Customer Story: The Evolution of SAM - Beyond the Top 10 Applications

Sarah Mangan: Hi, everyone. Thanks so much for joining us today. We're excited to bring to you a great customer story in this fireside chat. When we talk about software asset management, the focus is often the biggest, most visible applications. But today we're looking at a different approach that goes beyond just the top 10 apps. UKG is leading the way with a modern SAM strategy that covers their entire software portfolio. I'm thrilled to be joined by Carlos Garcia Moran, director of SAM at UKG, who's going to share the story of how they re- imagined their approach and how it's driving success across the business. Carlos, welcome and thank you for being here today.

Carlos Garcia-Moran: Hey, Sarah. Hey, everyone. Thanks for coming to our fireside chat.

Sarah Mangan: Okay. Carlos, I'm going to lead you off with a question, and that is you've run a mature SAM program at UKG, historically focused on on- prem software and the biggest, most expensive apps. But at some point, you recognize the need to expand your focus to the full software portfolio. What drove that shift? Was there a specific moment that made SaaS inaudible impossible to ignore?

Carlos Garcia-Moran: So for us, we've been doing this for close to 10 years, and in that year we've mature our SAM program. We started at SAM 1.0, and we're probably right now at SAM 4. 0. A lot of the stuff that we did was predicated on intelligence and tools. It's the stuff that we started seeing as we started using certain tools and the views that they gave us, the ingestion and what it showed you showed us. One of the biggest things for us, one of the kind of eye- openers, it was when we got Silo, and that was a couple of years ago. I think it's now going almost two or three. That started showing us that we always focus in the top of the pyramid. It's always the big apps, the Microsofts, the Dockers, the JetBrains, the IBMs, the things that are like$ 5 million, $ 20 million, $ 15 million things that, of course, are important to bring ticket items. But a lot of times too, those are not as complicated. What bringing Silo on board and the intelligence and us, it showed us that, " Hey, we were so focused on the top," but then there's the middle of the pyramid, that pool that we were kind of dipping our feet in, but not all the way, but it was the bottom that was the most critical. That large expense of applications that we really weren't focused on, and there's a lot. Because what happened was that there were just pockets, but there were pockets of, even in some instances, the same application, like five, 10 here, 50, 100, even 1000. But we weren't looking at... They were focusing it because of the processes that we had in place or even the data intelligence that we were lacking. And that's something that when we got Silo, it started showing us that,'Hey, we have this software over there and, look, there's 50 licenses over here." The same group has the same 50 licenses or 100 or 200, and they're paying different prices. We didn't realize that that of data was out there for us. And that kind of was eye- opening. And it kind of helped us formulate what the next level of SAM would be, what the stages of focus are, because the top of the pyramid is always important. But without the right foundation, we're hurting ourselves.

Sarah Mangan: Yeah. And with your team focused on traditional software licensing when you were in the top of the pyramid, cost and compliance risks are clear. SaaS is more abstract with hidden costs, decentralized ownership. You touched on that a little bit. What challenges did you face in shifting from managing to SaaS and how did you help your team adapt?

Carlos Garcia-Moran: A lot of the challenges was what I call ICE, the principles of ICE, inventory control and education. One of the biggest things was that inventory, that data, us being able to see what was out there. That's something again Silo gave us. With things like being able to do integrations direct with applications, or being able to get payment systems are user- based as well as getting our D365 data or our Dynamics Entra ID data. So that inventory is what started it, and then we moved it on to the next stage. That control, which control, it takes a lot of forms. It's governance is being able to sit data act in and then put certain things, policies, or even technical controls in place. That helped us start thinking, " Okay, how do attack this? How do we..." That bottom of the pyramid, " How can that foundation of people buying all the software, how can we slow it down? How can we pay more attention to it, control it, guide it in a certain way that's going to be beneficial?" And that's where that education is, the next principle, is educating the folks that is not their day- to- day, right? The people that work in marketing, the people that work, even developers, engineers, HR folks, their focus is not on the software. They're not concerned about licensing. They're concerned like, " I need a license for Adobe." Their concern is that they're doing work, they need Adobe, how did they get a license? They're not concerned that, " We didn't buy enough Adobe licenses." Or, " That this person left and it wasn't assigned correctly." Or a lot of those kind of workflows, protocols that are put in place by SAM, Service Desk and other personnel in IT or other factions to control it. So education was critical for us in making sure that people were doing the right job that they needed to do. We weren't stopping them, but we were giving them the tools or the procedures to be able to get licensing and compliance the right way for us, right?

