IBM Verify and Security SaaS Licensing: Users, MAUs, and Terms to Watch
Introduction
IBM Security Verify (formerly IBM Cloud Identity) and IBM MaaS360 are key SaaS solutions in IBM’s security and IAM portfolio.
On the surface, their licensing models seem straightforward – IBM Verify is licensed by user access, and users or devices are licensed for MaaS360.
However, beneath this simplicity lie potential pitfalls that can lead to unexpected costs if not managed closely.
From inactive accounts inflating your “active” user counts to automatic license overages kicking in without warning, IT administrators must stay vigilant. For an overview, read our guide IBM Security & Compliance Software Licensing: QRadar, Guardium, and Contract Must-Haves.
This guide provides a comprehensive examination of how IBM Verify and MaaS360 licensing works in practice, including key metrics such as Monthly Active Users (MAUs), feature-based license tiers, and the consequences of exceeding your allotments.
We’ll also highlight critical contract terms (like data residency and renewal clauses) and offer negotiation strategies.
The goal is to help you avoid overspending and secure more favorable terms when adopting IBM’s security SaaS.
Consider this your insider’s roadmap to IBM Verify and MaaS360 licensing – complete with FAQs and five actionable recommendations from a licensing expert’s perspective.
IBM Verify Licensing (Cloud Identity/IAM)
IBM Security Verify – IBM’s cloud-based identity and access management platform – typically uses a per-user subscription model with an emphasis on Monthly Active Users (MAUs).
This means you are charged based on the number of unique users who authenticate in a given month, rather than the total number of registered users.
In practice, any user who logs in at least once during the billing cycle counts as one MAU for that month. A user logging in multiple times still counts only once per month under this model.
If a particular user never logs in during that month, they don’t count toward the MAU total for that period. This usage-based approach can be cost-efficient, as you “pay only for what you use,” and costs even taper down if some users log in infrequently.
However, be aware of hidden complexities. IBM Verify offers multiple IAM capabilities, including single sign-on (SSO), multi-factor authentication (MFA), adaptive access, and user lifecycle management. Each capability may carry its own usage metric.
For SSO, MFA, and risk-based adaptive access, licensing is often tied to active user count per feature.
In other words, if you enable all three features for your workforce, a single employee who uses all of them in a month might count against each feature’s MAU pool. That can effectively multiply costs per user if you’re not careful (for example, being billed for that user under SSO access and again under MFA).
IBM’s pricing estimator will factor in how frequently users access each service. The definition of MAU is crucial: generally, a “monthly active user” is defined as a unique user who uses a service in a given month – IBM’s contracts explicitly define this term to avoid confusion.
Ensure your team is clear on whether an “active user” is counted once across all services or per service module.
IBM Verify also includes optional identity governance features (like user provisioning and certification campaigns).
These governance modules often use a different metric, total managed users, rather than monthly actives. If you sync an entire directory of 10,000 users for lifecycle management, IBM could consider all 10,000 “managed identities” as billable, even if only a fraction actively log in.
Inactive directory accounts, service accounts, or ex-employees still present in the system can inflate this count. Pitfall: It’s easy to accidentally pay for “ghost” users if you don’t purge or archive stale accounts in the IBM Verify directory.
Always align your license scope with active identities. If using the governance module, regularly deprovision users who have left or no longer require access.
In summary, IBM Verify’s licensing is flexible but demands active oversight. Monthly Active User billing rewards you for low usage months, but if usage spikes unexpectedly (say a surge of logins or adding a new population of users), your bill will climb accordingly.
There is no fixed cap unless you negotiated one – IBM will happily bill for overages as they occur. You’ll want to monitor your admin dashboard for active user counts each month. Also, clarify during purchase whether your contract is purely pay-as-you-go or if you’ve committed to a certain number of users.
Many IBM Verify customers opt for a committed volume of MAUs (with tiered pricing), but still need to watch that they don’t exceed it. If you exceed your subscribed user count, IBM typically auto-charges at the next tier or at an on-demand rate for the additional users (more information is available in the FAQs).
