The "No Network is 100% Secure" series
- Shelfware -
A White Paper
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
Contact Us
What is Shelfware?: Loosely defined, shelfware is slang for software that is
so worthless that it remains in the shrink-wrapped box on the shelf above your
desk or in a storage cabinet somewhere. The term shelfware can also be applied to
software (usually expensive software) that has been only marginally configured
and/or deployed. Software that grossly failed to meet the claims and promises made
by Vendor Sales and Marketing hype after it was purchased frequently turns into
shelfware.
Where ever there is a computer, there is "shelfware". Whether an organization has
10,000 people or only one person, you can be sure there's software sitting on a
shelf somewhere in the building.
How does software get to be shelfware?: Someone had a great idea. Software
was purchased. After the software was purchased, it couldn't be made do what
was wanted in a reasonable timeframe. The reasons for failure are many. It
might have been due to changing priorities, lack of time or lack of
resources/expertise. Or it could be that the software turned out to
be much more difficult to install and configure than expected. Or, the software
may have simply been a bad purchase choice that ultimately turned out to be incapable
of providing the expected, desired capabilities. Essentially, shelfware is software
that didn't return the value of its cost before being placed on a shelf. This could
be the fault of the software, the organization, or the individual.
The hidden cost of shelfware: It's a no-brainer after you buy, but
Vendor discounts aren't always as good a deal as they seemed when the sales
guy made his pitch. And once you're stuck with shelfware, it can often be a lose-lose
situation for you and the Vendor! Clients often complain about expensive software
maintenance and unsympathetic vendors but recognize that they are in a weak negotiation
position. The ongoing maintenance expense on excess license capacity and superfluous
products provides zero value for money. Worse still, these redundant assets actually
reduce your customer service from the vendor, because the vendor's rep sees shelfware
as a barrier to future commission. You should always consider the longer-term
implications of potential shelfware before you agree to increase the size of your
order. By following a few straightforward buying tactics, you can get similar discounts
on smaller-scale initial purchases but avoid paying maintenance for software your
company does not need and will not use, while also retaining leverage for future
negotiations.
How to avoid purchasing shelfware: Have a requirements statement!
Every project should have a negotiated list of requirements or a statement
of what problems will be solved when the project has been completed.
Basically, these would be the project deliverables and would include a
schedule and completion date. Be sure to include business managers,
users and other stakeholders in requirements gathering and technology purchase
decisions. Any product can fail if it doesn't align with business processes
or gain acceptance from the user community.
But more importantly, if you
don't have a requirements statement, how can you possibly measure which
products have and don't have the features you need?
Take advantage of trial software.
If you just purchase software without trying it out first and if it ultimately
doesn't work, it becomes shelfware. Make a best practice of requiring trials to
verify that needed functionality and features work before authorizing that purchase
order!. This can be an important step in eliminating shelfware.
Some software will not have a trial version, or the trial version will be so
severely crippled that it's not possible to use it to properly evaluate whether
the software will do what you need. That's when you should purchase with a plan
for returning the software if it doesn't work out.
Ask vendors for client references with similar use-case scenarios to yours. The
fault may not lie in the technology itself, but in how well the software fits
your particular situation.
Don't automatically buy from your predominant vendor. Examine every product
pitch, from a new or existing vendor, with the same criteria. An existing vendor
could have won you over before, but not all of its products will be an exact fit
for your needs.
Consider purchasing on a performance-based contract or a leased or subscription basis.
The sale in this case is contingent on proving that the software will work in your
organization or you don't pay for it. Performance based contracts are more
prevalent for high dollar software purchases and can be used to reduce the
risks that your new implementation will be a bad experience.
Independent reviews can be very valuable, especially in avoiding costly mis-steps
if you are planning on purchasing software costing many tens of thousands of dollars.
Easyrider LAN Pro is frequently called upon to gather design requirements
for a particular project initiative and to make recommendations regarding which
products would be the most effective in supporting those goals. Since
Easyrider LAN Pro is not a reseller, we have no financial motivations
for recommending one product over an other. Neither would we have any hidden
agendas if asked to review your product purchase plans before you authorize
the expenditure.
