Of all the ITIL processes, IT Asset Management (ITAM) might be the most challenging and most misunderstood. It certainly is the one everyone would like to ignore. It is hard. I’ve heard asset management compared to starting a program to improve your health. Though everyone is aware of the benefits, it is complicated, not very convenient, and not a lot of fun. Most of all, it seems daunting. In the process, many fail to recognize the potential asset management offers once it is implemented effectively.
As challenging as IT asset management of hardware assets is, Software Asset Management (SAM) takes it to the next level. Organizations often equate software asset management with license tracking. Underutilized or poor-quality data leaves value on the table. SAM is not merely knowing how many licenses you require to be in compliance; it’s asking the deeper questions in order to optimize your license estate.
The requirement for an IT Asset Management and SAM program was first brought to my attention when I was the CIO of SimplexGrinnell back in early 2003. We were preparing for our first SOX audit. SimplexGrinnell was a wholly owned division of Tyco International. Due to Tyco’s role in the introduction of Sarbanes-Oxley, we took SOX compliance to greater depths than most organizations. I learned how hard ITAM and SAM were and how ever so necessary they were to our passing our first SOX audit.
The true power of SAM was introduced to me while I was working with a large international organization looking to transform its global capabilities, moving from a decentralized operating model to a centralized IT organization in 2015. It was during this program that I was introduced to Rory Canavan of SAM Charter, a UK based firm committed to the advancement of the practice of SAM. Though we live 5,000 miles and eight time zones apart, Rory remains my trusted SAM resource today. I asked Rory to help us out here with the true business case in support of SAM.
Take it away Rory…
“If you think Software Asset Management (SAM) merely exists to rebuff a software vendor audit, then you are missing out on the very best this IT discipline has to offer. In this short article, we tackle five areas beyond the generation of ELPs (Effective License Positions) as to why greater attention given to SAM should not be considered a chore, but rather a vital part of your IT health-checks.
License Compliance – In and of itself, license compliance is a form of risk management – the risk being that if we are non-compliant, then we are exposing our organisation to additional license costs, as well as back-dated support and maintenance fees; and that’s before we even consider the legal penalties that could befall us via “delivery up” (whereby a software vendor withdraws our “rights to use” their software, and insists upon its removal).
However, a latent consequence of not keeping our licensing house in order, is the potential wrecking-ball effect that an audit can have on our existing IT operations. Vendor audits can be time and finance-heavy, and often appear unannounced. Rarely does a company keep to one side a contingency fund to account for the side-step in extra hours to be worked, or indeed the impact an audit can have on existing IT and business projects.
Remember: When an IT company is knocking on your door to demonstrate purchases vs. installations, the bow-wave of an audit can be felt right through every fibre/ department of the company – Legal, Contracts, Procurement, the C-Suite. Good SAM helps mitigate the potential upset vendor audits can cause.
Improved Financial Management – Gartner produced well-used statistics that anything up to 30% of software bought by companies remains unused. Let’s just consider that figure again – 30%. I would then like you to take that figure and apply it any other aspect of your business: heating, lighting, wages, travel expenses – the unholy riot that could ensue in many organizations if that 30% of non-use was applied to another aspect of the company would undoubtedly have people refreshing their résumés, and creating wonderful stories as to why they are looking to take on a new role at such short notice.
Improved financial management in SAM not only occurs in negotiating the best possible price at the point of contract renewal, but in also ensuring that software is deployed at the right time, against the right IT architecture, and with the right level of support. If any of these aspects are not given proper due diligence, then we will find ourselves having to accommodate the consequences of a vendor audit, as discussed in the paragraph above. A quick word too, on “indirect licensing” – this occurs when the users of one system are granted access to the features and benefits of another system. This technological marvel might be something your IT teams are very proud of achieving, but again, consider the licensing consequences of granting users of System A access to System B – this is the type of action that could result in System A users having to purchase licenses for System B, which can be enough to put a substantial hole in anyone’s budget. For an example of how badly this can go, please review the court case SAP brought against Diageo in the UK.
