So, you’re in negotiations with Microsoft for a renewal. You have investments across on-premises applications, Microsoft O365, and Azure. How do you leverage your current customer acumen in tandem with deep product knowledge, so you don’t end up with an uncomfortable contract, or worse, an audit down the line? It’s never easy to make an informed decision on a vendor—especially one you’re relying upon for integral technology—if you can’t see details of how it affects your organization. Details like, how much am I spending with them? Am I currently license compliant? Have I been overspending on my contract? Which contracts and entitlements are expiring or up for renewal? And that’s just for starters.   This is the type of information that is hard to keep track of across the various business units of an organization, but it’s especially critical when the time comes to answer these questions in an effort to fend off an audit or maximize the return on a renewal or renegotiation.   Overspending and underutilizing   Compliance, for example, is one of those areas that many customers butt heads with vendors. You’ve purchased a set numbers of entitlements for a product or products. You know what you plan to use. Maybe a range. But do you actually use that in practice? Whether you’re over or under consuming those entitlements, there’s money involved. And there’s a good chance you’re either going to owe it or you’re already burning it by not using what you’ve got.    T here are opportunities for rightsizing your environment to the demand and usage of your organization at every turn. But if you don’t know where those opportunities are, or you can’t see the full scope of your vendor relationship, how do you act on those opportunities?   You don’t know what you don’t know   The natural next question you might ask is, “Why can’t I see all of this data in one place?” Well, that’s because IT data can be tricky, and that’s not the data’s fault.    First, many organizations struggle to get their data right and in a consumable format for all the tangential teams who use it. You likely have many sources for discovery (ex. SCCM, ADDM) and many places you use your data (ex. ServiceNow for ITSM or Coupa for finance and procurement), but when you take all those data sources and mash them together, does that data match up and combine correctly to say what it should? Usually it doesn’t—it’s duplicative, full of errors and missing key information (like compliance contextualization). That data needs to be cleaned up and  normalized  to be used effectively throughout your business as a trustworthy foundation.   Second, contracts are tricky. Entitlements can have confusing logic. Sometimes you don’t know what you’re going to have to invest no matter how you plan it until you’ve got users using it. On the other side of the contract—have you ever looked at a cloud provider’s bill? They’re deep and technical. I don’t want to look at them, they give me migraines. But someone needs to, and that someone needs to be trusted that they won’t miss the minutiae. Spoiler: it’s likely an AI (or machine learning) program and it needs to line up with your other systems correctly to make sure that data—again—is trustworthy across the business.     Third, what’s installed and where across the organization? If you have data—on installations and entitlements—it makes negotiating (or renegotiating) those contracts easier; come into the conversation with hard data on what you actually need and how you plan to use it for a savvy pitch toward a discount. View from the top: Introducing Vendor Workspace for Flexera One   Now we know some of what we need to be armed with for vendor conversations. But how do I get it into consumable format? That’s where Flexera One delivers Vendor Workspace. As the leader in technology value optimization (TVO), Flexera is uniquely positioned to shed light on all your IT investments and offer actionable insights to get your environment into an efficient and dependable state.   What is Vendor Workspace?   It’s s a top-down analysis of your technology vendor relationship. Flexera provides robust out-of-the-box and customized insights related to technology spend optimization, risk mitigation, business service alignment and more. It provides a holistic view of your overall spend, composition of spend (on-prem, SaaS and cloud), trend over time and year-over-year analysis to best position your organization for success.     What can I do with a Vendor Workspace?   Understand how different vendors (or combinations of vendors) affect your investments in technology to determine the size of your reclamation opportunities and your savings over time as a result of optimization. For example, how much can you save by using Azure Hybrid Use Benefit (AHUB) or switching recommended license types for O365 with Microsoft? These are the types of questions you’ll be able to answer with Vendor Workspace information:   Optimization opportunities —rollup of costs and savings related to:   Underutilized entitlements   Unconsumed on-premises entitlements   Categorical redundancy    Version sprawl   Risk mitigation —which installed applications are  license compliant and what’s the impact to your business:   Which products are   affecting the organization? For which products is your business over-consuming entitlements?   For how many products are you approaching over-consumption?   What are the top products in terms of over-consumption risk?   How many unlicensed installations are in your environment for a specific vendor?   With Vendor Workspace, Flexera provides not only a holistic landscape of your relationship, but the tools to drill down into insights and see related details for contextualization and actionability. Set alerts and notifications to keep your various teams in the know and ready to take action when the time is right.    Tie your IT data together for a common understanding of your vendor relationship and get out ahead of issues before they arise. You’ll make informed decisions with your vendors by knowing where you stand at all times. For more information on how Vendor Workspaces work, see our technical blog to get started.   ... View more