The bottom line: licensing IBM’s Cloud Identity service requires diligent identity housekeeping.
Keep your user list lean and monitor usage reports closely to avoid any surprises.
Read about IBM QRadar licensing, IBM QRadar Licensing: EPS, Flows, and Sizing Your SIEM Correctly.
IBM MaaS360 Licensing (Mobile Device Management)
IBM MaaS360, a unified endpoint management (UEM) platform, licenses its service either per device or per user, depending on what best fits your organization.
In the default model, each managed endpoint (such as a smartphone, tablet, laptop, etc.) consumes one license. If an employee has a company phone and a laptop under management, that’s two device licenses.
Alternatively, IBM offers a per-user licensing option, where one user license can cover multiple devices for a single person – typically priced roughly twice the per-device rate.
For example, if an Essentials edition costs around $4 per device per month, it might be about $8 per user per month, allowing that user to enroll a couple of devices under one fee.
Choosing the right model can yield significant savings: per-device licensing is suitable if most users have only one device, but if many employees carry two to three devices, a per-user plan could reduce the total license count.
MaaS360’s pricing also varies by edition. IBM sells four main feature tiers: Essentials, Deluxe, Premier, and Enterprise.
Each tier adds more capabilities:
- Essentials – Core mobile device management: basic device enrollment, policy enforcement, app distribution, and inventory. It covers fundamental MDM needs at the lowest cost (roughly $4/device).
- Deluxe – Adds secure mobile email (containerized email app), basic content management, and an AI assistant (Watson Advisor) for support. Deluxe builds on Essentials to enhance productivity and security (around $5/device).
- Premier – Adds advanced content management (secure document access), a secure browser, and identity management features like conditional access. This tier focuses on better security controls (about $6.25/device).
- Enterprise – The top tier, which includes all Premier features plus mobile threat defense (malware detection on devices), advanced analytics, and secure chat. Enterprise is designed for high-security environments (approximately $ 9 per device).
Each higher edition commands a higher price per device/user.
A common pitfall is over-licensing with a higher tier than you actually need. Not every device requires the Enterprise edition, for example, if it’s a basic corporate phone without sensitive data.
Many organizations mix and match: perhaps most users on Essentials, but executives or developers on Deluxe or higher if they need email and content access.
IBM allows you to assign different license tiers to different devices, so take advantage of that granularity to avoid paying for features that certain groups don’t use.
Another cost risk associated with MaaS360 is the payment for inactive or lost devices. Since licenses are counted per enrolled device (unless you’ve chosen per-user licensing), any device that remains in the system will consume a license.
Old smartphones that weren’t properly unenrolled, or employees who left the company while their laptop is still listed in MaaS360, will quietly rack up license usage. It’s easy for these to slip through unless you have a process to audit and remove unused devices promptly.
Similarly, if you use per-user licensing, ensure that when a person leaves, you free up that user license for someone else. IBM doesn’t automatically reclaim it – it’s on the admins to manage the roster.
Read about IBM Guardian licensing, IBM Guardium Licensing: Protecting Databases Without Breaking the Bank.
Overage behavior:
MaaS360 has an “overage” setting in its license management. By default, if you’ve used up all purchased licenses, any attempt to add another device will fail enrollment (essentially enforcing the cap).
You can choose to enable overage, which allows new device enrollments beyond your purchased count and subsequently bills you for those extra licenses. If overage is enabled and you exceed your allotment mid-term, IBM will typically bill the additional devices at the same subscription rate in the next invoice or require a true-up purchase.
While this avoids blocking urgent device rollouts, it can lead to unplanned charges if IT isn’t keeping track. Best practice is to keep overage turned off unless necessary, and instead proactively purchase additional licenses when you’re nearing capacity (MaaS360 can send alerts at specific usage thresholds).
This way, you stay in control of any cost increases and can potentially negotiate better rates for the extra units, rather than automatically paying the full list price.