Software as a Service (SaaS): There are advantages as well as a few significant
disadvantages in going with SaaS versus purchasing software outright. Typically
more expensive than doing it yourself, SaaS is a "managed service" that is
unlikely to ever become shelfware. The biggest risk here is getting yourself
into a contract that is difficult and expensive to get out of. You are also
likely to run into "hidden fees" and big boosts in pricing at renewal time
(after you are hooked on the service). You may be in for some nasty surprises
if and when you decide to terminate the service. However, depending on your
needs and circumstances, SaaS may be an option worth considering.
Software License Shelfware: Some words of advice here. Avoid software that
uses a licensing revenue model if you possibly can. IT organizations that use
products such as Oracle do not need to ask why I have this opinion. Of course
sometimes you have no choice. For example, if you use HP Openview (which
is licensed according to the "tier" [typically the # CPUs] computer each agent
is installed on),
you also MUST have Oracle which is also licensed, but in a very ... ummmm ...
"unfulfilling" (IMO) way.
Once you deploy this type of software, you are pretty much dependant on the Vendor
for patches, support, information and so on. The Vendor can ignore bugs, change,
retire or obsolete a product, arbitrarily refuse to support certain versions,
configurations or operating
systems and pretty much anything else they feel like doing (or not doing)
and there isn't Jack Spit that you can do about it.
And with the trend towards outsourcing
support to Third World Countries and years of on-going layoffs in Vendor software
development
and SQA groups, customers of licensed software typically get less and less for
their money the longer they have these products. Additionally, there is usually
no correlation between Vendor costs and their pricing. The pricing model
for these types of products is typically whatever the market will bear.
Vendors such as Oracle know that it would be extremely painful if not outright
impossible for customers to switch to something else. And they price accordingly.
Open source Linux took the claws out of companies like Sun, HP and IBM
when it came to Solaris, HP-UX and AIX. Increasingly, open source projects
are starting to bite into application and database software vendors too.
Not all open source software will be a good fit for your application and
needs, but free is a very good price and is certainly worth looking at.
One would think that these big software Vendors would appreciate long term, loyal,
captive customers such as you, wouldn't you? But my experience as a
professional consultant has been just the opposite. I was an Allstate
customer for over 20 years and yet I saved $1,200 per year on the exact same
coverage by switching to Geico. The same brain dead mindset at Allstate
that didn't value my brand loyalty is alive and well in the boardrooms of
HICs (huge, impersonal companies) that sell licensed software.
Caveat emptor.
Expensive, licensed software is certainly
a case where you definitely want to consider having an independent
review done before you sign any contracts.
The Gartner Group concurs. "[... this is not a task for amateurs. Unless you
want to just let the vendor have their way with you on a large contract, you
should consider engaging professionals to help out with this".
Easyrider LAN Pro can and has helped IT organizations avoid making
million dollar (literally) mistakes. Even if your company typically does not
engage professional consultants, having your purchase plans reviewed by an
outside, impartial, unbiased third party can make very good sense.
About the Author
Frank Saxton is a computer network security engineer and Easyrider LAN Pro principle.
Home-based in Portland, Oregon, Frank has been designing remote diagnostic and
network enterprise monitoring centers since the late 1970s. Prior to becoming a
professional systems engineering consultant in 1990, Frank had a 20 year career
in computer systems field engineering and field engineering management. Frank
has a BSEE from Northeastern University and holds several certifications including
Network General's Certified Network Expert (CNX). As a NOC design engineer and
architect, Frank works regularly with enterprise-class monitoring tools such as
HP Openview Operations, BMC Patrol and others. In his enterprise security
audit work, Frank uses sniffers and other professional grade monitoring tools on a
daily basis.
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
Cryptography White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Conficker White Paper
Phishing White Paper
DNS Poisoning White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Trojan Virus Attacks White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
Last modified March 25, 2009
Copyright 1990-2009 Easyrider LAN Pro