How SaaS Management Drives Career Wins and Business Impact for Software Asset Management Pros with Joe Ryder (McKesson)

Joe Ryder: We're doing a lot of metamorphosis into something different in terms of we need to know a lot more. We have to be a lot more diligent in terms of knowing our products, knowing the licensing models, keeping up to date. At the same time, have to know investment risk management. We need to know corporate finance. We need to know how these things are actually managed as an asset within our environment.

Cory Wheeler: Hello, hello, and welcome to SaaSMe Unfiltered, the SaaS management podcast, the show with give it to you straight real- life advice from pros knee- deep in SaaS every single day; SaaS management superheroes just like you. Welcome back everyone. I am very pleased to welcome to the show today Joe Ryder, Senior Manager of Software Asset Management at McKesson. Joe has more than 10 years of software asset management experience and was previously a member of the world- class SAM team at Salesforce. If you're a SAM leader or practitioner, you may have come across him on LinkedIn, sharing his thoughts and tips on maturing a SAM practice and up- leveling your career in SAM. Meredith and I are very excited to jump in and talk about how software asset management leaders can win, make an impact and stay relevant in the space. Welcome to SaaSMe Unfiltered, Joe.

Joe Ryder: Thank you very much. Glad to be here.

Cory Wheeler: Well, we're very excited. As SaaS has very much shaken up the world of software over the past 10 years, much of software asset management was built upon the management of audit risk via on- prem licensing overages. Much of that has now shifted to the cloud and a more flexible way of licensing. So how is SAM ushering in a new era of accountability built on those same legacy SAM principles?

Joe Ryder: I think that there's a lot of change in the market in terms of going with different licensing models, different ways of delivery. Regionality has also been changing over the last several years due to GDPR and some other cloud items, and then there's this whole market of AI that's emerging. We're doing a lot of metamorphosis into something different, if you would, in terms of we need to know a lot more. We need to know how that licensing actually carries over from vendor to vendor, because even in the same functionality categories, those different vendors actually do supply their licensing a little differently. So, where one might be a user- based license, another might be user plus a bunch of modules. Another might be we're serving your devices and those need to be licensed as well. It definitely runs the gambit. So we have to be a lot more diligent in terms of knowing our products, knowing the licensing models, keeping up to date, but at the same time have to know investment risk management. We need to know corporate finance. We need to know how these things are actually managed as an asset within our environment, because that decision- making is pretty dynamic within organizations.

Cory Wheeler: So extending the same thing you're doing, and you've always done around on- prem into SaaS is a very natural shift just to different delivery mechanism, right?

Joe Ryder: Absolutely. And sometimes the same delivery method, they've shifted into a cloud hosted offering. So the Oracles and the Microsofts and the SAPs of the world have decided, " Well, I'm still going to give you similar types of license metrics, but they're all going to be subscription." Or" They're going to have some other revenue behind it that you didn't really see when you had it on- prem." So we have to be able to ship to that, especially when we have hybrid cloud, when we have things that are going with SaaS or maybe even a platform as a service, which has a lot more aspects to understanding its licensing.

Meredith Albertson: Joe, SaaS is a way of life for most enterprise businesses, however, we don't see the mass adoption of SaaS management yet, just across that software asset management function. What do you think is holding some SAM pros back from really tackling the problems that come along with SaaS?

Joe Ryder: Well, there's definitely some self- imposed barriers and some artificial barriers there. There's a lot of risk in the tier one vendors. They're just not really focused on a lot of the smaller vendors that are out there and realizing that that long tail of spend ends up being a lot more impactful if you take that as a whole, then these larger vendors that have a larger spend with that one vendor. So there's just an attention suck from those very risky, very large contracts where they're not able to do that pivot over to the smaller ones. They also just see that this is probably headcount- based if you take it at the surface. So somebody needs a SaaS tool, they're going to look at, " Well, what's my headcount? If I need this for everybody, I'm just going to focus on new hire rates. I'm going to focus on hiring and firing. That's going to be as much as I can do." But if they actually look at it, there are ways to actually optimize SaaS as an asset that basically can be given to anybody, but for specific reasons. So you have things like Asana or other vendors that have specific niche use cases, and as they go in and out of their job, they may use it, or they may not. Those aren't really headcount- based. It's definitely a different misconception. But on top of that, they don't want to be big brother, looking at everyone's web traffic or understanding what their use case is of a certain tool that they might also use outside of work. Business owners think that they're a lot closer to that hiring and firing, so they want to be the decision- makers. It just kind of runs a gambit, and it causes problems with adopting a SaaS management strategy.