Finally, note that IBM sometimes includes MaaS360 in broader enterprise deals or bundles. For example, if you’re also investing in other IBM Security products (like QRadar SIEM or BigFix endpoint management), IBM might offer MaaS360 at a discount or as part of a suite.
This can be a cost-effective strategy, but be cautious: bundled licensing can also mean you’re paying for more than you actually deploy.
Always break out the bundle pricing to ensure MaaS360 isn’t being overvalued in the package. If you don’t truly need a component of a bundle, it might not be a real “savings.”
Cost Considerations Across IBM Security SaaS
When licensing IBM’s security SaaS products, a few common cost considerations emerge that go beyond just per-user or per-device rates:
- Overpaying for Inactive Users/Devices: Both Verify and MaaS360 can incur costs for accounts or devices that are no longer in active use. If you don’t have a cleanup process, you might be paying monthly for dormant identities or decommissioned hardware. Over a year, those costs add up as pure waste. Always align your license counts with actual active usage – for example, integrate your employee off-boarding process with license removal and device unenrollment.
- “Auto-Scaling” Usage = Auto-Scaling Bills: IBM’s mantra of “add or remove users at your own pace” highlights flexibility, but it also means if your usage spikes, so do your charges. There’s a risk of budget creep: one month of heavy activity or an influx of new devices can increase your SaaS bill significantly without explicit approval if you’ve opted into flexible usage. This is not necessarily a bad thing – you get the capacity when you need it – but it requires budgeting for worst-case usage. Consider setting internal thresholds (e.g., if active users exceed X, or devices exceed Y, trigger a review before costs escalate further). Some customers negotiate capacity caps or fixed price bands to prevent runaway expenses, effectively turning the usage model into something closer to a fixed subscription for the term.
- Tiered Pricing and Volume Discounts: IBM’s list prices (for instance, $1.81 per user for Verify SSO, or $6.25 per device for MaaS360 Premier) are often negotiable, especially at scale. There are built-in volume tiers – for example, per-user costs might decrease once you exceed 5,000 users, 10,000 users, and so on. Always inquire about the next discount threshold. If you’re near a volume break, it may be worth committing to a slightly higher number of users upfront to secure a lower overall per-user rate. IBM sales teams expect savvy customers to seek volume-based pricing, and they do offer it. Additionally, larger enterprise agreements may yield percentage discounts (15-30% or more) off the list price once significant adoption is demonstrated.
- Multi-Year Commitments vs. Flexibility: Committing to a 2- or 3-year term with IBM can reduce your annual pricing (and sometimes lock in discounts for add-on purchases), but it can also lock you into paying for a certain capacity even if your needs change. It’s a balance: multi-year deals might come with an upfront discount or extra benefits (like a few months free or access to premium support), but you should also evaluate the risk of overcommitting. If your user count might decrease (due to business changes, divestitures, etc.), a long-term fixed commitment could lead to paying for unused licenses – a classic “shelfware” scenario. On the other hand, shorter terms (or cloud subscriptions that renew annually) allow you to re-evaluate and scale your counts up or down with less penalty. Many IBM SaaS contracts allow adjustments at renewal, so a one-year term gives you that opportunity sooner. Weigh cost savings vs. flexibility.
- Unused Feature Costs: Particularly with MaaS360’s tiered bundles, paying for features you don’t use is a subtle cost drain. If, for example, you subscribed to the Enterprise edition for all devices but only truly need the threat defense on 20% of them, you’re overspending. Similarly, for IBM Verify, if you enable a governance module that you aren’t actively using, you incur costs (since it may count all users) without any benefit. It’s wise to periodically audit which features you’re actually leveraging and see if a lower tier (or removing an add-on module) could serve the same purpose for fewer dollars.
In short, cost optimization for IBM Security SaaS is an ongoing process. It’s not “set and forget.” Plan for regular check-ins (monthly usage reviews, quarterly license reconciliations, etc.).