Sarah Mangan: Yeah. You mentioned different business units you were working with. You were first looking at those bigger apps, you started looking beyond them. What were some of the biggest surprises? What were the risks that made this a business- critical issue?

Carlos Garcia-Moran: So I think the biggest risk is... Again, when we're looking at our top apps, I mean, it is a simple thing where, " Hey, you know the inaudible amounts, you know the dollars, there are big dollar amounts. You have better..." Those applications always go through a lot better controls because they're tried and true and everybody's... Everybody has dealt with Microsoft, knows how to deal with Microsoft. But then you start... When you dip your feet into the bottom ones and you see the same risk. I mean, the same risk can exist in the bottom ones and even riskier stuff because they're out of control. They're the wild west. A lot of times people don't think... There's a lot of, let's say, apps out there that... Take a look at when Docker changed their licensing terms. Docker used to be free and they change up under the licensing models and it became not free, but depending who you were. If you were under$ 10 million, Docker was still considered free. Again, you go back to that education piece. The users are not going to know that UKG makes more than$ 10 million or less, or your company... They're not exposed to those nuances, it was us. So I mean, that carries the same risk, right? A hundred licenses of Docker or Bananas, one, two, three, or whatever software you're working with can carry the same risk even in dollar amounts than those... You have a$ 20 million contract, yeah, sure, the risk is$ 20 million. But those other ones, if you have an application that runs in the thousands that you weren't aware of because, " Hey, it's WinZip or 7- Zip," or whatever application that it's not inaudible, it's not enough, but there's that... The volume is big, right? You might have 500, 1000, 2000, and it's not till it comes to light. And another one is, is all those things that those pitfalls of licensing that again, the end user's not going to know, they're going to download it. It is going to be free. And depending on your level of technical controls, a lot of times you're going to let the users install it. You're going to let the users go out there and subscribe to tax ID software so they can do their taxes better. Not knowing that, well, it's not free for you. You're a certain type of company or you're over a size of employees that in the terms and conditions, they say, " Oh no, you're too large to be free. You need to pay us. But we're not going to enforce it. We're waiting for you to say you should be inaudible." So a lot of the times those companies don't have those type of terms. So then ends up being that you have 5, 000 installations and you weren't aware of it, right? Until you start getting that intelligence. That's where tooling is critical. Because while we all love Excel and a lot of the tools that we have out there, kind of putting pen to paper, putting, throwing stuff in a worksheet, it can only help you much. Tools like Silo starts giving you that breadth of view, that view that you're on a plane looking down and you're like, " Oh my God, look at all this stuff. Look at these things." And now you start pinpointing. Now you start doing processes in place that can help you narrow down all those risks.

Sarah Mangan: Yeah. And pivoting a little bit away from risk, looking at the cost savings side of the equation, I know you've set a clear goal. You have a$ 1 million in savings across SAM and SaaS. Can you walk us through how you're working towards that? What strategies or quick bins have been most effective thus far?