Meredith Albertson: Do you think that there's a compelling moment or event that may really start to almost force the function the little bit that SAM pros will almost be thrust into paying more attention to SaaS and their business?

Joe Ryder: Yeah, I think the most common one that everyone talks about is I found out that people were spending on their credit cards to get Sales Navigator or some other large contract that they thought that they had a good handle on, and they realized, " Oh my goodness, everyone's expensing this stuff." That's a very common issue, and I've run into it in my career. I know that many of other people that I've talked to in the practitioner market, that's their issue is everyone's spending everywhere. And to get their hands around it, they first of all have to get people off of that credit card spend so it is a manageable transaction, and it's tied to your company as opposed to an individual. That process is so daunting and takes so much data that they start realizing they actually need a tool. They need something to help them through that process and understand exactly what they're up against.

Cory Wheeler: Do you see that compelling event that gets things moving and shadow IT 100%, Joe? You and I have worked on that in the past as well. We see a lot of licensing shifting within SaaS from user- based models now into some consumption- based models, SaaS that sits on your infrastructure or SaaS that is just deployed in a different way. DocuSign envelopes or Zoom meetings, or things like that, that are tracking more than just are you holding a license? How do you manage that today? Are there compelling events in consumption overages that don't exist in license or user- based license scenarios that SAM leaders need to be looking at?

Joe Ryder: Yeah. I think that the most common thing that you find in SaaS today is that there are add- ons. So you could have a user license. Let's say you're using a project dashboard or a project timeline tool, and you have a user that comes in, you license them, that's great. Well, there may be a different level of licensing based on their role in that tool. It could be an admin versus a standard user. Maybe they also need a whiteboard product, which is also sold by that company, and that's an additional license. So that could be a sprawl that you weren't prepared for if you don't have any controls around who gets what. That's the more common situation where there's a portfolio of what's being given in that SaaS tool as opposed to just the one product. But there are those situations where you reach into even different licensing metrics such as consumption, things like the guests to a whiteboard or a meeting. So those may be consumption- based and given out and monetized in a very small scale and somewhat cheap, but they grow, especially if you have a lot of guests to that. So it is a lot different than just looking at the user level.

Cory Wheeler: Yes, I would agree. I think AI is going to bring an entirely new level of consumption level tracking and monitoring and measurement that fits really nicely into the SAM portfolio as well.

Joe Ryder: One thing I do want to talk about is that idea that SAM needs to now start looking at AI rates and consumptions and tokens and things like that, that's a brand- new thing for SAM. We're not quite sure. In the market, I've not really heard very good answers on what's the right way to manage that outside of FinOps, because really FinOps doesn't have that visibility. They're looking at infrastructure. They're not looking at SaaS. They're not looking at those consumption rates there, and there's no tools to get those folks to actually monitor it. The question is, do we then put blanket POs and just hope for the best? I don't think that's a good approach. I think it really requires more hands- on monitoring, relationships with your admins, making sure that you have the right reporting from them on that consumption, and you're able to put it into a tool or a tracking method of some sort in order to see that consumption over time and make the right decisions.

Cory Wheeler: Spot on. What do you advise for SAM leaders today? What do they need to be doing to bring SaaS into their current strategies and begin to plan for the future, up- level their careers, and take on more ownership of strategic asset management in the org?

Joe Ryder: I think that the start of that is looking for that SaaS spend. Now that could be in your current POs, your current contracts, that's fine, but looking at your expenses, and not just looking at those expenses that have been marked as software in your expense reports. That isn't always the case. People don't really realize that they're using software in some circumstances. They think it's just a tool or something that doesn't really qualify for the same scrutiny. Even some subscriptions to things like Gartner and stuff like that could be managed like software. So we really need to be able to start identifying the right identities of those vendors. Finding a tool like Zylo, or looking for a method to peruse expense reports, that's an important part because I think every organization, no matter what their size is, is dealing with that. Do you accept that level of unmanaged investment? Because everything is an investment. No matter whether you are spending$ 50 on a credit card or$ 50 million on a big arrangement with a large tier one vendor, it's all investment. Those$ 50 investments will add up to a larger sum of money. So you need to be able to validate that active consumption of licenses, where we're spending, and then are they actually using it. There's many methods to do that, and you just have to find that right one that's going to work for you. Some of that takes training. Some of it takes just getting familiar with the tools, trying one out, seeing if it works, going to the next one. It just depends on the organization.