Improved Information Security – A seemingly long-forgotten model of IT is the OSI 7-layer reference model that seeks to explain how electricity becomes data, travels via hardware and software, and becomes the web page or word document/pdf that greets our screens. Software transcends many of those layers, and SAM can help highlight points of entry and exit for the data we deem to be worthy of additional protection. Client licenses that grant dedicated access to software could be bettered policed by many companies – especially when employees become ex-employees. How many times have we heard anecdotal stories of salesmen that have taken complete copies of a CRM, only to announce that they are heading on to start work with a competitor? If we wish to enforce a “need to know” model of data access, then SAM is a great place to start to scrutinise whose licenses grant such access.
Access to data becomes an even larger concern when we consider as-a-service software. The advantage of an on-site licensing model would be that in many instances, access to or from software could be controlled via a central suite of software called Active Directory (AD). However, the mobility and agility with which end users have embraced the cloud means that not every piece of software is controlled by AD, and many non-Microsoft titles can grant back-door access to our IT estates and our data. Vigilance around such rogue installations of software falls within the discipline of SAM to try and help resolve. Without it, as-a-service software becomes a drain on the Improved Financial Management we mentioned above.
Improved IT Strategy – phrases such as resource management and capacity management are increasingly coming into vogue with IT because of our dependence on as-a-service provision of IT by third parties. These third parties require that we pay a monthly bill based upon usage. If we don’t measure that usage, then we are only capable of guessing whether those monthly direct debits are offering true value for the money.
If we have a handle on what we are spending through Improved Financial Management (See above), then we are then able to offer a cost-benefit analysis of how well IT is contributing to the overall goals and ambitions of the company. Pure IT-only projects are increasingly rare these days; they are normally weaved into a larger part of how a company delivers its products and services; so ensuring that the finite IT resources we have at our disposal are being effectively used towards an intended goal is a measurement function that sits neatly within the SAM space. If you believe that the sole purpose of SAM is to produce ELPs (Effective License Positions), then you are missing the true power of SAM.
Improved Configuration Management – I want you to think of your IT estate as a piece of cloth: The strands running North to South are how the business views IT; these are the IT services that ITIL is so keen to create and promote to the rest of the business for maximum utilization. Next, we have the strands that run East to West, and these could be considered the software installations that interact with the IT services. Software Vendors and SAM Managers are very keen to be able to produce reports at the end of the East to West strands (i.e. ELP reports); whereas the business is more concerned with Total Cost of Ownership (TCO) and/or Return on Investment (ROI) of the IT services that are comprised of (in large part) the software that we have installed.
A handy means of understanding what software is used in the creation and maintenance of IT services is a Configuration Management Database. However, creating and let alone maintaining such a database is a major challenge. But it is something that we can call upon best practice SAM to help address. Use of ISO 19770-2 Software ID tags can help create and maintain the integrity of our CMDB. The scope of this article precludes me from going into detail here. However, a copy of a whitepaper offering a deeper dive of how this can be achieved is available here – Using SAM to Create and Maintain a CMDB.
I hope the above has sparked some thoughts as to how you might be able to apply SAM in your own company. I would welcome any feedback on the above. Or, if you have any further ideas on how to best utilize SAM, then it would be great to hear those too.”
Thank you, Rory.
Thank you Rory for laying out the role Software Asset Management plays in allowing organizations to cut spending, eliminate wasteful hardware and software, and improve organizational security. More asset data will lead to better business decisions made across the organization.
Yes, software audits are a growing concern for businesses, but proactive reporting and decision-making supported by quality data will mitigate audit risks. People, processes, and technology need to be in place before that can happen. Achieving an optimized SAM program is well worth the effort.
Rory is the SAM expert. I encourage you to reach out to him directly to learn the value of SAM to your organization. To discuss your CMDB and SAM alignment or for more information as to how Rory may help your SAM cause, reach out to SAM Charter today:
Email: [email protected]
Thank you for spending time with us. Have a great week!