very different from the Ts and Cs that govern Quest products today under the current STA terms.
And you’ve got to think about it this way. It’s the current Ts&Cs that a Quest compliance team would prefer to rely on when and if they knock on your door to audit your company. I’ve highlighted the sort of next sort of bullet is know your terms, know your usage terms and obligations. Probably the most important highlight on this slide across all the bullets.
It’s relevant to every publisher that you work with is really to know inside and out what your organization’s responsibilities and obligations are in terms of utilizing and managing the publisher’s software. and that license grant that is being shared with your company, whether that’s on premise or cloud subscription-based licensing publish is only really providing your organization with the right to use their intellectual property.
In the case or in the situation where your organization should misstep, ignorance is typically not deemed to be a great excuse in terms of contract law, and it’s not really going to hold you in good stead if your company is caught breaching a publisher’s software agreement. So, whether it’s geographical restrictions, technical factors, or any other issue, to be fair, that’s relevant to that publishers, you look, you want to have the confidence that the people supporting the quest products and the portfolio that you’re operating know these elements in fine detail and that process and management oversight are really aligned to mitigate those risks moving forward.
Product owners is something I’m also going to touch on a little bit later in the deck, but again, because of the alignment between product owners and governance is really so important. I did want to put a little sort of comment here on this particular slide. And whether your company and organization have procurement, vendor managers, IT category managers, IT product and app owners or not, they may have a combination of some, or in some cases they may not have any.
Either way. It can’t be underestimated as to the value of having that deep subject matter expertise within your organization, supporting that particular publisher. And obviously today we’re talking quest, but that’s the same pretty much for any publisher. These experts are really going to drive the day to day operational use of the software solutions and to coordinate and manage the publisher relationship.
It’s those individuals that really know the publisher and the technologies that will act as the safety mechanism that’s really protecting your company in terms of mitigating those risks, but also maximizing the value you’re receiving from your budget dollars. And I suppose as subject matter experts, they’re going to play a key role in how your company looks to plan and strategize for the future.
Technology doesn’t stand still. Technology changes. And so too, to that end is how organizations engage with the subject publisher. And again, that’s probably something we’ll get into a little bit later. I couldn’t really look at contractual governance and not really think about M&A and the impact that has.
It’s an element that is commonly overlooked. Maybe I probably better say that maybe it’s a little bit underestimated. As M and A’s can really play a significant part of introducing risk to a business. M&A typically constitute a compliance fag. But pretty much any software publisher.
And that’s going to increase the risk of an audit. So that’s always a factor to consider for the organization. And obviously being prepared when taking on or divesting a company. The challenges that come from integration the contractual obligations that align to M& A and things like licensing sprawl and a host of other elements that go on are either forgotten, ignored, or pushed to the back burner as other things take priority.
But it’s those things that can really come back to bite when the software publisher comes knocking on the door, highlighting that compliance or contractual terms of not being appropriately addressed and managed. And typically, while in most cases, lawyers who are supporting the m and a transaction will put warranties in place in the legal paper to overcome some of those information gaps or lack or issues with due diligence.
The pain of dealing with the publisher compliance or commercial teams is going to fall on others. And that can have pretty serious consequences. Making sure that you have that expertise and the support to coordinate the M& A phase and to manage that sort of software asset management concern. It can’t be underestimated.
In the bigger scheme of things, I suppose software charges can appear immaterial to the billions of dollars that are changing hands when buying and selling big business, but If you go and ask the CIO or the procurement team of an impact on a six or a seven, or even an eight digit compliance issue arising off the back of an m and a or the IT group managing multiple audit requests, it’s not an insignificant burden that these teams have to face.
And they’ll be facing it far earlier than anything that’s going to come from legal warranties that may be in place. So, I suppose if in any doubt especially around m and a, reaching out to an expert consulting firm who support these issues is definitely something to be considered in what is really becoming an increasingly more relevant activity year over year as more consolidations happen across industries and where software is becoming a much more central tenant to every organization’s everyday business use and need.
Which is probably a good segue. In terms of the next topic, which is managing change. And again, it’s framed within contractual governance. So, changes is a constant in business, and certainly in the world of IT and software, the speed of that changes is pretty rapid and comes with significant consequences to the business world if and when things go wrong, and businesses need to be adaptive to change in whatever form it comes, and we probably see that most readily That’s what’s happened this year.