Meredith Albertson: Well, and those$ 50 apps not only add up, but I think the inherent risk that comes with applications like that to companies as well. Do you see that that's something that SAM professionals are starting, are already watching, are already concerned with, or are you just seeing sort of the tip of the iceberg there?

Joe Ryder: Oh, we're going to see that iceberg grow as the water recedes, if you would, and shows us what the underpinnings are. There are at least 10 to 100 different apps in every category, and those are growing. As people see new things to solve for, they have familiarity with that category in one organization, so they start looking at a startup that actually solves that as well and competes. That competition is very wide and very easy to get into in many of those categories. So we're going to see that those number of apps and the reasons why people choose one app or another grow over time. We've already seen it in the last five to 10 years. It's actually advertising business apps, and they see it. They're like, " Oh, that's really cool. I want to use that." And that's great, but there has to be a meaningful reason for your organization to adopt it, and that's where we're not seeing that level of control in most organizations. Even mature SAM practices. Collaboratively, we've been talking about how do we really make that more meaningful for our leadership, get more visibility to our CIO on the problem because they're looking at the big stuff. As long as they're aware that we're working on them, that smaller investment, and that we have some kind of management policy over it, they're happy to just let us maintain that and pursue it. So if we've got that arrangement, we're in a better position.

Meredith Albertson: If you're not unlocking the full value of your SaaS, what are you doing? There's no denying it. SaaS is mission- critical to your company's growth and success, and as the number two operating expense for most organizations, it's your biggest opportunity to save money and drive efficiency. The time is now to do something about it. Join me and your fellow IT, SAM, finance and procurement leaders at SaaSMe. SaaSME is the industry's only dedicated SaaS management event where you can sharpen your skills, hear from your peers, and learn how to unlock value and responsible business growth through smarter SaaS management. Register today at saasme. com. That's S-A- A- S- M- E. com. Well, Joe, speaking of strategic SAM programs, we were chatting the other day; you mentioned that organizations with established SAM programs are really moving out of that tactical function and into more strategic thinking, and you've talked a lot about this on your thought leadership, on LinkedIn, and you mentioned that there's sort of a process, an order of operations to get to the full SAM program maturity. Can you walk our listeners through what that journey to that program maturity really looks like?

Joe Ryder: There's an ISO that has been released ever since the 2000s. It's ISO 19770. It's a great framework. It's very dry. Not a lot of people will just read it and follow every single step. It's really a framework for the right program in your organization. I use that tier four maturity level that they published and maintain as the roadmap for my programs, as well as I speak a lot of that to other people that are practitioners in their area. You really start with that reactive tier, that tier one, where you don't really know what you have. You're going to establish that. You may or may not have discovery, and it may or may not be complete. You're going to implement that completeness and just get to know what you actually have, and that also includes making sure you have visibility to your purchases and that kind of thing. After you've established that inventory, you're able to start assigning those entitlements and really making that correlation between what you have and what the publisher believes you have. That's where you're in tier two. You're starting to put those policies in place. You're starting to see the actual process in motion, the lifecycle in motion, and start making some quick wins, but also some adjustments to the lifecycle. Until you're able to really get to that established tier where you know what you have, they've been aligned, you can see everything, and you have that inroad of new data coming in from purchasing and from usage, that's where you get into that ProAct state work, that's tier three of proactivity, where you're trying to get more governance in place, more education to users. You have a repeatable process. You're now in an operational state, if you would. A lot of my teams have been working towards that operational state installed at tier two, trying to really get established and try to get more into the operational state as we get better visibility to the leadership. And then once you're actually able to establish that, make sure that your governance is in place, and it's repeatable, you then start looking at optimization. And while that is very late in the game on some of the larger ones, you probably have already maybe optimized several contracts, that optimization is more about rationalizing apps, making more strategic buys, and being kind of at the table when we're doing acquisitions of software or RFPs or things like that that are more strategic. And then really automating and having lean inventory management strategies. And while that might be AI in the future, right now that plays into a lot of different tooling and requires a lot of really maturity in your process. There's lots of ways to slip back and forth between those tiers, but it has the best way of getting you to where you need to be ideally, as a state- of- the- art SAM practice.

