We each have our own approach for which publishers rank high on our Tier 1 list, then Tier 2, etc. Would like to hear from other community members if you’re willing to share. I’ll start and hopefully we each can learn a bit and improve incrementally our approach.
For Tier 1’s I see those as having one or more “markers” causing me to consider where I place them…My top spend/investment, has history of auditing on frequent basis, risk/opportunities not fully known, shows on Gartner’s top 10 lists, been audited in past 5 years, publisher was recently acquired (acquiring co. seeking to accelerate the ROI), heavy cost recovery models internally requiring higher accuracy and so forth
For Tier 2’s similar to above with some exceptions where i would reduce the spend top %, not typically a audit threat, i.e. good partner to work with. and so forth
Nothing currently for Tier 3 though things like large migration efforts, need to keep current for active internal harvesting, reclaim. etc.
We all realize we’re to monitor over all licensing positions. With resources stretched thin, limited funding somethings we must prioritize for what keeps us up at night. What are others thoughts, opinions here?
Thanks in advance for some active dialog
1 Like
I’ve recently been working on something very similar, and like you I’m debating the attributes and criteria that elevate one product or publisher above another. One area specifically, that I have been putting a lot of focus into is the idea that for a given publisher, say Microsoft, only a certain percentage of my overall licensing position is made up of high value/ high risk/ high cost products. The SQL Enterprise, Windows Server DC, M365’s of the world, command high dollars, and without focus can easily become huge compliance risks. From that perspective the handful of unlicensed Visio, InfoPath, or Project deployments one may find (or not) don’t pose nearly as large of a threat.
I’ve started asking my self, at what point, with the resources and tooling available to me, is enough, enough? Do we work to establish compliance for ALL things Microsoft? Or just the high risk, high reward products like SQL and Windows Server DC? Essentially taking your idea above and tweaking it, instead of ranking publishers as Tier 1, 2, and so on… rank the products you own/ consume as Tier 1, or 2. At a certain point the value add of finally nailing down a compliance position for InfoPath 2013, really isn’t all that valuable, yet many organizations find themselves chasing that last 10% of the estate when 100% of your risk and ‘value add’ lives in the other 90%.
2 Likes
Good perspective, I’m aligned when it comes to say Microsoft there is a short list to focus. Equally important is removing those old products if nothing else from the noise you illustrate they produce. I smile at your mention for InfoPath example. My upline wants overall % to be at 90% plus. Well we can make that happen removing the InfoPath types and others to drive overall %, but we then fail when it comes to those that matter. Hmmm,…maybe consideration for Tier’s by Publisher but with some focus on Product lines where the hurt or help is most felt. Thanks
I agree that creating tiers around licenses instead of broad publishers is smart and reinforces the risk-based approach.
Some other thoughts on aligning your licenses in specific tiers could be prevalence of extended support: you don’t want to chase technical debt AND non-compliance, so focusing on those vendors can help cut costs on both fronts. I would put licenses tied to technical debt in higher tiers.