Software Licensing & Master Service Agreements : Chicago Software Licensing Lawyer & Attorney : Sam Conforti Law Firm : Master Service Agreements, Negotiations, Outsourcing : Cook County, Illinois

I found a very good White Paper on Cloud Security entitled Cloud Security Myths and Strategies Uncovered. I think the best way to start off is with the opening quote from the White Paper itself:

“In today’s evolving information economy, cloud computing offers immense opportunity. Whether companies have started their cloud journey or not, security concerns remain the largest inhibitor to adoption. Concerns around control, data privacy, and security abound. However, the technology and expertise required to build a trusted cloud is closer than imagined. Progressive CSOs are embracing a new strategic role as a true business enabler in partnership with business leaders, to make sure that the trusted cloud becomes a reality and enterprises can capitalize on cloud technology.”

Security concerns still abound with Cloud Computing and a fair number of adopters still opt for a private cloud environment. However, there is a trend towards a more hybrid approach, allowing enterprises to take advantage of the cost saving a public cloud provides. A majority of IT professionals surveyed indicated that their top priority was managing access to the data in the cloud. The White Paper suggests that “Virtualization” provides better visibility than the older legacy systems.

The White Paper then lists the three major Myths about Cloud Computing and provides the answer that debunks each one:

1.       The Cloud simply cannot be secure - YES IT CAN.

2.       Cloud Security is a new challenge – NO IT’S NOT.

3.       Compliance equals security – not necessarily … it is only an “as of” date.

The authors state that a successful and secure Cloud is one that has “Trust” as its foundation. The Trust Equation is as follows:

Control + Visibility= Trust

Control

·         Availability: Ensure access to resources and recovery following interruption or failure.

·         Integrity: Guarantee only authorized persons can use specific information and applications.

·         Confidentiality/privacy: Protect how information and personal data is obtained and used.

Visibility

·         Compliance: Meet specific legal requirements and industry standards and rules.

·         Governance: Establish usage rights and enforce policies, procedures, and controls.

·         Risk management: Manage threats to business interruption or derived exposures.

The White Paper goes on to say that the key to obtaining the visibility needed to control the Cloud is Virtualization. “Virtualization consolidates multiple physical components into a logical view so they can be administered from one place. This alleviates the complexity of managing and monitoring multiple moving parts across internal and external infrastructure.”

When it comes to building a trusted cloud, Checklist for Your Trusted Cloud is as follows:

·         Use virtualization as your foundation.

·         Build control and visibility into your security framework.

·         Extend your security perimeter to include applications and endpoints.

·         Adopt the three-layer controls framework: controls enforcement, controls management, and security management.

·         Select a cloud vendor with offerings that can meet enterprise-class cloud security requirements across private and public clouds.

·         Ensure services are secured to a common standard, in a transparent and auditable fashion.

·         Tap prescriptive guidance from industry coalitions such as the Cloud Security Alliance (www.cloudsecurityalliance.org).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

SAP has set the goal of increasing revenue from 12.5 billion EUROS to 20 billion EUROS annually by 2015. First we have to start out with Full Disclosure: I worked for SAP negotiating and drafting contracts in the late 90’s and early 2000’s. I learned my trade there dealing with Fortune 500’s and also the SME market space. Additionally, as a sole practitioner, my largest client is a National SAP Channel Partner for a global entity.  Needless to say, I am very familiar with the corporate culture and I also have a bias toward increasing revenues, because as the saying goes a rising tide raises all ships.

Dan Woods, chief technology officer and editor of CITO Research, a firm focused on the needs of CTOs and CIOs, reports in his article in FORBES entitled How SAP is Betting Its Growth on Partnerships that SAP will need to change its approach to its partners and be more open to working with them and allowing these partners to share in the revenue potential from new sales and new innovations as it had in the past with system integrators. Woods refers to the old corporate culture as “historically insular”. As the person whose duties included acting as the primary contract support for SAP’s national network of VARs (these VARs were originally referred to as CBS ‘Certified Business Solutions' providers, revised to the SMB market place, finally revised to the SME market space) and now as outside counsel to a large SAP Channel Partner, I have been on both sides of the table. I can attest to Woods’ description as being accurate.