Cory Wheeler: I love how that tiered structure aligns. I very much agree with you that optimization is the pinnacle of everything you're putting in place to be able to drive that in a programmatic way. I'm going to take you all the way back to tier one, though. As you think about that reactive state discovery completeness, you mentioned purchasing and usage, how do you get started doing this, and what should SAM leaders be doing differently where you've seen failures in this area? How do you get that discovery completeness, and where do you even begin the overall strategy?

Joe Ryder: Where I see us starting is usually with whatever tools are already there for endpoint management, which are not very conductive to SaaS obviously, but also they're not complete in terms of what we need for utilization of software. I think that that part of, well, I know what I have, and it's there, so I need to license it. That's not always the case. And I think that the earlier that you can actually look at your tools and say, " Does this tell me that someone's using the software?" That's what fast tracks you out of that tier one. The discovery piece is probably the hardest to start with. The entitlements can be brought in through your sourcing partners, through talking with vendors directly. That's work that we're always going to be doing, but that discovery piece is really out of our hands. We're not technical people in most cases. Where we are technical people, we're not owning discovery, that's more of the operations side of IT. So we need to be able to rely on those tools to tell us it's installed, that's great, or we see it in action, but how often is it being used? Why is it being used? Those are the types of things that to establish that tier one we really need, and for SaaS, that could be multiple tools. Not every tool actually has an API. When I say tool, I mean the things that you're buying. Not a lot of them have an API. Some of them on purpose, because it's like giving the keys to the castle away. So we need to be able to have a dynamic system for SaaS specifically to say, " Here's the traffic coming over. Do I see some of that utilization out of the API, out of web traffic," out of whatever? Maybe you're using a CASB solution for that or not. There are plenty of ways to do that, but you need to establish that tool that's going to do that or that set of tools.

Cory Wheeler: I think that makes a lot of sense, Joe. A while back, you shared on LinkedIn that there's an imperative for SAM pros to understand investment and managerial finance. I think all of us find that pretty interesting as we just talked about, but as a SAM practice matures, we are seeing that convergence with FinOps as SaaS becomes consumption- based as it becomes attached to your infrastructure, or as it just becomes a potential budget- busting event. What impact do you think that has on SAM practitioners? And you mentioned a little bit early on that you're looking to solve that, but what do you envision that impact will be?

Joe Ryder: I would say that ITAM in general has been doing this for years. You have a lot of management in terms of VM management, within hardware asset management, that does bleed into software. Where we come into play in FinOps is where the person who's actually doing the management of those endpoints within the cloud, especially for platform as a service where you don't have an OS that's managing, you can't discover it, they're just looking at spend and trying to ask the question, can this be optimized? Can this be reduced? Because a lot of this is about reducing cost in the cloud.

Cory Wheeler: Sure.

Joe Ryder: Where maybe the project is actually utilizing those resources for different pieces of their activities, and they can speak to, " Well, this project is going to go this long." That doesn't necessarily correlate to how it's being licensed. Especially for containers, for anything that's a spin- up, spin- down, consumption- based and actually does have virtualization rights, the workload is hard to track unless you understand exactly how it's licensed without having a subject- matter expert at the table that can look at the contract and say, " This is the definition of consumption." You're going to have a lot of assumptions at the table, and those assumptions may be wrong at the beginning, and it's hard to go back. It's hard to renegotiate. I think that there is definitely a partnership between FinOps managers and software asset management. I don't see them merging. I don't see them having a SAM practitioner within a FinOps space because it requires a lot more visibility to the software market than what FinOps is actually managing. Especially when we talk about how does SaaS play into that? Because there are plenty of platforms that we're seeing now come out where you have a SaaS offering that is just completely user- facing and could be just through a web browser, but then it hooks into your private cloud, your hybrid cloud, and actually has a different method of monetizing that. You may look at that as well, this is just user- based at the surface of it, but FinOps then has to consider it when it's taking workloads to and from an IS kind of a system. I see that being a good partnership and that'll grow over time.

Meredith Albertson: Joe, as you see that partnership happening and continuing to grow over time, how can SAM professionals learn a little bit more about FinOps from a goals' perspective, what they're trying to achieve, and then vice versa, so that partnership really becomes super aligned, really cohesive in a way that maybe doesn't exist today because it's so new?

