The "No Network is 100% Secure" series
- Shelfware -
A White Paper
All rights reserved - may not be copied without permission
Easyrider LAN Pro, NOC Design Consultants
What is Shelfware?: Loosely defined, shelfware is slang for software that is
so worthless that it remains in the shrink-wrapped box on the shelf above your
desk or in a storage cabinet somewhere. The term shelfware can also be applied to
software (usually expensive software) that has been only marginally configured
and/or deployed. Software that grossly failed to meet the claims and promises made
by Vendor Sales and Marketing hype after it was purchased frequently turns into
Where ever there is a computer, there is "shelfware". Whether an organization has 10,000 people or only one person, you can be sure there's software sitting on a shelf somewhere in the building.
How does software get to be shelfware?: Someone had a great idea. Software was purchased. After the software was purchased, it couldn't be made do what was wanted in a reasonable timeframe. The reasons for failure are many. It might have been due to changing priorities, lack of time or lack of resources/expertise. Or it could be that the software turned out to be much more difficult to install and configure than expected. Or, the software may have simply been a bad purchase choice that ultimately turned out to be incapable of providing the expected, desired capabilities. Essentially, shelfware is software that didn't return the value of its cost before being placed on a shelf. This could be the fault of the software, the organization, or the individual.
The hidden cost of shelfware: It's a no-brainer after you buy, but Vendor discounts aren't always as good a deal as they seemed when the sales guy made his pitch. And once you're stuck with shelfware, it can often be a lose-lose situation for you and the Vendor! Clients often complain about expensive software maintenance and unsympathetic vendors but recognize that they are in a weak negotiation position. The ongoing maintenance expense on excess license capacity and superfluous products provides zero value for money. Worse still, these redundant assets actually reduce your customer service from the vendor, because the vendor's rep sees shelfware as a barrier to future commission. You should always consider the longer-term implications of potential shelfware before you agree to increase the size of your order. By following a few straightforward buying tactics, you can get similar discounts on smaller-scale initial purchases but avoid paying maintenance for software your company does not need and will not use, while also retaining leverage for future negotiations.
How to avoid purchasing shelfware: Have a requirements statement! Every project should have a negotiated list of requirements or a statement of what problems will be solved when the project has been completed. Basically, these would be the project deliverables and would include a schedule and completion date. Be sure to include business managers, users and other stakeholders in requirements gathering and technology purchase decisions. Any product can fail if it doesn't align with business processes or gain acceptance from the user community. But more importantly, if you don't have a requirements statement, how can you possibly measure which products have and don't have the features you need?
Take advantage of trial software. If you just purchase software without trying it out first and if it ultimately doesn't work, it becomes shelfware. Make a best practice of requiring trials to verify that needed functionality and features work before authorizing that purchase order!. This can be an important step in eliminating shelfware.
Some software will not have a trial version, or the trial version will be so severely crippled that it's not possible to use it to properly evaluate whether the software will do what you need. That's when you should purchase with a plan for returning the software if it doesn't work out.
Ask vendors for client references with similar use-case scenarios to yours. The fault may not lie in the technology itself, but in how well the software fits your particular situation.
Don't automatically buy from your predominant vendor. Examine every product pitch, from a new or existing vendor, with the same criteria. An existing vendor could have won you over before, but not all of its products will be an exact fit for your needs.
Consider purchasing on a performance-based contract or a leased or subscription basis. The sale in this case is contingent on proving that the software will work in your organization or you don't pay for it. Performance based contracts are more prevalent for high dollar software purchases and can be used to reduce the risks that your new implementation will be a bad experience.
Independent reviews can be very valuable, especially in avoiding costly mis-steps if you are planning on purchasing software costing many tens of thousands of dollars. Easyrider LAN Pro is frequently called upon to gather design requirements for a particular project initiative and to make recommendations regarding which products would be the most effective in supporting those goals. Since Easyrider LAN Pro is not a reseller, we have no financial motivations for recommending one product over an other. Neither would we have any hidden agendas if asked to review your product purchase plans before you authorize the expenditure.
Software as a Service (SaaS): There are advantages as well as a few significant disadvantages in going with SaaS versus purchasing software outright. Typically more expensive than doing it yourself, SaaS is a "managed service" that is unlikely to ever become shelfware. The biggest risk here is getting yourself into a contract that is difficult and expensive to get out of. You are also likely to run into "hidden fees" and big boosts in pricing at renewal time (after you are hooked on the service). You may be in for some nasty surprises if and when you decide to terminate the service. However, depending on your needs and circumstances, SaaS may be an option worth considering.