This effort pays off by catching anomalies early – such as a batch of test accounts mistakenly left active, or an office that rolled out extra devices without informing IT procurement.
Staying on top of these details ensures you only pay for genuine business value.
Key Contract Terms to Watch
Signing up for IBM’s SaaS security services means agreeing to IBM’s cloud service terms, which can be lengthy.
Here are the key contract clauses and terms you’ll want to scrutinize or negotiate:
- Data Privacy and Residency: IBM Security Verify will host your user identity data (names, login information, and potentially attribute data), while MaaS360 will handle device inventories and, if applicable, personal device data (if BYOD). Ensure the contract specifies where this data will be stored and processed. IBM has data centers in multiple regions. If you have strict data residency requirements (e.g., all EU personal data must stay in EU data centers), confirm that your tenant can be provisioned in the appropriate region. Verify that IBM’s data processing addendum meets your compliance needs (for GDPR, HIPAA, etc.), and that the contract includes commitments around data security and breach notification. Essentially, treat it as any cloud service – your users’ data is in IBM’s cloud, so the privacy terms should be ironclad.
- Auto-Renewal and Renewal Notice: IBM’s cloud subscriptions often include an auto-renewal clause. This means that at the end of your term, the contract will automatically renew for another term (often of equal length, e.g., another 12 months) unless you give notice to cancel or modify it. Pay attention to how far in advance you must notify IBM if you do not want to auto-renew. It’s common to see 30, 60, or even 90 days’ advance notice required. Missing that window can lock you in for another year or trigger penalties. Ensure your procurement or contract management team has a reminder well in advance of the term’s expiration. Also, clarify if auto-renewal will be at the same price or if it could jump to list prices – ideally, negotiate caps on any price increase at renewal. You don’t want a nasty surprise where Year 2 renews at a higher rate because you forgot to renegotiate.
- True-Up and True-Down Rights: A true-up occurs when, at the end of a period, you reconcile the number of users/devices you actually used versus what you paid for, and then pay the difference if usage exceeded the paid amount. IBM’s approach to true-ups is relatively standard – if you exceed your licensed quantities, they’ll expect a true-up payment or an adjustment on the next invoice. More importantly, consider true-down rights – the ability to reduce your license count (and costs) if your usage drops. By default, most subscriptions lock in a minimum number until renewal; you won’t get money back for unused licenses in the middle of a term. However, at renewal time, IBM will generally allow you to adjust the quantity downward if your actual needs are lower, as long as you meet or exceed any minimum commitment in the contract. It’s wise to negotiate this explicitly: ensure there’s a clause that says you can reduce seats/devices at renewal with no penalty. In some cases, you might even negotiate an in-term adjustment if you experience an unexpected downsizing – but that typically needs to be built into the contract (IBM won’t volunteer it). The flexibility to scale down is just as important as the ability to scale up, and it should be a conversation during contract negotiation.
- Usage Definitions and Audit: Ensure the contract clearly defines the licensing metrics – e.g., what exactly constitutes a “Managed User,” an “Active User,” or a “Managed Device.” This helps avoid disputes later. IBM may reserve the right to audit your usage (through system reports or formal audits) to ensure compliance. This is standard, but check the clause for audit frequency and process. Ideally, you want reasonable audit terms (like 30 days’ notice, audits no more than once per year, etc., and no overly broad access to your systems). Knowing IBM, they often include audit rights for any software or service they provide. Keep your own records of user counts and device counts as well, so you have data to reconcile if IBM comes back saying you were over the licensed amount.
- Service Level and Termination: Although not directly related to licensing fees, consider the SLA (uptime guarantee) and termination clauses. Is there a minimum term commitment (usually yes – the subscription term itself is the commitment)? What happens if you terminate early – are you still liable for the remaining fees? Most likely yes, unless IBM breaches the agreement. Also, confirm that upon termination or non-renewal, you have a window to retrieve your data (user lists, device info) and that IBM will securely delete your data afterwards. This is particularly important for security services, because you don’t want stale identity data lingering in a cloud you no longer use.
