Darian Vance

Posted on Dec 26 • Originally published at wp.me

Solved: We have 5 subscriptions of the same software because nobody talks to each other

#devops #programming #tutorial #cloud

Discover how to eliminate redundant software subscriptions and improve operational efficiency. This post tackles the common IT challenge of duplicate software procurement by detailing practical solutions, including IT Asset Management, Cloud Governance, and streamlined cross-departmental communication.

The Hidden Cost of Disconnected Teams: Five Subscriptions Too Many

The Reddit thread title “We have 5 subscriptions of the same software because nobody talks to each other” resonates deeply within many IT departments. It’s a stark, yet common, symptom of organizational silos, inefficient processes, and a lack of centralized oversight. This isn’t just an inconvenience; it’s a significant drain on resources, a security risk, and a compliance nightmare. As DevOps professionals, our role extends beyond just deploying and managing infrastructure; it includes optimizing the entire software delivery and consumption lifecycle.

Symptoms of Disjointed Software Procurement

If your organization is suffering from redundant software subscriptions, you’ll likely recognize some of these tell-tale signs:

Budget Overruns: Multiple departments independently procure the same SaaS solution, leading to vastly inflated expenditure for identical capabilities.
Licensing Confusion: Uncertainty about who owns which license, its expiry date, and its terms of use, complicating renewals and audits.
Security Gaps: Decentralized procurement often bypasses critical security reviews, introducing unvetted software into the environment. Different instances might also have varying security configurations, complicating compliance.
Audit Headaches: Demonstrating compliance for software usage becomes a monumental task when licenses are scattered across various purchase records and departments.
Operational Inefficiency: Different teams using separate instances of the same tool prevents collaborative work, data sharing, and standardized processes.
Shadow IT Proliferation: Departments bypassing IT entirely to procure software, creating a hidden ecosystem of unmanaged applications.

Addressing this requires a multi-faceted approach, combining technology, process, and cultural shifts. Let’s explore three robust solutions.

Solution 1: Implementing a Robust IT Asset Management (ITAM) and Software Asset Management (SAM) System

The foundation of preventing duplicate software purchases lies in knowing what you already have. A dedicated ITAM/SAM system, often integrated with a Configuration Management Database (CMDB), provides this critical visibility.

What it is:

ITAM encompasses the entire lifecycle management of IT assets, from procurement to disposal. SAM is a subset focused specifically on software licenses. A mature ITAM/SAM solution provides a centralized repository for all software entitlements, usage data, and contractual information. By integrating this with your procurement and HR systems, you create a single source of truth that prevents new purchases of already-owned software.

Real Examples and Configuration:

Platforms like ServiceNow ITOM, Jira Service Management, or dedicated SAM tools such as Flexera and Snow Software offer comprehensive capabilities. The core idea is to establish a CMDB that tracks software assets with specific attributes.

CMDB Software Asset Schema Example:

When a software asset is recorded in the CMDB, it should include metadata beyond just the name:

Software Asset Record:
    Name: "Microsoft Visio Professional"
    Version: "2021"
    License Type: "Perpetual" or "Subscription (Annual)"
    Subscription ID/Key: "MSV-2021-ABCD-1234"
    Quantity Owned: 50
    Quantity In Use: 35
    Expiration Date: "2024-12-31" (if applicable)
    Vendor: "Microsoft"
    Procurement Source: "Corporate Volume License Agreement #CVL-9876"
    Cost Center: "IT Operations"
    Owner Department: "IT Infrastructure"
    Associated Users/Devices: [User A, User B, Device X]
    Renewal Contact: "jane.doe@example.com"
    Status: "Active"

Procurement Workflow Integration:

The key is to enforce a workflow where any request for new software first checks the ITAM/SAM database. This can be automated within your ITSM platform.

User Request: A user or department requests new software via the service portal.
Automated ITAM Check: The workflow automatically queries the CMDB for existing licenses of the requested software.
License Assignment: If available, an existing license is assigned, and the asset record is updated (e.g., “Quantity In Use” increments).
New Procurement: Only if no existing licenses are available or suitable (e.g., wrong version/edition) is a procurement request initiated. This request should also flow through the CMDB to record the new purchase.