Woods refers to an interview given by Eric Duffaut, President SAP Global Ecosystem and Channels. Duffaut came to SAP from Oracle, where he spent 15 years working in the SME Channel. Upon arrival to SAP in 2005, Duffaut headed up the SME market for EMEA (Europe, Middle East, Asia). In the interview Duffaut states that while the industry average is 40%, that in 2005 only 7% of sales were through Channel partners. This increased to 20% by 2010 and 25% through the second quarter of 2011.

Duffaut states that the new strategy to expand revenue by utilizing its Channel partners is centered on a 3 prong approach:

1.       Consolidation of all partner activity under Duffaut’s leadership (developments, sales, and service).

2.       Expansion of its co-development program. ERP is no longer the sole product, although it remains the central focus. Business Objects and the Sybase mobility capability are two other platforms to build upon. The new direction encompasses new solutions for these platforms, through co-developments with partners.

3.       Increase the availability of competent service integrators and execute new engagements and transfer these to the partners (i.e. “SAP will become much more like an incubator for new service offerings …”).

The cultural shift for SAP will be tough. The two obstacles Woods points to are:

a.       SAP’s product standards for the resale of SAP products and also to allow SAP to sell others products are extremely rigorous, and

b.      The certification process to become an SAP Partner is onerous and arduous to say the least.

Woods lays out the salient issue facing Duffaut quiet succinctly. SAP can succeed in growing its revenue through its Channel partners by allowing its Channel Partners to keep more of the expanding revenue that is generated. As Woods states it, “SAP will have to get good at making its partners rich.”

Time will tell …..

• Email This
• Print
• Comments
• Trackbacks
• Share Link

As many of you know, SandHill.com is the online resource created for enterprise software executives. Kamesh Pemmaraju heads cloud research for the SandHill Group and writes a weekly report on the latest happenings influencing the cloud computing community. His latest report entitled Top 5 Cloud Strategies for CIOs is based on a survey of 511 software executives. The survey deals with these executive’s perceptions of cloud computing, their initiatives, implementation issues, and any perceived benefits. His report presents the top 5 strategies CIOs should follow when considering cloud computing. I will present a brief synopsis of those findings here as follows:

1.       Treat this decision like any other business decision:  Pemmaraju simply means to look at all the alternatives and do a traditional compare and contracts analysis. Look at the ROI and weigh the risks.

2.       The cloud is coming – Embrace it: Pemmaraju quotes one executive, “The cloud will come - it's happening now even if it is coming with a lot of hype and a lot of buzzwords. It's a very logical transition - like we are going from individual car craftsmanship into the era of the industrialization of IT services.” A large amount of the survey respondents have already started trials and pilot projects to jump start the learning curve for their personnel.

3.       A sandbox spurs innovation: Create an innovation sandbox in the cloud. The drag on spending due to maintenance is lifted. This new found freedom allows IT departments to redirect efforts from infrastructure constraints to more creative ways to run the business model.

4.       Cloud computing is a furtherance of Outsourcing trend: With this in mind, Pemmaraju presents a short checklist when evaluating whether to move in this direction:

a.       Perform your due diligence and pick a good cloud computing vendor.

b.      Confirm that support levels are adequate.

c.       Obtain copies of vendor certifications (i.e. SAS 70 etc.)

d.      Is your data retrievable in your desired format?

e.      How is your data isolated and protected from others?

5.       Retrain your IT staff: As one CIO respondent succinctly stated, “The jobs of people who sit there patching thousands of servers each time there is a change—those jobs are going away.” The focus will turn from infrastructure to vendor management, and program management, and business analysis.