- Bundled and Upgrade/Downgrade Clauses: If you opted for a bundle of IBM services or multiple modules (say, Verify with several use case modules enabled, or MaaS360 with add-ons like mobile threat defense), ensure the contract allows some flexibility. For example, if you find you don’t need a module, can you drop it at renewal? If you want to upgrade mid-term (add more features or move to a higher tier), is there a straightforward pro-rated pricing for that? Vendors are happy to sell you more mid-term, but you want to avoid any “re-purchase everything from scratch” scenarios. Clarify how adding users or devices mid-term is handled cost-wise (usually on a pro-rated basis) and obtain confirmation in writing if possible.
In summary, don’t gloss over IBM’s cloud service terms. They can have auto-renew sneaking in, or assume things about your usage.
It’s worth a careful read (or involving your legal/procurement team) to spot these elements and negotiate where needed. A few edits upfront can save you a lot of pain (and money) later.
Negotiating IBM SaaS Security Licensing
Walking into a licensing negotiation with IBM, you’ll want to leverage your knowledge of these models to secure the best deal.
Here are some strategic negotiation tips tailored for IBM Verify and MaaS360:
- Leverage Trials and Pilots: IBM offers free trials (typically 30 days for MaaS360, 90 days for Security Verify). Use these to your advantage, not just for evaluation, but as a soft start to gauge usage. After a trial, you’ll have a better sense of how many active users or devices you truly have and which features you need. This data is gold for negotiations – for instance, you can say, “During our pilot, we had 800 active users out of 1000, so let’s base pricing on 1000 named users but consider that only ~80% might be active monthly.” Sometimes, IBM might extend a trial or give you a pilot phase with a small number of paid users at a discount to get you on board. Don’t hesitate to ask for a pilot program or a phased ramp-up: “We plan to roll out over 6 months, can we pay as we grow instead of all upfront?”
- Aim for Volume Discounts: As a rule, never accept the first quote as-is, especially if you’re a medium or large customer. IBM’s sales reps expect to negotiate. If you have, say, 5,000+ users or devices, explicitly ask, “What discount can you offer at that volume? Are there price breaks at 10k, 20k users?” They might come back with tiered pricing. If they don’t volunteer, propose your own target: for example, “We’d like to get the per-user price down to $1.50 from $1.80, given our scale.” Provide justification if possible (e.g., competitive alternatives, budget constraints). IBM often has some wiggle room, and even a 10-20% reduction across a large number of users/devices means significant savings. Also, if you’re considering both Verify and MaaS360 (or other IBM security products), use that as leverage: “We’re evaluating putting all our identity and device management with IBM – what can you do on pricing if we commit to both solutions?”
- Negotiate True-Down/Average Use Terms: Although this is not standard in many vendor contracts, it’s worth trying to include. If your user/device counts tend to fluctuate seasonally or if you anticipate potential downsizing, request a “true-down” clause or flexible renewal. For instance, at the very least, ensure you are only billed for actual peak usage each year rather than the peak forevermore. In practical terms, you might negotiate something like: “Billing is based on the average monthly active users over the year” (smoothing out a spike month) or “We can reduce our license count by up to 15% at annual renewal if our workforce shrinks, without penalty.” IBM may not readily grant a mid-term adjustment, but acknowledging that you can adjust at renewal is important (and, as noted, usually possible). Another angle: negotiate a buffer zone for overages. For example, if you license 1,000 users and occasionally increase to 1,100, IBM could agree not to bill extra unless you maintain that higher level for more than one billing period. Any kind of flexibility you can bake in will help avoid overpaying if things change.