# Example (Conceptual) ITSM Workflow Pseudo-code:
function RequestSoftware(softwareName, department, quantity) {
    existingLicenses = queryCMDB(softwareName, "available");
    if (existingLicenses.count >= quantity) {
        assignLicenses(softwareName, department, quantity);
        updateCMDB(softwareName, "in_use", quantity);
        sendConfirmation(user, "Licenses assigned.");
    } else {
        // Calculate deficit
        deficit = quantity - existingLicenses.count;
        if (deficit > 0) {
            initiateProcurementRequest(softwareName, department, deficit);
            sendNotification(procurementTeam, "New software purchase required.");
        } else {
            // All requested quantity can be covered by existing
            assignLicenses(softwareName, department, quantity);
            updateCMDB(softwareName, "in_use", quantity);
            sendConfirmation(user, "Licenses assigned.");
        }
    }
}

Manual Tracking vs. ITAM/SAM Tool


	Manual Tracking (Spreadsheets)	Dedicated ITAM/SAM Tool
Visibility	Fragmented, prone to errors, outdated quickly.	Centralized, real-time, comprehensive.
Automation	None for checks, assignments, or renewals.	Automated license assignment, procurement checks, renewal alerts.
Compliance	Difficult and labor-intensive to prove.	Streamlined audit readiness with accurate data.
Cost Savings	Minimal, often leads to over-provisioning.	Significant due to optimized licensing and reduced redundant purchases.
Integration	Limited to manual data entry.	Integrates with ITSM, ERP, HR, and cloud providers.

Solution 2: Proactive Cloud Governance and SaaS Spend Optimization

The rise of SaaS and cloud-native services has exacerbated the “shadow IT” problem. Departments can easily sign up for tools with a corporate credit card, bypassing traditional procurement entirely. Cloud Governance and SaaS Spend Optimization address this.

What it is:

This solution focuses on gaining visibility and control over cloud resources and SaaS subscriptions. It involves implementing policies, automated monitoring, and leveraging specialized tools to track usage, identify redundant services, and optimize costs across cloud environments (AWS, Azure, GCP) and numerous SaaS applications.

Real Examples and Configuration:

Tools range from native cloud cost management services to third-party FinOps platforms and dedicated SaaS Management Platforms (SMPs).

Cloud Cost Management & Tagging Policies:

Cloud providers offer robust tools (AWS Cost Explorer, Azure Cost Management, GCP Cost Management). The key is consistent tagging of resources and subscriptions.

# Example AWS/Azure Tagging Policy (conceptual):
# Enforce these tags on all new cloud resources and subscriptions.

Mandatory Tags:
    - CostCenter: [Finance, Marketing, Engineering, etc.]
    - Project: [ProjectX, CRM_Migration, DataAnalytics]
    - Owner: [Manager's Email or AD Group]
    - Environment: [Prod, Dev, Test, QA]
    - Application: [Application_Name]

# Example AWS Policy (simplified JSON for clarity, actual policy would be more verbose):
{
    "Statement": [
        {
            "Sid": "EnforceMandatoryTags",
            "Effect": "Deny",
            "Action": [
                "ec2:RunInstances",
                "s3:CreateBucket",
                "rds:CreateDBInstance"
                // ... more resource creation actions
            ],
            "Resource": "*",
            "Condition": {
                "ForAllValues:StringNotLike": {
                    "aws:TagKeys": [
                        "CostCenter",
                        "Project",
                        "Owner",
                        "Environment",
                        "Application"
                    ]
                }
            }
        }
    ]
}

By enforcing consistent tagging, you can then use cloud cost management dashboards to filter and analyze spend by department, project, or application, quickly identifying unexpected costs or duplicate services.

SaaS Management Platforms (SMPs):

SMPs like Zylo, BetterCloud, or Productiv are designed to discover, manage, and optimize SaaS applications. They integrate with:

Financial Systems: Scan credit card transactions and invoices for SaaS vendor payments.
Single Sign-On (SSO) / Identity Providers (IdP): Track which users are provisioned for which SaaS apps.
API Integrations: Connect directly to popular SaaS apps to retrieve usage data.