As your business changes, which it will ensuring that you have the right people in place to help evaluate the technology and the corresponding contract needs. It’s certainly going to enable your organization to be proactive for both its short and medium term, but also its long-term strategies for publishers.
Be that quest or any other publisher for that matter and whether it comes from M& A market forces as we see today, technology product review boards that you may be looking to follow. Managing change is always going to require that organizations evaluate and re-evaluate and potentially realign their contractual governance and the terms that suit hence we made contractual governance the first pillar we wanted to cover today.
So, I’m going to slip on to the next slide. Which is really focused on document repositories, which in some cases isn’t a forgotten element, but it’s certainly something I wanted to spend some time on. I’m not going to spend a huge amount of time on it to say that, but in my experience, working across companies both within the compliance space companies that I’ve worked at and as I’ve worked in consulting now for the last few years, the ability to have intelligent documentation and cataloging is pretty much lacking. And that sort of limitation of coordination and structure of how information is maintained for software publishers. But typically, beyond software publishers cannot be underestimated.
Having some level of intelligence, subject cataloging is really going to help simplify administration in the recovery of data and the information around contracts and a host of other things. And as we referred to on the previous slide, it really means that you’ve got to evaluate how your company will respond to a critical event or an executive pressure or Any of the sort of outside influence.
Could your organization pull data in a matter of hours? Or is it something that’s take days or weeks? And ultimately, it all comes down to whether that information is complete and offers that full audit trail to support the interest being followed. So again, it’s not something to be underestimated.
The value of having that intelligence and that capability. Thank you. Often for me is how I determine how complex it is going to be working with typical customers. So in terms of coverage, it’s probably an important one with Quest. With the likes of Quest as a publisher, the ability to access all that old historic documentation is really valuable, extremely valuable.
I suppose considering a 30 plus year time frame, it’s unrealistic for us to expect that all of that is there, but the more you have, the better it is. Quest is one of these publishers that embeds additional terms conditions in their procurement documentation, and that can obviously lead to extending options around license metrics, auditing terms particular sales or commercial factors, the list goes on, but all that additional language may well look to supersede any negotiated terms you may have, for instance, but certainly it’s been done in the past to the publisher’s benefit in most cases.
Where you do see Quest or any other publisher looking to embed terms in procurement content and materials, be they quotes or POs or anything else, you should look to push back on that and negotiate on it. You’ve got to remember that the publishers your organization’s money just as much as you may want or need their solutions.
So being able to access that old information as I just referred to with the embedded terms is going to be a pretty critical consideration if your company has to managing and address a compliance event and being able to actually leverage some of those older terms and push back against anything that the compliance team use that’s more current is going to save your organization a huge amount of time, a lot of effort.
And then really was going to mitigate a significant proportion of the risk that becomes associated to the audit. And of course, that saves the money for the company in the long term, be that time taken to manage the audit all the way through to potential settlement considerations, if that becomes a factor with the older framework or master agreements.
I didn’t want to ignore those because obviously we’ve referenced TPA and STAs, which are transactional, but there are enterprise agreements, be they framework or master agreements. Quest typically made most of those evergreens. Which is where the contracts don’t expire until parties tended to terminate them or refresh with a new agreement that specifically cancels out the original contract in favor of the new terms.
Older terms, the older contract terms in themselves are a valuable commodity to you as a sort of custom organization. because those original contract terms typically don’t provide the same kind of leverage to the publisher that would be considered for more recent terms conditions that they apply in today’s and use a license agreement.
And they certainly go a long way to undermining the approach of a compliance function if they must manage multiple or all the historic terms. So, one of the things I would say is don’t be too eager to renegotiate or swap out terms that are less beneficial to you. And while you are working to renegotiate contracts with publishers, whoever they may be, always push to keep terms that are in your favor, or worst case, look to leverage them to negotiate something that your organization is looking to build with that publisher in the future.
