Close Menu

Search for Keywords...

Blog

3 Lessons from NASA’s Software Audit

NASA Software Audit

01/18/2023

When you hear the name NASA, it often brings a sense of nostalgia. The first man on the moon. Rocket launches. Outer-space discoveries. The last thing that comes to mind with NASA is a software audit

Yet, that’s what the agency is going through right now. In fact, the audit report found that NASA overspent about $15M on Oracle licenses over the last five years. Not to mention, $20M they owed in fines and overpayments, which could have been avoided.

But the problem doesn’t stop there. In addition to the exorbitant cost, there was no centralized software asset management (SAM) practice, insufficient staffing to address the complexity and volume of their licensing agreements, and unsupervised software buying, among others.

Today, all organizations run on software – it’s mission critical. An audit such as NASA’s can be crippling to a business, surfacing many operational, financial, and security risks.

What can you learn from NASA’s experience? Here are three lessons to consider as you run your SAM program.

NASA Software Audit Lesson #1: Visibility Must Be the Heart of Software Management

As we like to say, you can’t manage what you can’t see. And that applies to any software – on-premise or SaaS.

In NASA’s case, “the potential threat of being audited by the vendor encouraged overbuying when the accuracy of agency software asset management was suspect.” Further, their SAM practice is not centralized.

There are two problems that are solved by visibility in this case:

  1. Decentralization makes it impossible to see the full picture.
  2. If you don’t have a method to accurately discover and track your software licenses, it’s impossible to make good decisions.

A software management tool is critical to enabling full visibility into your tech stack. In short, it becomes your central source of truth. And when you have that visibility, you can make more data-driven decisions to proactively manage your software – and avoid a costly audit.

When it comes to SaaS, Zylo is the only management platform that can discover 100% of your software – even if they’re miscoded or improperly categorized. Learn how our AI and machine learning-powered Discovery Engine gives you full visibility into your SaaS estate.

NASA Software Audit Lesson #2: You Must Allocate Sufficient Resources to Be Successful

Having the right budget and staffing to support your SAM practice is imperative. That balance might look different depending on your organization, its size, industry, and stage in the software management journey.

As a large government agency, NASA has a high volume of complex software licensing agreements. As such, it should have a robust team and budget allocated to manage its estate. But as the report found, that is not the case.

When you don’t have the appropriate resources, your team is spread thin. You’re doing more with less. And sometimes there are things you just can’t get done.

That’s where a partner comes in handy. From helping you build your practice to negotiating contracts and acting on optimization opportunities (and more!), getting support can be a cost-effective way to prove the value of your software management program.

At Zylo, we help do just that for your SaaS software. 

Versapay, a financial software company, uses our SaaS Manager and SaaS Negotiator services to save time and money. “Our Zylo resource is an embedded member in my team,” said Ryan Johnson, former VP of IT and Internal Systems. “The reception has been remarkably positive and we’ve seen immediate value.” 

NASA Software Audit Lesson #3: Operationalize Software Purchasing and Renewals

The software audit report also cited many “ad-hoc practices” being followed at NASA. A few worth noting include:

  • Inconsistent processes for including legal during software contract negotiations or audits
  • Unsupervised training software
  • Unsupervised software buying

When you’re “loosey goosey” with your software management practices, that’s when operational, financial, and security risks run rampant. With SaaS, that also means shadow IT. Lack of process and oversight is what has NASA in this predicament.

By building a process and following operational best practices, you’re able to avoid mishaps. It’s also worth noting that for this to be successful, it all goes back to visibility. Know what you have. Then, build processes around it. 

It’s especially important when you consider procurement – from purchase through renewal. What does that look like?

  • Having an intake process. Determine how you want employees to request new software purchases and communicate that often. This helps avoid employee-led purchases, or shadow IT.
  • Requiring software reviews. Establish a cross-functional team to determine requirements for new purchases and review requests from employees. In a nutshell, this is a form of software governance. This group should be key business stakeholders that represent Legal, InfoSec, Finance, Procurement, IT, etc. You want to make sure the software covers all the bases for security, compliance, budget, organizational fit, overlap with existing tools, and more.
  • Establishing operational rhythms for renewals. When you have a plan in place and the information to support it, you can be proactive with renewals. Using a management tool allows you to see your usage and spend, benchmark pricing and tools, and set up alerts to stay ahead.

At Zylo, this is the drumbeat with our customers. They use our SaaS management platform combined with ongoing consulting to enable this. And even let us take the reigns as an embedded team member with the services we mentioned earlier.

Prioritize Software Management, Avoid Costly Audits

We’ve yet to meet anyone who welcomes a software audit with open arms. Sure, hindsight is 20/20. But if you don’t have visibility, you don’t know what you don’t know. Are you confident your organization isn’t at risk?

If there’s anything to learn from NASA’s software audit, it’s this very concept. It all starts with visibility, and then having the right resources and processes in place.

If you’re looking for more visibility into your SaaS software, we’d love to chat. Request a demo to speak with one of our SaaS management experts today.