It’s no secret that information technology is in rapid flux. Digital transformation and the demands of a post-COVID world are causing software asset management (SAM) and configuration management databases (CMBD) to evolve toward a hybrid view of what IT truly encompasses. IT asset management (ITAM) and SAM teams continue to manage the complex on-premises processes of lifecycle and vulnerability management, and their purview must expand to include SaaS and cloud inventory data. And don’t forget about application rationalization for sprawling assets, maintaining security from vulnerabilities and aligning to business service units in order to understand IT’s impact on the organization.  Needless to say, you’re juggling a lot—but you don’t have to figure it all out alone. The Flexera 2021 State of IT Visibility Report sheds light on what’s happening with information technology and the data that supports the wide array of business initiatives around the world. This inaugural report illuminates how you can do more with the data you already have to facilitate solutions that drive business results. ITFM, cloud often get left out The Flexera State of IT Visibility Report gathers the thinking of more than 300 global technology decision-makers about IT infrastructure, asset management, vulnerability posture and industry trends. It combines this detailed respondent information with the industry expertise and data of Flexera’s Secunia Research and Technopedia teams to highlight pain points and areas of opportunity for IT visibility and vulnerability mitigation. Nearly 80 percent of respondents reported moderate to over-communication between ITAM and security operations (SecOps) teams when it came to vulnerability and risk mitigation practices. Over 75 percent said they share data sources between ITAM and IT service management (ITSM). That’s great for ITAM, SecOps and ITSM, but it’s important to expand that foundational data to other teams across the organization. The report showed that IT financial management (ITFM), enterprise architecture (EA) and cloud management teams weren’t receiving the same level of communication or data sharing. Contrary to popular belief, cloud should be integrated with traditional ITAM processes, as insight into the on-premises estate is especially helpful for your cloud migration and resource management efforts. A looming threat landscape requires collaboration You already know that keeping IT assets secure is a top priority. And with several high-profile breaches in 2020 and 2021, it’s no surprise that the top concern from survey respondents for their IT assets is vulnerabilities. Software sprawl and lifecycle management round out the top three concerns. These all tie together when thinking about how SAM, CMDB and other IT initiatives are becoming interdependent in an evolving hybrid IT estate. Knowing where you’re at risk—whether from a direct breach, software or hardware that’s become vulnerable due to obsolescence or an overabundance of application installations in your organization—helps you save time, money and other valuable resources that drive your business. Don’t judge a book by its cover A good place to start when assessing the vulnerability of your IT environment is with assets that are at end of life (EOL) or end of support (EOS). It’s correctly assumed that most of these are vulnerable, but some carry more risk than others. For example, the Flexera State of IT Visibility Report found that Micro Focus and VMware were among the top five vendors for most EOL/EOS software assets in 2021—but neither make the top ten when connecting unique vulnerabilities to EOL/EOS. These unique vulnerabilities are those associated with a minor version software release. What’s the useful insight? Not all IT assets reaching EOL/EOS are created equal—and each manufacturer presents varying degrees of vulnerability that shouldn’t be assumed by the volume of products reaching EOL/EOS. So where should you start? Every IT environment is unique. Microsoft and IBM rank most vulnerable when it comes to EOL/EOS, but your organization may have a higher investment in other vendors. With this in mind, it’s important to understand not only which vendors are prevalent in each environment, but also which categories are most vulnerable and critical for your organization. For example, the report ranks operating systems as the most vulnerable and second-most critical category of EOL/EOS software. Secunia Research has determined that an overwhelming number of vulnerabilities in operating systems are rated as low-level threat severity. When most people hear something is a “low-level threat” they typically put it out of sight, out of mind—it’s automatically deemed a lower priority. Low-level threat severity, however, doesn’t mean that an attacker won’t breach your organization—there are 1,038 unique vulnerabilities through which they can gain access—but it does tell us that there is a lower likelihood of any one of these vulnerabilities being exploited. This doesn’t mean that you’re out of the woods just yet. Because an overwhelming majority of EOL/EOS operating systems have this threat level, it’s still essential to focus on this area. Focusing only on high and very critical threat severity means you’ll miss out on the mass of vulnerabilities in need of remediation by overlooking these low-level threats—and don’t forget that they’re still actively being exploited in the wild. You can then dive further into which operating systems specifically carry the most vulnerabilities at that level and prioritize your remediation efforts by locating where those systems are installed within your organization. For many more insights and complete survey results, download the Flexera 2021 State of IT Visibility Report.   ... View more