Finally, on this slide is source of truth. Which is probably a big statement, but having information sources in one location and easy to search and access is really going to simplify and improve your coordination as an organization around the management of a publisher in pretty much most circumstances, whether that’s frontal transactions, audit or any other sort of factor and going back in terms of what we said earlier about M&A.
Considering M&A the benefits of consolidating contracts and procurement documents for entities that may have been acquired, or potentially to archive those subsidiaries that may have been divested, that’s not to be underestimated either. That audit trail can be critical when it comes to managing publisher engagements and ensuring that you’re looking at SAM practice and optimization and compliance preparation as holistically as possible.
I’m sure most people on this call in one way or another have had challenges when it comes to working with paperwork and content and contracts and entitlements. And it’s only when you really come to understand an organization’s activities with a publisher. In my case, I tend to feel those pains most commonly when trying to coordinate publisher baselines and working with central updates, etcetera.
But without the benefit of that single sort of truth for the publisher, renewals, licensed purchasing, old or disactivates, it can lead to a lot of assumptions, a lot of disclaimers, all of which may, ultimately results in a financial cost or burden to the business. Slipping over into products and application owners is the next slide.
I wanted to put this together because it’s aligning and working across various groups within our clients where we really have most significant impact creating that rapport and that relationship is crucial to how we’ve evolved as a Sam. Practice and supporting of our clients. And it’s really important to ensure that we’re recognized to provide the value, but also, we’re embedded with the different sort of levels of people within the organization.
To have an impact on their day, to make it better, to remove some of the stress and pressures that come from the industry within, however, a lot of organizations may have dedicated or matrix staff members who are responsible for coordinating interactions with. Any particular publisher, or in some cases, many and they offer a really significant value.
Typically, I would see roles such as I. T. cash screen managers or procurement or vendor managers and in the large sort of enterprise organizations, you typically have I. T. app and program and product owners and those sorts of functions work well in enterprise, but they can also work really well in smaller organizations, but on a different scale.
The key really here is having people in the organization that are accountable for the way that Quest products are purchased and deployed, maintained, renewed, and I suppose ultimately decommissioned are essential to the health of the business. One advantage to the approach that your organization can establish is having gatekeepers that Control how the publisher interacts with your organization and can really help you develop the means to mitigate risks from the outset.
And this is one of the areas where Anglepoint really expends a lot of time and effort for many of our clients, helping to build management process and protocols and to implementing those controls that look to level the playing field with publishers. Whether that’s some workshop program, design audit frameworks.
The list goes on. We do a host of this type of work. But all these efforts have really supported a lot of our clients, deriving a huge amount of tangible value from the approach and has significantly improved the readiness of their salmon ITAM programs. If that’s something that’s of interest to anybody, if you want to know more, just drop Alex a note in the message board, and we can maybe provide some additional information and follow up after the webinar if that’s something that has tweaked an interest.
I suppose, ultimately, the aim for organizations of any size, really, across all the bullet headers that we’ve just gone through, is to have that operational and technical capacity married to effective monitoring and control that aligns across the business with their procurement and financial governance.
Product owners typically build the process and the procedures to drive that everyday efficiency for users and really in accordance with the EULA obligations. Whereas it’s the IT procurement and the sort of vendor management sort of focus that really drives that publisher relationship and maintains and understands the publisher technologies.
That aligned to the company’s particular business objectives. While vendor manager may well be working with it to coordinate that consumption forecasting before taking the ownership of negotiation with a publisher, realistically across all of the different sort of holes that may, maybe there, the ultimate test is for both its procurement and the managers it staff to really align that responsibility.
It’s really when those folks are on the hook is when they must handle a publisher compliance team. After the launch of an audit, how we help all these particular role sets is to put structure coordination and assist in managing those sorts of challenges, be it every day operational day to day, or whether it is in respect to managing audits.
Across all of this we work closely with all these team members on a daily and weekly basis, and it’s really to help that client. achieve the level of governance necessary to relieve the pressures and really ultimately enable control of any publisher interaction. So, with that, I’ll stop talking and I will hand over to Alyssa.
Alyssa Kornmann: Thanks Dean. So, the first thing I’m going to touch on here is monitoring consumption and demand. So, during my time as an auditor, I saw companies of many different sizes, really struggling to track software downloads throughout their environments. This seems to be a common problem for companies deploying Quest products specifically.