Pemmaraju concludes his report with an analysis of the impact open source is having on cloud computing. He states that proprietary licenses are lagging in their offerings for cloud computing and so many cloud platforms are run on top of open source stacks. This will have an effect on hardware sales as most companies will be trying to avoid the big expenditures on infrastructure.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

In November of this year the staff at CIO Update conducted its annual fourth quarter survey of IT executives in an attempt to get some sense of the coming year’s economic activity. This year the survey included executives in 139 companies in the US and Canada. From the results it appears that the doldrums of 2009 may be replaced with cautious optimism for 2010 (VERY cautious optimism). The survey asked questions such as whether the surveyed companies had made any changes to their in IT Budgets during the last quarter, increases, decreases, or no change. Another question put a slightly different spin to the IT budget inquiry and asked were there any anticipated changes in the coming years IT Budgets. The article posted December 17, 2009 by the CIO Update staff entitled The IT Spending Recession is Over presents the answers to these survey questions in print and in pie chart form as well so the reader can try to put the responses into perspective. While 19% had increased their IT Budget spend for the last quarter as compared to only 11% last year, 29% answered that they continued to reduce their expenditures as compared to 35% from last year’s survey.

Two interesting observations by the CIO Update staff center around their section entitled “Signs of Hope” and also the breadth of the recovery. The CIO Update research has 20 years of data to lean upon, particularly in the response to “Expectations for Change in the IT Operational Budget” category. The results shows 52% of the IT executives expect an increase in their 2010 budgets. Historically, the CIO Update data indicates a recession when that expectation number drops below 50%. So it appears that the trend may indicate that we’ve turned the corner. However, the anticipated amount of those budget increases is not large and hovers around 2%.

A rosy economic picture for the 2010, I think not. However, it is not bleak either. From an amateur economist at best, your humble blogger’s opinion is that the capitalist business model is cyclical and that an economic recovery is inevitable. I think some intangibles would be the uncertainty of the current administration’s spending plans and the affect they will have on any recovery. And there always is the looming Federal Reserve and whether their policies will allow for further growth as the inflationary effects of their 2008 – 2009 monetary policy have as yet to be manifested. The issues not discussed in this CIO Update posting may be addressed in its complete version Outlook for IT Spending and Staffing in 2010. This full version of the report “provides 2010 forecasts for IT operational spending, IT capital spending, and IT hiring, both for the composite sample and by organization size”.

Is the worst behind us? That remains to be seen.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

So I’m sitting at my desk buried in work one day last week. As an aside, it appears that my writings on SaaS have sparked some interest and so I have been putting together some SaaS agreements for a couple of new clients. My email alert lets me know that an email has just arrived. It is an email from R. Ray Wang, Vice President of Forrester Research Inc. I have been reading a lot of Wang’s writings and research and have been quite impressed to say the least. I have even Blogged on some of his writings. He had a few kind words to say about my Blog and then he attached the latest update to the Enterprise Software Licensee’s Bill of Rights. I promised him that I would read this latest research work and mentioned in my email reply that it would probably be a treasure trove of vital and current information. Well I did read it and my comment hit that nail on the head. As a practitioner for over 20 years, with the last 10 years concentrated in this crazy world we call software licensing, this is a must read. As a Licensee, whether prospective or a veteran of ERP negotiations, perhaps a higher standard is in order, such as mandatory reading material. Here are some highlights from this latest work as detailed by R. Ray Wang:

1. Surveyed 71 vendors and 101 end users.
2. Built best practices from personal experience of 1000 contract strategy interactions.
3. Resulted in the inclusion of 11 new rights that support new deployment options, cost savings, client best practices, and vendor lock in avoidance.
4. Suggested seven simple steps to successfully negotiating enterprise software contract.

Of course reproduction of this research work is strictly prohibited. Regardless of the prohibition, space constraints in this Blog prevent me from adequately commenting on all the salient points. I do not think Wang or Forrester would mind if I whetted your appetite the best way I know how – with Wang’s own words in the Executive Summary.

