From Black Hat to White Hat, How UMS Is Flipping the Script on Software Audits

Kivo Daily Staff on April 25, 2026

By: Matt Emma

Enterprise software licensing plays out across two sides of the table. On one side sit the publishers, Microsoft, Oracle, and SAP, armed with complex licensing agreements and audit teams designed to extract maximum revenue from their customers. On the other side sit the enterprises, often outgunned by the sheer complexity of what they have signed.

For 25 years, UMS (Universal Management Solutions) has occupied a unique position in this market. The firm’s founders started their careers on the publisher side, running the very audit programs that enterprises feared. Then they switched sides.

The result is a firm that has delivered substantial, documented IT cost savings to the City of New York alone, built on the simple premise that the best defense comes from someone who used to play offense.

The Publisher’s Playbook

Software licensing audits are not random compliance checks. They are revenue recovery programs designed by publishers to identify gaps between what an organization has purchased and what it has deployed, and the process is engineered to favor the auditor.

Most enterprises do not realize that the licensing agreements they sign contain deliberate ambiguities. Terms like “multiplexing,” “indirect access,” and “processor-based licensing” carry interpretations that can swing a compliance finding by millions of dollars. The publisher’s audit team will always choose the interpretation that maximizes the claim.

This is what UMS’s founders saw firsthand during their years on the publisher side. They understood the methodology, the escalation thresholds, the negotiation playbook, and, critically, where the publishers had flexibility that they would never voluntarily reveal to a customer.

The “White Hat” Pivot

“We’ve always been about trusted relationships,” says David Burns, co-founder of UMS. “We’ve been very successful just through word of mouth. It’s all trusted advisors, however you build it, that’s how we do well.”

The decision to switch from auditing enterprises to defending them was not purely altruistic. It was a business opportunity built on a market failure.

The enterprise IT consulting market was, and still largely is, dominated by two types of firms. The Software Asset Management market, valued at $3.87 billion in 2025 and projected to reach $13.03 billion by 2033 at a 17.6% CAGR according to SNS Insider, captures the established players but leaves out the outcome-based disruptors.

The global consultancies, McKinsey, Deloitte, and EY, charge millions for comprehensive IT assessments that produce detailed reports and strategic recommendations. What they rarely do is stay to implement those recommendations, negotiate with the publishers, or take any financial risk on the outcome.

The software tool vendors, ServiceNow, Flexera, and Snow, sell platforms that promise automated license management. These tools can be powerful, but without the “people and process” layer, the expertise to interpret the data and act on it, they often become expensive shelf-ware.

UMS saw the gap. Enterprises did not need another report or another tool. They needed someone who would actually do the work, negotiate with the publisher, right-size the licenses, defend against audits, and be accountable for the results.

The solution was the Shared Savings model. There are no upfront fees, and UMS earns a percentage of the verified savings it delivers. If UMS does not find savings, the client does not pay.

The NYC Proof Point

The firm’s relationship with the City of New York spans over two decades and stands as one of the longest-running IT cost optimization engagements in the public sector.

The scope covers everything from Microsoft licensing across hundreds of thousands of city employees to Oracle database deployments, SAP implementations, and telecom infrastructure. Over the course of the engagement, UMS has delivered substantial cumulative savings documented through the city’s own financial processes across two decades of continuous work.

John Blasig, CEO of UMS, recalls the contrast with traditional consulting: “They had McKinsey consultants going at a thousand dollars an hour. Never occurred to them to say, ‘I wonder if we can save money a different way.’” When the city engaged a Big Four firm to assess its software licensing position, the result was a multi-million-dollar fee and a report. UMS came in, implemented the fixes, and meaningful savings began to materialize within months.

The contrast crystallized the firm’s competitive positioning. Where others deliver reports, UMS focuses on delivering tangible outcomes.

The Entrepreneurial Edge

What makes UMS’s model work is not just insider knowledge. It is also the operational speed that comes from being a focused, founder-led firm rather than a global consulting bureaucracy.

Where a Big Four engagement takes months to staff up, establish governance, and begin the assessment phase, UMS operates more like a surgical team. A typical engagement begins with a 30-minute discovery call, moves to a license position audit within the first two weeks, and delivers initial savings recommendations within the first month.

This speed matters because software licensing opportunities are time-sensitive. Contracts expire, renewal windows close, and publishers use calendar pressure to force unfavorable terms. An optimization firm that takes six months to produce a recommendation often arrives too late for the recommendation to matter.

The Long View

UMS’s trajectory, from publisher-side auditor to enterprise defender, reflects a broader shift in the IT services market toward outcome-based models.

Enterprises are increasingly unwilling to pay large upfront fees for consulting engagements with uncertain returns. The Shared Savings model, which UMS has championed in the ITAM space, is now appearing in cloud optimization, procurement consulting, and even cybersecurity.

The principle is straightforward. If a consulting firm truly believes it can deliver value, it should be willing to bet its compensation on the outcome. Firms that insist on retainers and hourly rates are implicitly admitting that they are not confident in their ability to produce results.

For UMS, the “White Hat” label is not just marketing. It is a structural advantage, built on the accumulated knowledge of how publishers think, how their audit teams operate, and where the pressure points sit in every negotiation. That knowledge does not expire, and it cannot be replicated by reading a licensing guide or deploying a software tool.

“If we had an online presence and were part of the analyst conversation,” Blasig says, “people would see what we’ve accomplished for the city over the last 15 years. If they only knew that, it would change everything. We could take business away from EY.”

After 25 years, UMS remains founder-led, outcome-obsessed, and firmly positioned on the client’s side of the table.