Carlos Garcia-Moran: Sure, absolutely. One of the things that for us at least is that we're so inaudible, right? We need to demonstrate that the money that we spent on tooling like Silo, we get back. And a lot of the times we separate them into a couple of things. My team engages directly with our counterparts and renewals to make sure that at the basic level, it's always the, " Hey, we bought a thousand licenses of these over the past year. You use 700, you're really carrying a surplus of 300. Don't renew for those thousand. Renew for seven, maybe 750, give you stuff, a little bit of leeway." So that interaction with renewals has been critical for us. One of the things that we do is we created a dashboard that shows all the upcoming renewals that SAM and inaudible are interested in. We tag all those things. We created a dashboard that now shows that breadth of information, owner, contract, all those things that are going to be beneficial to them. So renewals is one of the biggest things that we do, that brings in, again, that intelligence of data enabling us to just be able to show we're using less, we're using more or like a inaudible. Or even in some instances it might not be a savings, it might be an expenditure. But it is showing that we're ready kind of... Rise up to that challenge and show those data points. The other things that we do is, which is savings is compliance. And again, at that basic level, that goal. We bought so many licenses, we're using so many licenses, we're not going over it, we're going under. Under that line, the green line, is always the most critical. You never want to go over the line. And some of the instances, I mean especially with SaaS, some of it is straightforward because a lot of SaaS products don't let you go over. You bought a thousand and you try to go to 1, 001, you get a little inaudible or something. Some of them are not. They're more fluid and everything. So it's up to the business owner, the stakeholder or whoever it is, the IT person to keep a little bit of a better track on it. It's considered savings because it are kind of paying attention to that line. It is very critical that you don't go over. Because I mean, inaudible one of the things in our industry that's important is audits, nobody wants to get that fearful letter or something. The other thing that we do is reharvest. And again, that's something that Silo has been very helpful on, on things that we have direct connects or even usage connects on, that we're utilizing the breadth of the tool to give us that data point where you're saying like, " Hey, Jane hasn't used Bananas one, two, three in 60 days. That's our cutoff date." Or in some instances, if the people leave the company, you'll see it immediately like, " Hey, Jane used to be here, she's no longer in the usage store. Let's peel back that license." So again, those reharvests that we do are critical because that helps us save dollars. That's more in cost avoidance because we're not spending the dollars. We already spend them, but it makes us more efficient because if I go out there... And again, if I didn't have tools like Silo that are telling me that this person hasn't used an application or that they left the company or another myriad of reasons, I wouldn't be reclaiming those dollars. Somebody would be going out there and saying, " Oh, we need 50 more licenses for Adobe." But turns out that through Reharvest processes, we gained a hundred. So we didn't have to go out there and spend those 50. Turns out we had more. So those are the foundations that we see us getting ahead of the game and being able to, like we said, self- funded. We targeted a$1 million this year. We're pretty much actually, I think, over halfway of doing that already. So that's pretty good for us. And also the more we demonstrate the powers of the tools, the better we are when... And that's always the struggle with anybody that works in our fields. It's always that whole budgetary asking for money, " Hey, if I had more tooling, more people, I could do more." You could always do more.

Sarah Mangan: Yeah. Well, congrats on being more than halfway towards that goal. That's really exciting. Many organizations struggle with software expenses being buried and expense reports. How have you brought that on control?

Carlos Garcia-Moran: One of a couple of things that we did is our P- card payment system, our cards, we integrated into Silo. So now we see all the expenses of software that we are doing, we're seeing them inaudible. Well, I mean in a report right now. I don't sit there all the time. But that enables us to start making... Again, a couple of things that we do is we use those integrations, but now we use reports that are going to tell us like, " Hey, P- card expenses in the past seven days." Or more specific, we created a couple of reports, we'll call them the Uno Reverse reports, where we're not looking for the people that spent it. We're looking for the people that are on a certain list that can spend it, but other people can't. So if we stopped using a product, a lot of times maybe we went through a change in products, like, " Hey, will you still use this application? Hey, now we used application B." We deprecated the whole thing, but turns out that maybe there's one small team that needs to still use application A and pay for it. We're like, " Okay." So then I want to look for them paying it, that's a positive. But then I look at the negative as well, there's people that shouldn't be paying for it and see that report. So what we're doing now is we're taking a look at those reports, and those are like gangbusters. They're showing us a lot of stuff. We also take a look at things where... Another thing with the power of Silo that we have is we started putting a lot of extra metadata for us. When an application is approved for you in UKG, it goes through a very rigorous process. It includes our legal teams, our security teams, our sales teams, our everything. That we're going to look at those things and kind of say like, " Oh, hey, everybody vetted this application. We're good to go, right? So in these instances, what happens is it adds more color to the application. So then when we're looking at anything like this, now we know like, " Oh, look, it passed the process. Thumbs up. We're good to go." So I think that helps us in... Oh.

Sarah Mangan: It got the thumbs up. Celebrating with us.

Carlos Garcia-Moran: I forgot about that. It made me lose the train of thought. But I think all that intelligence and those staffers, they're starting to show us a lot more that we can take action on, and that taking action on those expenses is critical for us. And we're seeing things where now we're able to see that we had a contract for an application and we have expenses, and that shouldn't happen. If we have a contract, we should be paying the contracted price. Nobody should go out there. And if we own Adobe and we have licenses, why is somebody in marketing buying Adobe licenses? They shouldn't. So that again, that breadth of intelligence and data. Data is that big foundation that we can take action on.