For Business Process & Applications Professionals

Executive Summary 

July 7, 2009

An Enterprise Software Licensee’s Bill Of Rights, V2

Forrester Redefines 47 Basic Rights That Licensees Should Expect From Vendors

This is the 10th document in the “Building A Long-Term Apps Strategy” series.

by R “Ray” Wang

with Paul D. Hamerman, Andrew Magarie, and Ralph Vitti

 “Of all the assets that an enterprise acquires, enterprise software brings with it the most unusual, onerous, and restrictive set of constraints. In most cases, licensees may not resell, reuse, or share their license. Licensees often encounter numerous grievances across the software ownership life cycle from selection to implementation, utilization, maintenance, and retirement. Poor economic conditions have kept vendors from raising prices for now; however, rapid vendor consolidation has eliminated choice and customer leverage in the market. Upon economic recovery, enterprises can expect price increases in software categories where only a handful of solution providers compete. Fortunately, advances in new deployment options (e.g., software-as-a-service, platform-as-a-service, cloud computing, managed services, and virtualization) may slowly shift the pendulum in favor of the customer. Forrester’s updates to its 2006 Enterprise Software Licensee Bill Of Rights (LBoR) reflect these new best practices from more than 1,000 interactions. CIOs, business process and apps professionals, enterprise architects, and procurement experts should immediately review and incorporate these best practices into their vendor relationships, contract strategies, and packaged apps strategies.”

For information on hard-copy or electronic reprints, contact Client Support.

R. Ray Wang’s Blog is A Software Insider’s Point of View.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Michael Markulec, COO of Lumeta Corporation, writes in CIO Update that the Obama Administration has appointed Melisa Hathaway as Advisor to the President on National Cyber Security. For a more comprehensive review of the appointee and her relationship to the Bush Administration see Siobhan Gorman’s article in the Wall Street Journal, Hathaway to Head Cybersecurity Post. Markulec is all for the newly created position. He points to the disconnect between the federal government and the private sector when it comes to our infrastructure and the necessary control systems in these most important industries. He states the obvious that their connection to the internet leaves us open to a cyber-attack. He also touts Hathaway’s concern that simple hand-held devices can be used to conduct foreign and industrial espionage.

I’m sorry but I just don’t see anything new or any quantum leap towards more effective cyber security from this newly created position. But one only needs to read further and the newness becomes apparent. Markulec predicts, and I agree with him, that new regulations are on the way. He compares the coming new regulations for the IT community and the CIO to the Sarbanes-Oxley legislation aimed at corporate CFO’s. Well, I guess we all know how that went. Do we really need more regulations or do we just need enforcement of the existing laws? If we are using our latest string of financial debacles as our guide, I guess arguments can be made for both sides. Some might say if the Congress didn’t block the creation of regulations for Freddie Mac and Fannie Mae we might not have had the subprime mortgage meltdown. Others might argue if the SEC had only investigated and enforced its own existing regulations the Bernie Madoff Ponzi Scheme would have been discovered much sooner with less devastating financial losses for investors.

I think the Obama Administration may have tipped their hand at what may or may not be coming down the pike as it relates to cyber security, and that I am afraid is more of the same. Gorman reports that James Jones, National Security Advisor, has requested a further study on cyber security. Hathaway is tasked with conducting this 60 day study. And so the end result will be a study that will collect and discuss issues that are apparently known. Will the ends justify the means? Will we have tougher regulations for CIO’s as Markulec predicts, and if we do, will they be enforced and make any difference? That remains to be seen.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Jeff Vance, president of Sandstorm Media, a marketing services firm focused on emerging technology trends, has an article in CIO Update entitled 5 Hot Trends for 2009. This article is the next in his series of predictions as evidence by his article last year entitled 5 Hot Trends for 2008. He begins with an honest critique of his 2008 predictions. I admit I was too eager to find out what was anticipated for this year and so I skipped right to the 2009 predictions. After reading the latest predictions, I confess that my first thoughts were, “Well how good did you do last year?” and so it was easy to find out. Depending on your patience, either order is fine. I’ll give you a brief synopsis of his 2009 predictions and leave it up to you to decide if you agree and need to check his score from last year. For 2009 Vance sees the following unfolding:

1.       Major Mergers and Acquisitions: Vance expects some big names to come in and buy at bargain prices.  One place to look is in the wireless market-space.

2.       Disappointing sales in the mobile market space:  The recession will cause consumers to delay purchases of new handsets with all those nonessential features. One business model to watch is pay-as-you-go.