- Bundle for Better Deals, But Be Cautious: IBM loves to sell suites and broader portfolios. If you have needs beyond Verify and MaaS360, such as threat management or data security, consider discussing an enterprise license agreement (ELA) or bundle. IBM might throw in a certain number of MaaS360 licenses at a steep discount if you’re also buying their Cloud Pak for Security or QRadar, for example. The negotiation strategy here is to get cross-product discounts: “We’re investing in IBM across the board; we expect a better unit price on MaaS360 as part of that loyalty.” However, ensure the bundle is composed of products you genuinely want. Don’t accept a bundle that includes shelfware just because it sounds like a deal. It’s better to get a 25% discount on two products you’ll heavily use than 50% off a package where half the stuff sits idle. Utilize IBM’s bundle offers to your advantage, but keep the purchase focused on your actual requirements.
- Contract Terms – Nail Them Down: As the previous section highlighted, some contract terms can be negotiated. While IBM may not remove auto-renewal clauses entirely, you can request a more lenient renewal notice period (90 days is preferable to 30, allowing you more time to make a decision). If data residency is vital, ensure that your tenant will be hosted in a specific data center (for example, Frankfurt) for the duration of the contract. If uptime or support responsiveness is crucial, consider negotiating for an SLA credit or a dedicated support channel as part of the deal. And, importantly, if you have any concerns about future pricing, consider negotiating caps: e.g., “Renewal price increase not to exceed 3% annually” or “we lock in this per-user rate for two years.” IBM might agree to fix pricing for a multi-year term to close the deal. Also, ask about pre-purchase and usage of additional licenses – if you need more mid-term, will the same discount level apply? Getting that assurance can save you from paying a premium if you grow faster than expected. Essentially, use the negotiation phase to eliminate as many uncertainties as possible.
- Reference and Competitive Leverage: If you have quotes from competitors (say, Okta for IAM or Microsoft Intune for device management), you can subtly let IBM know you have options. IBM typically doesn’t want to lose to a competitor on pricing. Without turning it adversarial, you might mention, “We like Verify, but Azure AD Premium gives us 50,000 guest users free; how can IBM help offset that difference?” or “Microsoft’s endpoint manager is bundled in our existing licenses – justify the MaaS360 cost for us.” This pushes IBM to either adjust pricing or throw in something extra (like additional features or services) to sweeten the pot. Additionally, suppose your organization is a reference or case study candidate (some companies trade reference-ability for discounts). In that case, IBM might give you a better deal if you agree to be a public success story down the line. Only do this if comfortable, but it’s a negotiation chip that some enterprises use.
In negotiations, knowledge is power. Come armed with your actual usage needs, an understanding of IBM’s pricing levers, and a clear ask for what you want in terms of price and terms.
Be prepared to walk away or consider alternatives if the deal doesn’t make financial sense – and let IBM know that.
Often, the mere possibility that a customer might choose Okta, VMware, or another competitor can motivate IBM to be more flexible in its approach. Stay firm, and remember that everything is negotiable to some degree.
Before wrapping up, let’s address a few frequently asked questions that often arise around IBM Verify and MaaS360 licensing.
FAQs — IBM Verify & Security SaaS Licensing
Q: What happens if my user or device count exceeds the licensed amount mid-term?
A: If you go beyond your subscribed users or devices, IBM will typically bill you for the overage – usually by moving you into the next pricing tier or adding the extra licenses to your next invoice. In practice, for IBM Verify’s MAU model, you simply get charged for the higher active user count for that month. For MaaS360, if overage is enabled, new devices will enroll, and you’ll be charged for them (often at the same per-unit rate in your contract). Essentially, IBM doesn’t cut you off; they charge you more. Always monitor usage so you can plan for these costs or purchase additional licenses in advance (potentially at a better negotiated rate than automatic overages).
Q: Is there a free tier or trial for IBM Verify or MaaS360?
A: IBM does not offer a permanent free tier for these enterprise services, but they do provide free trials. IBM Security Verify typically offers a 90-day free trial with full functionality (all features for a limited time), allowing you to try out SSO, MFA, etc., in a sandbox. IBM MaaS360 offers a 30-day free trial for a set number of devices (often up to 10 devices with all features). Beyond these trial periods, you’ll need a paid subscription – there is no ongoing free usage level (unlike some competitors, which may offer a small free plan). Always use the trial to ensure the product meets your needs and to estimate your active user/device counts before committing to a contract.