Sarah Mangan: Yeah. And you've even built your own dashboards to track and optimize your software portfolio. What's in the dashboards? How's it helping you make better decisions?

Carlos Garcia-Moran: So we started doing what we call the checkerboard dashboards. And in those things where... Again, we started building them with like, " Okay, SAM's interested in seeing the applications that we have a lot of spend and a lot of AP spend and a lot of P- card spend, or we have things that are missing certain things. One of the main focuses that I would love, that I think everybody in the SAM world or any ITAM or anything like that, inaudible their Nirvana would be... I want to be able to, when somebody goes like, " Hey, Carlos, do you know about analysis one, two, three?" And I'm like, " Hold on a second. Hey, I know who the owner is. I know that there's a contract. I know the cost, the expiration. I know who the IT person that deployed it. Did it pass security muster? Did it do all these things?" And that forms that checkerboard, right? Because as we throw all those data points in there, and we create gauges... I mean, I've done a lot of stuff, which it took us a while to kind of figure out the gauges on Silo. But it is a stuff that tells us like, " Hey, I'm interested in right now like a..." We start tagging things on via peer in the dashboard, and it shows the levels of completion. That's that checkerboard where I put everything that SAM sent to us. So we tag it as SAM, right? It appears on the dashboard. Now go like, " Okay, does it have an owner? It doesn't. Let's go find it. Does it have a contract, a renewal date, this?" So that starts following up those checkerboard parameters that fill up. And what we're able to do too is now we can tailor those dashboards for other people that are interested on some of the stuff that security's interested on is the things that Silo's not showing with some scoreboards and everything like that. So that's great. It might have HIPAA information, it might have this or that. So now we tailor these dashboards to whoever. We have the renewal guys. Now when they look at it, they look at things that as, " Hey, contract date, the owner information. We can start maybe even sending renewal emails." So now again, we're creating these dashboards that starts giving tailored information for the people that care about certain things and allow them to take some action like us. And like I said, our inaudible could be able to, on any application, find all that data to complete it. So there's never a question. When somebody asks for something, it's there, it's showing us. And then we can take action.

Sarah Mangan: Yeah. And you mentioned a few different business units in that. What are some of your go- to dashboards and how often are you bringing them out?

Carlos Garcia-Moran: So our go- to dashboards, at least for us, is we just call it the SAM dashboard, right? Simple and concise. And that one, it just has all the data points. Like I said, like the owner of the IT information, any type of thing that when so many questions that we can easily go... Like if we want to know, in some cases, let's say for SAM, different teams do different things on an application. In some instances, my team actually assigns licenses for certain tooling or products. In other cases, other teams do. So the SAM dashboard actually has the name of the actionable team that's going to grant you a license. So when somebody comes our way and says like, " Hey, I need a license for this application." We're like, "Oh, hold on one second. Oh, that sucks." Or that's the marketing team, or it's DIT guys, or the employee management guys. " Okay, go to them." Or even we'll have workflow instructions with a link that says, " Click on this link, it'll take you to ServiceNow, open up a ticket for you, and you're good to go." In other instances, we have folks, like we said the security guys are minded, who created a dashboard inaudible that has the status of an application. Like I said, we have a pretty rigorous process. But I mean, to date, we track probably about 1400- plus applications in Silo. A lot of those went through the rigorous process. I mean, I don't know if people are familiar with we merged with another company four years ago, so we all had disparate lists and everything. So I mean, even four or five years later, we're still kind of discovering certain things. It's a never- ending journey. So the security guys will look at status that again has the... It did pass legal process, it did pass X, Y, or Z, and it's an approved application. Or in some instances, we'll actually fire up things that somebody P- carded a week ago, and it turns out it didn't pass the process. So then the security guys are going to see it on their dashboard, say like, " Hey, wait, this was not an approved app. It didn't inaudible the process." So then they worked with us to follow up with a stakeholder that put that charge saying like, " Hey, you shouldn't have done this. You need to follow a process. You need to go through all these steps in order to get your application approved if you need to use it." One of the big things that one of my bosses told me a long time ago was that SAM isn't in the business of saying no, right? If you need the application to do your work and the application passes all the check marks, then absolutely you can have it. If there's budget if you're doing something. A tool is a tool that makes your job better, 100% SAM is never going to say no, right? But we're going to be cautious about how we guide you to make sure that that application's approved for the right things and that also you're following the process, so you're paying the right amount. So you're doing the right things for licensing compliance and safety.

Sarah Mangan: Yeah. And you've built out such robust processes and dashboards across UKG. I want to ask for SAM professionals who believe they only need to manage their top 10, 20 apps. What would you say to convince them otherwise? What risks are missed or opportunities are they not seeing?

Carlos Garcia-Moran: I think a lot of the stuff it is that, honestly, when you're looking at it, and we all focus the same way. I mean, because it's like the big contracts, the big dollars, and sometimes it takes us a while to kind of get out of that focus. I think for us, it was that whole thing that we looked at it as like the debt, $ 5, 000 cuts. And even the foundation, if your foundation of your pyramid is not the right way, the top's going to crumble because you're going to be so kind of fighting fire drills on a lot of little things that you weren't thinking of because those things can be problematic. I mean, on some instances, we all want to be fiscally responsible. That's one of the biggest things for us. It's those savings and everything. But even any of the little things can lead to an audit risk or can lead to an impromptu like, " Oh, there's$1 million for this because you weren't paying attention." And some of those amounts, it seems small. But when you're looking at... We discovered it in the past, there's certain times that it'll be that an application goes to the top that turns out that maybe 1000 users were using it or 10,000 users. It's crazy. And nobody was paying attention because it's all little$ 50 here, $ 75 there, $ 25 here. But once you start timing it times a thousand users, or 3000, or 5000 users, those costs start getting bigger. So a lot of the stuff that we were finding is that whole thing of without right rules, without the stuff in place. Let's say that, " Hey, I need an application for my job." Nobody stopped me, I bought it, it was$ 50. 10 people from another department are going to do the same thing, but they're not going to pay$ 50, they're going to pay $100 because they paid for the team version. You paid for the premier or you paid for... You thought it was free, but it wasn't free. So that whole thing, the biggest one to focus on clearly is still savings, is that centralization of cost that you're making sure that, " Hey, we're doing this the right way. We're paying for it the same way for everybody. We're doing a deal." Another thing that we found is security and compliance, where a lot of these tools that people are buying, especially on SaaS to do their job, they're going through inaudible. They're putting in their key card, they're clicking through an agreement, and legal's not involved, they haven't been paying attention. Or security might not be involved because it is almost in some instances, a cart before the horse. The good thing though is tools like Silo have kind of let us slow down the process, right? Because now we see the data, we still kind of... It is a big journey. I mean, I always say like, " We're at the top." I'm like, "We're at the middle," right? Because every time that you think you're at the top, you look back and all of a sudden you're like, " Oh, wait, I could be focusing over here on some stuff that makes me more fiscally responsible or makes me more security conscious, or compliance." And again, that whole thing, compliance is a risk. I think I mentioned before about in some instances that that education is important because the users are not going to know that that software is not allowed to be used in UKG. Because we are a certain size or we have a certain kind of financial gain. Or it's okay to use here, but not here. Depending on like... I mean, we're worldwide, right? Some applications are actually restricted for use. So it is that whole thing that now there's a lot of these facets. And then if we're focused at the top of it, of the pyramid, we miss a lot of the foundation. And nobody wants to get stuck with a$1 million audit or anything like that. Or even a compliance feature where you go like... In some instances, some used to be free, and we've seen it in the past. I mean, Docker is a good example. Docker used to be free, so everybody was using it, and it becomes entrenched. And then once it becomes entrenched, now all of a sudden they go like, " Hey, we're going to charge$ 100." Now you go and you have a $1 million bill for software that nobody knew it had to be paid for. And there's a lot of software out there that begins the same way, that where it's free or no cost, but then your users get into using it and then figuring out that now there is a cost for it. And it is not even an inaudible or anything, it's just that you have to pay for the license. And everybody is using it, so you can't pull it back. They'll cripple your workforce.

Sarah Mangan: Exactly. Exactly. Well, Carlos, thank you so much for sharing your insights and the UKG story with us. It's been such a valuable conversation. I'd like to thank everyone for joining us today. We hope this session gave you some fresh ideas involving your own SAM strategies. Enjoy the rest of SaaSMe.

Carlos Garcia-Moran: Good. Thank you, Sarah. Thanks, Silo. And thanks, everyone. We'll see you.