With the rise of cloud-enabled SaaS subscription models dominating the software landscape, you could be forgiven for thinking that audits by software vendors are a thing of the past. But are they? …And is it wise for CIO’s to take their eye off the ball with Software Asset Management?
In January, the 2025 Survey on Software Audits produced by Unisphere Research and LicenseFortress revealed that:
- Frequency is up – Out of the 300 respondents, 62% reported being audited by a major software vendor within the past year – an overall increase from 40% in 2023.
- Expense is up -The number of organisations that incurred financial penalties in excess of $1m has tripled since 2023, at 32% up from 10%.
- Organisations aren’t audit-ready – Companies with over 5,000 employees face the sharpest increase; 66% have been recently audited, compared to just 50% in 2023. Despite this, organisations were taken by surprise.
So, software vendor audits are still happening and from a disruption perspective alone, it can’t be ignored. Hybrid cloud environments are making audit processes more complex – a view shared by 53% of respondents, up from 38% in 2023.
There are some long-term strategies being played out by the usual suspects most inclined to audit, creating some sharp increases in reoccurring spending and interesting audit challenges:
Microsoft – whilst M365, Intune MDM and Autopilot may appear to have taken care of desktop admin (albeit at a higher TCO than traditional Office models) don’t forget about SQL Server – especially as Microsoft auditors can get it wrong.
IBM – Failure to correctly deploy and configure ILMT can immediately eliminate sub-capacity (virtualisation) licensing rights.
Oracle – Notoriously complex and risky, now with Oracle Java creating new customers and audit risk outside of the datacentre.
VMware – Since the acquisition by Broadcom and the forced move to subscription-based licensing, audit activity is increasing.
ServiceNow – Another move to subscription-based licensing creating a focus on customer audits.
Pick your fire(s) to fight
Whilst the software vendor audit risk is still present, let’s put the whole piece into perspective; cloud spending is projected to reach $723.4b in 2025 according to Gartner, and the estimated rate of wasted spend in the cloud remains fairly consistent at 32%.
So, whilst software vendor audits are still a risk, wasting money through cloud mismanagement is effectively a certainty.
You can understand then why many IT leaders appeared to have switched focus and investment to managing the cloud IaaS, PaaS and SaaS challenge over traditional on-premises IT Asset Management (ITAM).
There is a tendency to roll-up ITAM and specifically Software Asset Management (SAM) into other solutions and approaches, like Service Desk solutions (ITSM) or MDM tools (Intune) for example, rather than mature, dedicated ITAM & SAM tools – a strategy that is increasingly being exposed as hopeful and over-simplifying the complexities and risks that surround the effective management software licensing costs and risks.
Evidently, the need to ‘see’ and be able to manage the full-scope of enterprise hardware and software isn’t going away, and isn’t getting any simpler either.
Indeed, neglecting core on-prem ITAM principles directly impacts cloud management, with challenges such as enabling the automated discovery of unknown SaaS applications to combat shadow IT.
You can’t manage what you can’t see, and so maintaining full network discovery of devices can be critical to capturing intelligence on end-user web browsers and usage of SaaS tools and AI.
So, what is the best strategy to modernise ITAM / SAM and support the adoption and optimisation of cloud?
ITAM, SAM & FinOps in the Cloud+ Era
Cloud+ in the context of cloud financial operations (FinOps) refers to the focus on managing technology spend across a wider range of environments; public cloud IaaS / PaaS, SaaS as well as on-premises IT infrastructure.
It stands to reason that the financial maturity, stakeholder accountability and on-going optimisation of cloud spend championed by FinOps be applied back to modernise ITAM and SAM in the management of on-premises IT infrastructure.
2025 has seen an increased scope of FinOps and the active alignment of ITAM into cloud FinOps practices.
In light of these developments, very few select FinOps Foundation Members toolsets have the full ‘Cloud+’ era scope in sight – combining the best of on-prem IT visibility, software identification and optimisation everywhere and public / private cloud management.
With today’s rate of change, market uncertainties and need for the next phase of digital transformation and AI-led innovation, unifying software policy, security and cost allocation and optimisation processes across all your vendors and environments makes a lot of sense.
It will take time for the solution market to adapt, but the direction of travel is becoming clear; dissolving the barriers between ITAM, SAM & FinOps can bring increased maturity and clarity to both sides, and at the end of the day easier management means greater cost savings.
Scott Massey – Customer Relationship Manager
Scott is one of Certero’s earliest team members and a long-time expert in IT Asset Management, Software Asset Management, and FinOps. With over 16 years of hands-on experience helping organizations navigate audits, gain control of their environments, and improve visibility, Scott brings a practical, real-world perspective to solving discovery challenges in modern IT.