Q: How is a “Monthly Active User” (MAU) calculated in IBM Verify’s pricing?
A: An MAU in IBM Verify is defined as a unique user who authenticates at least once in a calendar month. For example, if an employee logs into any application via Verify on March 5th and again on March 20th, that counts as one MAU for March (not two). If they do not log in at all in April, they will not count toward April’s active user count. Importantly, IBM counts MAUs per feature use-case: if you’re only using the Verify service for SSO, it will count unique logins for SSO. If you also use the MFA module, it counts unique users who perform MFA that month as well. In many cases, the same user doing SSO + MFA is counted in both categories. However, the general rule is one person equals one MAU per month per service, regardless of the number of logins they make during that month.
Q: Does IBM MaaS360 charge licensing per user or per device?
A: It depends on what you purchase. IBM MaaS360 offers both models. By default, many contracts are per device – meaning you need one license for every device enrolled. However, you can opt for per-named user licensing instead, where one user license covers that person’s devices (often beneficial if each user has multiple endpoints). The per-user licenses cost more than the per-device licenses (roughly double, since they anticipate a user will have two devices on average). During your purchase, IBM or its partners will typically ask you to select the model you prefer. You can mix models in some cases, but this approach becomes complex – most organizations opt for a single approach for simplicity. So in summary, both licensing options exist; you choose whichever aligns better with your environment (device-heavy vs. user-centric).
Q: Can I reduce my licensed user or device count (and cost) if our needs drop?
A: Only if negotiated, and typically only at renewal. IBM’s standard subscriptions don’t allow you to decrease your committed quantity mid-term and receive a refund. You’re generally locked in for the term you signed up for. However, when the renewal time comes, you can usually adjust the numbers down to match your current needs (for example, if you initially licensed 1,000 users but now only have 800 active, you could renew for 800). It’s essential to ensure your contract doesn’t impose a strict minimum that would prevent this. In special cases, if you’ve negotiated a flexible contract or are in an ELA, you may be able to true-up annually, but this is not the default. Always discuss potential downscaling scenarios during negotiations and get any agreed flexibility in writing. Otherwise, expect to pay for the higher of either your licensed count or actual usage during the term, and only receive a reduction at the next renewal cycle.
Read about QRadar licensing, IBM QRadar Licensing: EPS, Flows, and Sizing Your SIEM Correctly.
Five Recommendations — IBM SaaS Licensing
- Track Usage Monthly: Establish a monthly review cadence to monitor active users and device counts. Monitoring your consumption in IBM’s dashboards will help you catch cost creep early and allow timely adjustments (like removing idle accounts or devices).
- Negotiate Reconciliation Rights: Don’t Accept One-Way Flexibility. Push for contract terms that let you adjust license counts at renewal (or annually) based on actual usage. Securing a true-down option or an average-use billing clause can protect you from overpaying during downturns.
- Demand Data Protections: When contracting, insist on clear data residency and privacy terms. Ensure IBM commits to hosting your data in approved regions and outlines security measures. A strong data protection agreement not only mitigates compliance risk but also gives you leverage if those terms are breached.
- Start with Trials: Take advantage of IBM’s free trial periods to baseline your needs. Use the trial to identify how many users or devices actively use the service and which features you truly need. This information will prevent you from over-licensing when you move to a paid plan.
- Bundle for Discounts: If you plan to use multiple IBM Security offerings, discuss bundle pricing. IBM often provides better rates when you commit to a suite of products. Ensure the bundle aligns with your requirements – leverage it to save money on necessary services, not to acquire extras you won’t use.
By following these strategies, you can confidently navigate IBM Verify and MaaS360 licensing, keeping your organization’s security costs under control while maximizing the value of the services.
Read about our IBM Licensing Assessment Service.