3.       Virtualization is a winner in 2009: And the reason is obvious, cost. Seems like the recession plays a big part in most predictions for this year. Quicker ROI and less upfront cost will be the tipping point for most technology winners. Vance sees virtualization marching past the servers and moving to desktops and quite possibly the mobile desktop sector as well.

4.       Businesses crack down on social networking: Lack of worker productivity and data leakage are the two main reasons.

5.       IT Spending saves the economy: Admittedly this may be too brash of a boast, but look for major IT expenditures to support a fundamentally changed economy due to the global recession. Regulatory agencies will look to data mining in an effort to detect fraud and forestall market collapses.

So what do you think? If you are interested on how well Vance’s 2008 predictions turned out, read the article, (HINT: he wasn’t too far off).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

I recommend an Economist Intelligence Report entitled IT Excellence: Achieving Optimised Business Outcomes.  This whitepaper begins with the premise that “IT departments are increasingly being called upon to define and pursue excellence”.  The consensus seems to be that IT’s role has evolved to one of a business partner that must align itself with the company’s overall business objectives.  The editorial board of the Economist Intelligence Report put together this report based on in-depth interviews conducted with Dow Corning CIO, Abbe Mulders, and Applied Materials CIO, Ron Kifer.  It is interesting to see how both individuals recognize the pervasive nature of IT in their organizations and their commitment to realizing the most from their departments.  Each has an interesting approach.  I’ll briefly summarize below:

Dow Corning:

Mulders has embraced the Six Sigma (defined) statistical approach with its continuous improvement toward defined goals.  Business units within the company collaborate and produce a future strategic plan which includes IT as a full partner.  The senior executives of the functional business units along with senior IT executives hold quarterly meetings to review and adjust priorities.  This collaborative approach allows the participants a view into the infrastructure, allowing for more effective decision-making, investment and execution of their 5 year strategic business plan.  The Six Sigma approach requires some kind of return.  Mulders’ teams focus not only on the progress but also on the quality of those returns and reports an 80% achievment of targets 12 months after an implementation.

Applied Materials:

Applied Materials is a leader in nanomanufacturing technology and produces semiconductor chips, flat panels, solar arrays, and energy-efficient glass.  Ron Kifer’s approach to IT excellence starts with the premise that IT not only enables business strategies, but must take a leadership role in such business processes.  Kifer maintains that in order to compete in the global market each business functional area must be able to support all others.  This is what he calls “cross-functional support”.  He believes the pursuit of IT excellence optimizes the other business functions.  He looks at core competencies to get the most effective results.  He believes he has accomplished this through the outsourcing of major components of his IT infrastructure.  In order to make the most out of this approach Kifer explained that vendor management became a priority for the company and they needed to “reorganise and develop skills in negotiation and management of vendor relations”.

This whitepaper report also includes a Q&A with each CIO.  It’s interesting reading.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

BMC’s purchase of ITM is only the latest in its string of acquisitions calculated to make it a formidable player in the ERP market. This four year march included the following acquisitions:

• RealOps which automates IT processing: see BMC Buys Into IT Process Automation

• Calendra an identity management specialist: see BMC Grabs ID Management Vendor

• BladeLogic a player in the field of change management: see BMC to Buy BladeLogic For Nearly $800M

ITM’s software integrates the segregated silos of the IT management of the past to provide “visibility, coordination and control” for the CIO. This translates into a more efficient decision making process. BMC’s vice president, Herb Van Hook, described ITM as

a set of very high-level applications IT uses to run itself as a business organization within the enterprise

and the software

asks whether you're doing the right projects; what is the business impact of this project versus that project

See Richard Adhikari’s excellent article in InternetNews.com BMC Completes ITM Acquisition: Software company moves toward a business-oriented view of IT. In it he details the ITM acquisition and discusses the competition in the IT Resource Planning (“ITRP”) space. Adhikari reports that BMC’s acquisition strategy is aimed at partners and so there is “very little overlap” which translates into less integration in its software suite. It remains to be seen if BMC can rollout this new product into its customer base.

• Email This
• Print
• Comments
• Trackbacks
• Share Link