SMPs can alert IT to new, unapproved SaaS subscriptions, show overlapping functionality, and highlight underutilized licenses, enabling proactive management and cost reclamation. For instance, an SMP might reveal that both the Marketing and Sales teams are paying for separate instances of a survey tool when one enterprise license would suffice.

Solution 3: Streamlining Software Procurement Workflows and Communication

At the heart of the “nobody talks to each other” problem is a lack of structured communication and a clearly defined, easy-to-follow process for software acquisition. This solution focuses on establishing robust workflows that naturally foster inter-departmental collaboration.

What it is:

This involves designing and implementing a standardized, transparent process for requesting, reviewing, approving, and procuring software. Leveraging ITSM platforms and workflow automation tools, it ensures that all stakeholders (requester, IT, procurement, security, finance) are involved at the appropriate stages, and decisions are made based on complete information.

Real Examples and Configuration:

ITSM platforms like ServiceNow, Jira Service Management, and even custom solutions built with Microsoft Power Automate or PagerDuty Process Automation can facilitate this.

Software Request Service Portal:

Create a dedicated service catalog item in your ITSM portal for “Software Request.” This is the single entry point for all software needs.

Service Catalog Item: "Request New Software/SaaS"

Required Fields:
    1.  Software Name: (Text field with auto-suggest from CMDB)
    2.  Purpose/Business Justification: (Long text field)
    3.  Number of Users/Licenses Required: (Number field)
    4.  Department/Cost Center: (Dropdown, pre-filled from user profile)
    5.  Required By Date: (Date picker)
    6.  Is this a renewal of existing software? (Yes/No - if Yes, link to existing asset)
    7.  Have you checked if similar software already exists? (Checkbox, with link to ITAM portal)
    8.  Security Requirements: (Dropdown - e.g., "Standard", "High-Compliance", "PHI/PII Data")
    9.  Integration Needs: (Text field - e.g., "Integrate with Salesforce", "SSO required")

Automated Approval Workflow:

Once submitted, the request triggers a workflow that includes multiple approval steps and automated checks.

Initial IT Review (Automated):
- Check ITAM/SAM for existing licenses (as per Solution 1).
- Scan for similar approved software in the catalog.
Department Head Approval: The requester’s manager approves the business need and budget.
Security Review: For new software, a security team reviews the vendor, architecture, and data handling practices.
Technical Review: IT Architects or relevant technical teams assess integration feasibility, supportability, and compatibility with existing infrastructure.
Procurement Action: If all approvals are granted, procurement either assigns an existing license or initiates a purchase, ensuring the new asset is recorded in the ITAM system.
Fulfillment & Provisioning: IT provisions the software/license to the user(s) and closes the request.

# Simplified Workflow Steps (visualized in an ITSM platform):

START
  |
  +---> User Submits "Software Request"
  |
  +---> [Automated Task: Check ITAM for Existing Licenses]
  |      If (Licenses Available) --> Assign License > END
  |      Else (New Procurement Required) -->
  |
  +---> [Approval: Department Head]
  |      If (Rejected) --> Notify User > END
  |      Else -->
  |
  +---> [Approval: Security Team (for New Software)]
  |      If (Rejected) --> Notify User > END
  |      Else -->
  |
  +---> [Approval: Technical Review (Architecture/Integration)]
  |      If (Rejected) --> Notify User > END
  |      Else -->
  |
  +---> [Task: Procurement Team Action (Purchase New License)]
  |      - Update ITAM with new license details
  |
  +---> [Task: IT Fulfillment (Provision Software/Access)]
  |
  +---> Notify User & Requestor: "Software Provisioned"
  |
END

This structured approach forces communication at critical junctures and provides a paper trail for accountability, significantly reducing the chances of redundant purchases.

Conclusion

The “five subscriptions of the same software” scenario is a solvable problem, but it requires a strategic, holistic approach. By investing in robust ITAM/SAM systems, implementing proactive cloud governance, and streamlining procurement workflows with transparent communication, organizations can transform a source of waste and frustration into an optimized, secure, and compliant software environment. It’s about moving from reactive problem-solving to proactive strategic management, a cornerstone of effective DevOps practices.