Joe Ryder: There's lots of FinOps training out there now. Lisa is now doing FinOps training. Gartner's offering their own consultancies for FinOps. There's lots of options out there for information. That's great to have from a best practices standpoint. I think that it's important. My team is going to go through FinOps training as they become more familiar with those publishers that actually are in that space and serving within a hybrid cloud. The best strategy that you have in terms of understanding each other's world is in an organization establishing those practices, that FinOps practice and that SAM practice, and then having them actually sit down with each other and share ideas and experiences over time, because our life is going to change in the next five years. It has changed in the last five years. Being able to share that with each other directly and be able to take those policy notes to change the process, that's going to be much more impactful to most of these organizations.

Meredith Albertson: Well, Joe, that's a great segue to the next question I actually had for you. A lot is going to be changing in the next five years. Where do you see the SAM profession going?

Joe Ryder: I do see that we're going to have a lot more collaboration with architecture. I'm seeing so much more value in organizations where you have a strong enterprise architecture and solutions architecture relationship. I know that from my perspective and my history with the organizations I've worked for, we couldn't do what we do without an architect's perspective. We just don't know enough about the apps to be able to rationalize them. We don't know where we're duplicating efforts other than other people telling us because we're trying to get through the contracting, the licensing. I think having that relationship with architects that understand cloud better and understand even web traffic and exactly how things like AI that needs to be blocked because it's not safe is actually handled. So there's lots of new things coming out. There are new risks and that kind of thing that we're just not going to be prepared for, and those partnerships are going to be important. The other piece of that I would say is making sure that we are aligned to security and actually have a seat at the table when security is trying to understand how to properly evaluate the software. From the cloud aspect, from the on- prem aspect, whatever, we're able to use those relationships with our architects, with our business owners and start to translate exactly what the risks might be. Such as, this says it's AI- driven. It may not be an AI tool, but it says it's got AI pieces. How are they using that? Someone said, we're using a password manager in the cloud. They're saying that there's no visibility to sensitive passwords because there's encryption, but they are still holding our data. We need to understand exactly their certifications and their security. We can't just do an auto approval based on that. There's lots of those examples out in the environment. The partnerships will get stronger over time because of out of necessity, to be honest. And we're going to see a lot more having to manage consumption- based licensing. It's just that's where things are going, and it's better for the software vendors because they're able to monetize in a new way and not have to have those hard IP conversations because it's all based on what they consider a straightforward model. We're going to see that a lot more, and we have to learn it.

Meredith Albertson: Well, Joe, we like to close out each episode with a bit of a fun question. My question for you today is, what is the craziest thing that you've ever done to try and track down who an app owner was?

Joe Ryder: I found that there was a team, a pretty large team that was using a project management tool, and they were able to show me their environment and exactly what they were doing, but they weren't able to show me any kind of user information because the admin had actually left the company, and they didn't know how to change that admin. No one else was a sub- admin or anything like that. The publisher actually was not willing to change it without some kind of response from the original admin, which was not great.

Meredith Albertson: Oh, boy.

Joe Ryder: So I had to actually contact a former employee to try to get him in and remove himself as an admin and make me an admin for a while, which I didn't want to do. That was kind of uncomfortable, because for the time being, not finding another admin, I did not want to be now an admin for a project management team. But it worked out. We found an admin very quickly. But just the process of trying to carefully contact a former employee about a business issue with HR involved, it was quite the process.

Meredith Albertson: Well, my guess is you're not the only one that's ever faced a challenge like that. Well, Joe, we can't thank you enough for joining us today. I loved hearing your perspective on the framework, and how SAM teams need to be thinking about moving from that tactical approach to more strategic thinking, your perspective on what SAM professionals need to be thinking about for them to grow strategically in their own careers. Clearly, there's so much that SAM pros can do to continue to up- level their thinking, their partnerships across the business, and help really mature the SAM practice in their own organizations, and we really appreciate you sharing your point of view and your experience and your advice with all of our listeners today. I will tell everyone who is listening, if you aren't already following Joe on LinkedIn, we're going to drop a link to his profile in the show notes. Please give him a follow. He has got incredible knowledge on a daily and weekly basis that you should definitely be paying attention to.

Joe Ryder: Thank you for having me.

Cory Wheeler: Did you enjoy the episode? Pass that along to your friends. Subscribe to get notifications for the latest episode. Share your favorite takeaways, and join the conversation on social media using# SaaSMeUnfiltered.