And really this can have adverse impacts on managing nearly any product. But for the purpose of our discussion today, I’m going to use Quest’s Toad product as an example. When Quest issues your company with a Toad license key, that key can be installed at your discretion an unlimited number of times, even though likely you have not purchased an unlimited number of licenses.
All too often, we’ll see that the license key information is uploaded onto a shared drive somewhere and then left for anyone who needs it to download. Before you know it, the key that you purchased for a total of 60 seats has been deployed over 200 times and getting that situation under control can obviously become an IT nightmare.
This is really a common error that can easily be avoided by just centrally managing the distribution of your license key information in large organizations, while we understand that this might be difficult, it’s really a small step that can be taken to avoid snowballing into a much larger compliance problem.
If you’re struggling with license key monitoring, it’s likely a symptom of a larger control issue. As we heard from Dean earlier, M& A can also have a massive set of consequences here if software purchases and product deployments aren’t properly tracked, documented, and deployed. It’s really a key area where integration and consolidation need to be a focus.
This is a common issue and really a place where things can quite rapidly fall out of control if they aren’t closely monitored.
All in all, this brings us to a broader discussion of download policy and governing your installs. Hopefully most of your companies have an established e policy but even with this type of policy in place it’s not uncommon for companies to have an open download policy. which allows users to download software as they please.
With all policies, really the key is to define what’s acceptable. For instance, having authorized lists in place. And then to have processes in place to really monitor and police the environment. I guess a key takeaway here is that you really need to educate your users and then work with them to understand and ultimately support their needs.
However, when you’re tracking and monitoring user downloads and installations, you must have protocols in place to immediately take steps if any blacklisted titles are found. When looking at your Quest software, it’s key to ask yourself if you are able to track which products are in use and who has downloaded them.
If you are able to manage and monitor which products are being downloaded, You’re going to be able to strategically purchase and build your software portfolio around the products that most benefit your organization. This really all ties back into document control especially in regard to decentralized environments.
Contracts and entitlement data don’t repository, and it can be difficult to piece together the full picture. If you don’t know what you own, how are you going to be able to track consumption and true demand of those licenses? Understanding your entitlement limitations and your contractual obligations is really an absolute necessity when working to accurately interpret and plan for the needs of your users and for your environment as a whole.
Another consideration here. Would your organizations be able to command better discounts, pricing, and maybe even contractual terms if a strategic approach was taken to procurement rather than a piecemeal approach? That’s just some food for thought there.
In regards to contractual obligations with Quest, a topic worthy for discussion as it relates to what we’ve covered so far today is trial and freeware installations. When most people see the words trial and freeware, they assume that this is going to be an unlimited, cost free, and typically some kind of evaluation software.
Trial and freeware installs, while technically free, there are use rights that are going to be governed in your contracts with Quest. Without getting too deep into the technical details here, the high level summary of this is that. Quest’s language allows for trials on a one per any release of software basis, and then freeware is allowed on a five per year basis.
And technically only allowed to be used for 90 days from the date of download. Another key area to mention is that both of these instances are required to be installed in only non production environments that cannot be supporting your production environment in any way. Some older audit terms that Quest has actually allow Quest to launch an audit if they can identify a concern or risk of non compliance.
So one of these things that they can use as a trigger are trial and freeware downloads. And we have seen Quest use this approach as a jumping point to trigger an audit. Continuing here, additionally, in the settlement phase of a review, trial and freeware issues can basically be used by Quest as a leveraging tool.
You don’t want to let over deployment of trial and freeware software that realistically you likely don’t even need and are probably not using Thank you. To become a pawn for Quest’s compliance team to use against you in a settlement. While trial and freeware installs aren’t hard to manage if you have the right processes and protocols in place, it can be difficult in an organization that just has problems overall with bad user experience.
Again, this loops back in with Dean’s earlier points regarding contractual framework. The only way to really alleviate these issues is to understand the terms of your contracts and therefore put the appropriate controls and monitoring into place. If you’re considering this a weak point for your organization, we’re happy to aid you in the development of these processes because we understand how important they truly are.