UMS (Universal Management Solutions) is a 25-plus-year veteran consulting firm that operates on a Shared Savings model, with no upfront fees and payment coming only from realized client savings. The firm specializes in M365 optimization, software audit defense, and enterprise cost reduction. Learn more at umsol.com.

ITI Backs SECURE Data Act Introduced in House

Kivo Daily Staff 2 on April 25, 2026

The SECURE Data Act received support from the Information Technology Industry Council (ITI) following its introduction in the U.S. House, with the organization issuing a statement backing the measure led by House Energy and Commerce Chairman Brett Guthrie.

ITI President and CEO Jason Oxman confirmed the group’s position shortly after the bill’s announcement, emphasizing the need for a comprehensive national framework governing data privacy. The statement described the proposed legislation as a step toward establishing consistent protections for individuals while addressing operational clarity for companies operating across state lines.

The measure was introduced as part of ongoing legislative efforts to create a unified federal standard for data privacy, replacing the current patchwork of state-level regulations. ITI’s response highlighted the importance of aligning existing state models into a single framework that would apply nationwide, reflecting an approach already in use across multiple jurisdictions.

Background on the SECURE Data Act

The SECURE Data Act is designed to establish a national privacy law that standardizes how personal data is collected, processed, and protected within the United States. Lawmakers have increasingly focused on federal privacy legislation as digital services expand and data flows become more complex across industries.

The introduction of the bill by Chairman Brett Guthrie reflects continued activity within the House Energy and Commerce Committee on technology and consumer protection issues. Federal lawmakers have held multiple hearings in recent years examining how best to regulate data use while maintaining the competitiveness of U.S.-based technology companies.

ITI’s statement referenced the concept of a “consensus model” already present at the state level. Several U.S. states have enacted their own privacy laws, each with varying requirements for businesses and different levels of consumer protection. These differences have created compliance challenges for companies operating nationally, prompting calls from industry groups for federal legislation that would unify the rules.

The SECURE Data Act seeks to address these inconsistencies by creating a single standard that applies across all states, potentially simplifying regulatory compliance while ensuring baseline protections for consumers.

ITI Emphasizes Need for National Consistency

In its official response, ITI underscored the importance of regulatory clarity as a central benefit of the proposed legislation. The organization stated that a national privacy law would provide uniform protection for individuals while offering businesses a clearer framework for compliance.

The statement also pointed to the operational impact of differing state laws, which can require companies to adapt their data practices depending on location. By consolidating these requirements into one federal law, the SECURE Data Act aims to reduce fragmentation and create predictable guidelines for organizations handling consumer data.

ITI represents a broad range of technology companies, including firms involved in software, hardware, and digital services. Its policy positions often reflect industry concerns related to regulatory consistency, international competitiveness, and innovation.

The group’s endorsement signals alignment between parts of the technology sector and lawmakers seeking to advance federal privacy legislation. While ITI’s statement did not provide detailed analysis of specific provisions within the bill, it indicated support for the overall framework and its objectives.

Cross-Border Data Flows and Commerce Department Role

Another element highlighted in ITI’s statement is the bill’s recognition of cross-border data flows and the role of the U.S. Department of Commerce. International data transfers are a critical component of global digital operations, affecting sectors such as cloud computing, e-commerce, and financial services.

The SECURE Data Act includes provisions that formalize the Commerce Department’s involvement in overseeing cross-border data policies. According to ITI, this reflects a continuation of the department’s longstanding responsibilities in facilitating international data exchanges.

Cross-border data rules have become increasingly significant as governments worldwide introduce their own privacy and data localization requirements. U.S. policymakers have sought to balance domestic privacy protections with the need to maintain open data flows that support international trade.

ITI’s statement indicated that the bill acknowledges these considerations by incorporating existing practices into a formal legislative structure. This approach aims to ensure that U.S. companies can continue operating globally while adhering to consistent regulatory standards.

Bipartisan Engagement in Privacy Legislation

The introduction of the SECURE Data Act comes amid broader bipartisan discussions in Congress regarding national privacy standards. Lawmakers from both parties have expressed interest in establishing federal rules that address consumer protection, business compliance, and technological innovation.

ITI noted its intention to work with both Republicans and Democrats in advancing the legislation. The organization’s statement referenced ongoing collaboration efforts aimed at passing a “strong national privacy law,” reflecting the multi-stakeholder nature of the policy process.

Previous attempts to pass comprehensive federal privacy legislation have encountered challenges, including disagreements over enforcement mechanisms, preemption of state laws, and the scope of consumer rights. These issues remain central to current legislative discussions.

The SECURE Data Act represents another effort to move forward on these longstanding debates. By building on existing state models and incorporating input from industry and policymakers, the bill seeks to create a framework that can gain broader support.

Implications for U.S. Technology Leadership

ITI’s statement linked the proposed legislation to broader considerations about U.S. technology leadership on the global stage. The organization indicated that establishing a clear and consistent privacy framework could support the competitiveness of American companies operating internationally.

Data governance has become a key factor in global technology policy, with countries adopting varying approaches to privacy, security, and data access. A unified U.S. standard may influence how international partners engage with American firms and regulatory systems.

The SECURE Data Act’s focus on both domestic privacy protections and international data flows reflects this dual objective. By addressing internal regulatory fragmentation while maintaining external connectivity, the bill aims to position the United States within an evolving global data environment.

ITI’s support for the legislation highlights the intersection between policy development and industry priorities. As the bill moves through the legislative process, its provisions and potential impact will continue to be examined by stakeholders across government and the private sector.

Day: April 25, 2026

Follow us on: