VISA Case Study: SAM in the 21st Century (July 30, '14)

Visa Case Study: SAM in the 21st Century

Return to News & Media

Terms of use

Visa Case Study: SAM in the 21st Century

Joe Birdsong, Director of Software Asset Management, shares the factors behind Visa's software asset management strategy

By Leslie T. O'Neill

Nobody makes a case for software asset management (SAM) like Visa. The financial services company wouldn't be able to manage its critical—and impressive—investments in IT without its recently matured SAM program. The SAM team influences every aspect of IT throughout Visa, which powers a secure, reliable global payments network that can handle 40,000 transactions every minute.

"In the past three years, SAM has been credited with saving Visa over $200 million," says Joe Birdsong, director of software asset management at Visa addressing the crowd at the 2014 SAM Summit in Chicago. "We're making better decisions."

Visa adopted a globalized approach to IT asset management in 2006, but it wasn't until 2011 that the company formed a team dedicated to SAM and developed a company-wide SAM strategy. That first year was busy. Birdsong's team supported four major ELAs (enterprise license agreements) and addressed compliance issues "without incremental spend." They also closed vendor audits with minimal exposure because Birdsong's SAM philosophy is to do more than an auditor would, be more complete. "Understand how [auditors] do things and understand their approach," he advises.

Visa's SAM team also realized that they needed discovery and compliance engine tools. They purchased BDNA Discover and Normalize and Flexera FlexNet Manager, which they continued to roll out through 2013 and 2014. They've also deployed Microsoft SCCM (System Center Configuration Manager) and CA Portfolio Asset Manager.

In the third year of the program, they established a policy to complete a quarterly check on the ROI (return on investment) and compliance on their ELAs, and they identified compliance exposure on several key products in their ecosystem.

"Don't expect any tool to work perfectly out the box," Birdsong says. "We use vendors that can provide the data points we need and a tool that can be customized." The SAM team works closely with tool vendor engineers to customize the products to meet Visa's needs.

Birdsong points out that Visa prefers this mutually beneficial, highly aligned relationship with SAM tool vendors. He hopes that other companies will find value in the changes Visa helps make to these tools.

Driving the SAM strategy

Birdsong identified three categories of drivers behind Visa's SAM program: financial, legal, and operational. They want to optimize their licenses, make the most effective use of services, and ensure they're getting value out of their software spend. Legally, they're concerned about noncompliance with license agreements. From an operational standpoint, they're involved in title rationalization to choose the best software as well as reducing headcounts to support additional titles.

To meet these drivers, Birdsong has taken a three-pronged strategy: people, process, and tools. His team now includes 15 employees with license compliance experience as well as Windows and Unix system implementation and support expertise. They're also unfailingly good communicators with backgrounds in business.

"People came from the Big Four to do auditing for Microsoft and IBM. If you think one of them will be coming after you, the best thing to do is to hire an auditor," says Birdsong.

His process includes ELA negotiations, audit responses, and title rationalization, and he uses entitlement tools. His team has built baselines for software product utilization that, he believes, are more detailed than what any auditor would build.

"We want to have baselines available and be able to self-report — and not waste thousands of hours going through an audit," Birdsong says. "If we get wind of vendors doing audits, we'll do a review. We want to be a low-risk candidate."

It's also important to understand what puts you at a higher risk of an audit. He says, "High risk is a vendor that we have a high spend with. If you're reducing spend or have products that are easy to audit and have a high yield, you'll be a target."

Goals for 2014 to 2016

Birdsong isn't resting on his laurels. He's set several short-term goals for his team. His plans for this year include achieving automated and near real-time compliance, cost clarity around software consumption by service, and consolidating software products. Next year, he intends to renegotiate several major ELAs and perform license reclamation. And in 2016, he expects to see maturity in preventive controls and accountability as well as in non-standard metrics and platforms, and he wants to add the discovery of and reporting on open source software.

He also wants to see his SAM professionals expand their work with the sourcing teams and product managers. He points out that, after you've worked through the immediate non-compliance liability, weeded out software that no one uses anymore, and canceled unnecessary support contracts, your SAM program can find other ways to add value to your organization.

Birdsong says that today, "Folks come to us with any questions about what software is deployed where and to understand all the software that's licensed and available. We help them make better and smarter decisions."

Zeb Zigler, asset management analyst at Visa, also participated in this case study presentation.

Stay tuned for more on the 2015 SAM Summit in Chicago.

Leslie T. O'Neill is a writer based in Pleasanton, CA.

Published by ECP Media LC
P.O. Box 1549 | Ann Arbor, Michigan 48106-1549 U.S.A. | Office and fax: 1.734.930.1925

ECP articles are provided to IBSMA by arrangement with

Terms of use

This publication is designed to provide accurate and authoritative information regarding the subject matter. Neither the publisher nor the author(s) is offering legal, accounting or tax advice. Although care has been exercised and every attempt made to verify the information in this publication, neither the publisher nor the author(s) is responsible for errors or omissions. Neither the publisher nor the author(s) is affiliated with nor endorsed by any organization listed here or by any subsidiary company. Trademarks are the property of their respective owners. ITIL® is a registered trademark of the United Kingdom's Office of Government Commerce. The Certified by logo is a licensed trademark of ECP Media. The publication may be printed for personal use. The publication MAY NOT be printed for distribution in a public or private venue (i.e., conferences, trade shows, direct mailing, etc.).

© 2014 ECP Media LC ( No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, or by any means (electronic, mechanical, photocopied, recorded or other) without the prior written permission of both the copyright owner and the publisher.