So that about wraps it up here. And next I’m going to talk about counting periodically and accurately if you want to flip over. Thank you. So, we understand that Quest is probably not a major publisher for most of your companies. However, their product solutions are good, and they do offer a lot of value to their end customers.
But as we’ve talked about on the flip side, Quest is a company with an aggressive compliance program that is continuing to gather steam. At this point, compliance does form a large revenue stream for Quest, and the company is continuing to push heavily on conducting audits. If you haven’t faced a Quest audit within the last two to three years, it’s likely that your turn is going to come.
These audits move rather quickly, and the auditing team is incentivized to maximize findings. So, with that being said, the advice that we offer today is to be proactive. You do not want the first time that you evaluate your Quest software footprint to be when one of their auditors comes knocking at your door.
And even if you have been through the audit experience before. Don’t let things slip, maintain good governance over your portfolio and stay prepared.
So, let’s talk about conducting internal health checks and being able to locate, interpret, and track what’s installed in your environment. The best way to ensure compliance, as well as really identify optimization and good internal housekeeping procedures that will prevent headaches for you is to conduct a detailed review of your quest portfolio every 6 to 12 months. While this presentation is obviously quest centric, this is good advice for managing most publisher software and really is something that’s often pushed aside as other priorities take center stage. Knowing what you’re entitled to, what you have installed, and what you are consuming, and where these products are in use.
will benefit you greatly, not only in regard to your compliance, but in managing your portfolio and software budget as a whole.
While it’s not detailed enough for tracking your software footprint completely especially in regard to Quest, a SAM tool is a good starting point. That being said, one important item for organizations that have invested in really any SAM tool is the need to continuous, continuously maintain the tool.
So, ensuring that good coverage throughout your entire environment and then working to periodically reconcile the data that you have will really ensure a more effective system of truth. Having a complete and accurate SAM tool has benefits that really stretch beyond just compliance and quest. While you’re not always going to get licensed specific metric data, a good SAM tool is at least going to tell you which products you have installed and where they’re sitting.
This is extremely beneficial, especially in large environments that are not centrally managed, as we’ve touched on earlier.
If you don’t know what you have installed and where it’s sitting, you’re really setting yourself up for large compliance and budgeting risks, to be honest. Another point worth mentioning here, is that of understanding what to search for. For instance, when you’re querying for Quest software, if you query your SAM tool for just the word Quest, that isn’t necessarily going to provide you with the full picture.
In the earlier slide on the history of Quest, you heard that Quest at one point was owned by Dell. So, during that period, Dell required that products sold and shipped would have a Dell reference included. So even now, after the divestiture, some of Quest’s products are still showing up as being published by Dell.
Really, this just comes back to knowing what to look for and being able to sort relevant data from irrelevant data.
A secondary and equally important element here is how important it is to understand how to interpret the licensing metrics of the products that you own. Quest has lots of different licensing metrics and each is different and needs to be tracked and monitored in an individual way. So, understanding the licensing metrics and terms for each product that you are entitled to is really essential to good governance and then remaining compliant to your contractual obligations.
But really, this is a roadblock for a lot of organizations. I’m going to touch on a few specific examples here today but ultimately this is an area of expertise that can’t be gathered from simply listening to webinars like this one or reading Quest’s licensing briefs. If your organization needs help understanding the products that you own and how you’re obligated to deploy, monitor, and manage them, we’re here to help with that.
Again, I’m going to use Toad as an example, just to be consistent Toad is a product that’s licensed by the metric SEAT. SEAT loosely translates to user. Toad also has a variety of different additions, which are unlocked by license keys that provide different functionality levels. So, information like license keys is not going to be reflected in any SAM tool.
But it’s paramount in determining your compliance with Quest’s TOAD products. Your organization needs to have a system in place to capture these core data points. So, looking at this specifically in the case of TOAD, can your organization pull the license keys? If you can pull the keys, can you interpret them?
Looping back to the earlier points regarding document retention, do you have the records retained showing which keys are associated with which products additions in their governing terms? If the answer is no to any of the above, you need an expert to help you sort through this. Over deployments of Toad as well as piracy and third-party keys are common findings in nearly any quest.