Software License Shelfware: Some words of advice here. Avoid software that uses a licensing revenue model if you possibly can. IT organizations that use products such as Oracle do not need to ask why I have this opinion. Of course sometimes you have no choice. For example, if you use HP Openview (which is licensed according to the "tier" [typically the # CPUs] computer each agent is installed on), you also MUST have Oracle which is also licensed, but in a very ... ummmm ... "unfulfilling" (IMO) way. Once you deploy this type of software, you are pretty much dependant on the Vendor for patches, support, information and so on. The Vendor can ignore bugs, change, retire or obsolete a product, arbitrarily refuse to support certain versions, configurations or operating systems and pretty much anything else they feel like doing (or not doing) and there isn't Jack Spit that you can do about it. And with the trend towards outsourcing support to Third World Countries and years of on-going layoffs in Vendor software development and SQA groups, customers of licensed software typically get less and less for their money the longer they have these products. Additionally, there is usually no correlation between Vendor costs and their pricing. The pricing model for these types of products is typically whatever the market will bear. Vendors such as Oracle know that it would be extremely painful if not outright impossible for customers to switch to something else. And they price accordingly.
Open source Linux took the claws out of companies like Sun, HP and IBM when it came to Solaris, HP-UX and AIX. Increasingly, open source projects are starting to bite into application and database software vendors too. Not all open source software will be a good fit for your application and needs, but free is a very good price and is certainly worth looking at.
One would think that these big software Vendors would appreciate long term, loyal, captive customers such as you, wouldn't you? But my experience as a professional consultant has been just the opposite. I was an Allstate customer for over 20 years and yet I saved $1,200 per year on the exact same coverage by switching to Geico. The same brain dead mindset at Allstate that didn't value my brand loyalty is alive and well in the boardrooms of HICs (huge, impersonal companies) that sell licensed software. Caveat emptor.
Expensive, licensed software is certainly a case where you definitely want to consider having an independent review done before you sign any contracts. The Gartner Group concurs. "[... this is not a task for amateurs. Unless you want to just let the vendor have their way with you on a large contract, you should consider engaging professionals to help out with this".
Easyrider LAN Pro can and has helped IT organizations avoid making million dollar (literally) mistakes. Even if your company typically does not engage professional consultants, having your purchase plans reviewed by an outside, impartial, unbiased third party can make very good sense.
About the Author
Frank Saxton is a computer network security engineer and Easyrider LAN Pro principle.
Home-based in Portland, Oregon, Frank has been designing remote diagnostic and
network enterprise monitoring centers since the late 1970s. Prior to becoming a
professional systems engineering consultant in 1990, Frank had a 20 year career
in computer systems field engineering and field engineering management. Frank
has a BSEE from Northeastern University and holds several certifications including
Network General's Certified Network Expert (CNX). As a NOC design engineer and
architect, Frank works regularly with enterprise-class monitoring tools such as
HP Openview Operations, BMC Patrol and others. In his enterprise security
audit work, Frank uses sniffers and other professional grade monitoring tools on a
Next in the security white paper series:
How Cyber Criminals will mature over the next ten years
Are you vulnerable to drive-by exploits?
High value sites recent hacks
IT employment challenges of the 21st century
Employment reference checking white paper
Competency Certifications White Paper
Firewall White Paper
Virus White Paper
GhostNet White Paper
Password White Paper
Digital Identification Certificates White Paper
Cryptography White Paper
OpenID White Paper
Intrusion Detection Systems IDS White Paper
Rootkit White Paper
Unnecessary Windows XP Services White Paper
Scareware White Paper
Exaflood Internet Brownout White Paper
Cloud Computing White Paper
Proxy Server White Paper
Personal Computer PC Security White Paper
Conficker White Paper
Phishing White Paper
DNS Poisoning White Paper
SPAM White Paper
Best Practices White Paper
Denial of Service DoS White Paper
Port Scanning White Paper
Monitoring Basics 101 White Paper
Monitoring Basics 102 White Paper
Monitoring Basics 103 White Paper
Virtual Machine Security White Paper
Aurora vulnerability White Paper
Trojan Virus Attacks White Paper
Outsourced IT White Paper
Easyrider LAN Pro Consulting services:
Network Security Audit and PC Tune-up service
- Proxy server installation and configuration
- Enterprise security consultations
- Disaster recovery planning
- Disaster recovery services
- Capacity, migration and upgrade planning
- Build and deploy central syslog server
- Build trouble ticket systems
- Design and build monitoring environments
- Design and build Network Operations Centers (NOC)
- HP Openview, BMC Patrol consulting
Last modified March 25, 2009
Copyright 1990-2009 Easyrider LAN Pro