Audit, and they’re going to be costly. For a little clarification here, a pirated key is essentially a cracked key typically with a bogus site message that can be downloaded from many dark corners of the Internet. Pirated keys can also be found quite frequently on key generators and portable technologies, such as thumb drives, which can spread like wildfire through an organization.
Another common issue and high revenue for compliance is the issue of third-party keys. This simply means that you’re using another organization’s key in your environment. It’s not cracked key, but it’s viewed in a similar manner in the eyes of class because the fundamental issue here is that they want to know how and why your company is using a key shared exclusively with another legal entity that you should not have access to and have absolutely no rights to.
With that said, let’s stop here and delve into cracked pirated keys a little further. Aside from the obvious compliance issues, what security risks does identifying a cracked pirated key raise? The words cracked key are pretty much an automatic red flag for any IT security officer, CIO, or the like.
Really, in my auditing experience, anytime that I’ve identified a cracked install in a customer’s environment, there are immediate concerns throughout the organization regarding overall IT security, malware, spyware, and potential compromission of critical information. And let’s face the facts here. When any software publisher can prove the existence of piracy or cracked pirated keys or third-party keys or a key generator or whatever it may be in your environment, any commercial negotiation leverage is gone, and you are basically staring down the barrel here.
Another key area that is often overlooked, but again, causes issues with not only Quest, but a variety of publishers are server environments, server product installs, and remote access. We often see that access to a product installed on a server is synonymous to users who have access to the server itself.
So even though a majority of those users likely do not need or utilize or even know how to access most of the products in the standard image, they are still able to access. This is a big revenue stream for Quest compliance program because licensing for Quest is based on the ability to access and not who accesses the product.
The easiest way that we’ve found to control this is through Ad groups and security controls. So, grouping together users who need access to the product and then only allowing those specific users to access with those rights being appropriately restricted and governed. While this is a more specific example, really the key takeaway here is just surrounding controls and accurate data tracking.
If you’re unable to control who has access to specific products in your environment, compliance is going to be difficult to maintain, and internal counts are unlikely, they’re unlikely to be accurate ultimately. So really, to wrap this all up, what this comes down to, is having the appropriate background knowledge, correct processes, and controls, as well as the expertise that you can rely on to proactively manage your software footprint is, it’s absolutely key.
If any of these pieces of this process are broken, or maybe your organization doesn’t even know where to begin with this, bring in experts with the knowledge that can get you where you need to be. At the end of the day, even if you have the best controls in the world, if you don’t have experts who understand all these nuances, it’s only going to make your job harder.
So next I’m just going to quickly touch on managing proactively.
So, managing your technical environment and just your overall software footprint is another key pillar to successfully managing your Quest software portfolio. I suppose a good starting point here is going to be Active Directory. In relation to Quest specifically, cleanup and organization of AD is not just beneficial it’s necessary.
By definition, the Quest enabled user metric includes all active users within the domain. And that includes service and admin accounts. So, in order to maintain compliance in a domain where Quest enabled user products are deployed, Active Directory has to be kept clean. All organizations really need to have clear housekeeping processes for things like disabling and removing old accounts.
Increasing license quantities when additional employee counts are added and really at the end of the day, an organized A. D. is going to help you save spend on unnecessary licensing costs for many publishers, not just specific to quest. So, to get the most out of your software budget, it’s key to proactively check in with your portfolio as a whole to determine if the technology in use is serving the intended purpose.
So, check in and ask yourself, are the products that I’m using functioning as I expected? Are the benefits that these products are providing to me worth the costs? A product that served your organization well, five years ago, might not be beneficial now. And moving on from products in these situations can free up budget and time really for more important endeavors for your organization.
Let’s just delve into this specifically for Quest. So, while Quest licenses are perpetual, meaning once you purchase the license you can use it forever. It’s important to look at the products that you are carrying maintenance on with Quest. Before renewing, determine if you are benefiting from continuing to carry maintenance on the product.
If you’re using older functionalities, or you’re not updating the product as new versions are being released, or you aren’t utilizing the support functions provided, continuing to pay for that maintenance may not be necessary. Really, as your environment, grows and changes, so will your software needs, and so it’s just important to stay ahead of the curve here.
One last item I want to touch on here so most of our clients, as I’m sure most of you here today, have products from a vast multitude of publishers installed across their environments. And so, it’s no surprise that we oftentimes find that a client has two products installed in their environment that are serving nearly the same purpose.
Finding and identifying products where functionality is duplicated like this is really another way to cut costs and compliant risks. One business center can be using one product. Another utilizes a completely different product from a completely different publisher, and they’re not communicating, so it’s not known, but ultimately, each product is achieving nearly the same purpose for your environment.
So, this just ties back into the overarching topic of centrally managing your IT footprint and proactively and strategically managing the portfolio of products that you have deployed. The aim here is really to simplify administration and then maximize your procuring capacity. Ultimately, optimization is key for not only compliance purposes, but just to ensure that you’re spending your time and money where its most beneficial for your organization.
At the end of the day, our goal is for you to make the most of your budget and get the best out of your deployed software without living in the constant fear of an audit.
So, with that, I think we can move on to the conclusion here. So, as we’ve outlined today, and as I’m sure most of managing the Quest software licensing portfolio isn’t an easy task. Quest is a diverse publisher. They have many complexities and contracts, language, and licensing. And that complexity combined with Quest’s focus on compliance really does make this a publisher for you to keep your eye on.
If you haven’t checked in on your Quest portfolio, now is the time to do that. We created these six pillars to help break down some of the complexities and really provide you with an outline for simplifying the Quest portfolio management process. However, at the end of the day, if you’re struggling to control any of the discussed pillars, it’s probably time to call in an expert.
Anglepoint’s specialty licensing program currently has expertise for 85 publishers and continuing to grow. So, if anything from today’s presentation has resonated with you or you have any detailed questions, please reach out to us. That really concludes our presentation material here. So, the floor is open for any questions with, that we may have in the remaining time.
Thanks, Alyssa and
Alex Benson: Dean, and that was a great presentation. And we are coming to the top of the hour right now, and we want to be respectful of time. And we had quite a few questions. We’ll try to hit maybe one right now, just because a few of them are anonymous. But if you did ask a question and your name is attached, we will go ahead and send you an email with the answers to your questions that you sent in.
One question right here quick is there a list of software that Quest owns by the parent or sub-company?
Dean Russell: Okay, I’ll jump in on that one. There are lists of products that are available online. Quest does have a publish product portfolio, but I can qualify now it’s not complete. Obviously within Anglepoint, we have created a software catalog for the publisher, because obviously that’s part of our practice domain.
If that’s something that is important to you, one of the things I would say is Happy to do a follow up and if there’s something we can help you with we can certainly look to support you in those sorts of queries. But yes, we have a list. There are content points out there on the internet, but I would just highlight that they are likely to be incomplete.
Alex Benson: Perfect. Thank you. And just one more fast before we hop off. I have a product owner that obtained 200 trial TOADS licensed for toad. One installed on a server he is tracking who he gave licenses to However, are you saying that anyone with access to that server counts as a seat?
Alyssa Kornmann: I can take that so not necessarily Anyone with access to the server if the proper controls have been put into place So if your product owner it has, you know the proper Groupings and controls put into place and he is truly tracking who is accessing the software and restricting access to only those people, then no, not everyone on the server needs a seat.
However, if access is not being restricted and everybody who can access the server could access that, that trial, whether they are doing so or not, then yes, technically, they would all require a seat.
Dean Russell: I suppose the other thing you’ve got to think about is in terms of that question is asking why someone would put a trial license on that sort of live server.
Again, that’s just protocol and process sort of considerations to be thinking about. But. Maybe that’s something we maybe want to dig into a little bit later. So, if that’s something that’s pertinent, just make sure Alex has got your email address and Alyssa or I would be happy to jump into an email thread or a quick call with to help you through that.
Alex Benson: Perfect. Thank you. That is all the time we have today. But like I said, we will reach out to you through email if you did send in a question and we weren’t able to get to it today. And we want to give a big thanks to our presenters and thank you for joining us. If you have any extra questions that you didn’t send in, feel free to reach out to us and be watching for the recording of this webinar and we hope to see you again next time. Thank you so much.
Dean Russell: Thank you everybody.
Sarah Marriott: Thank you.