As more and more organizations expand into the global market, a growing number of business leaders in developing markets are starting to recognize the importance of proactively dealing with their software assets by implementing software asset management (SAM) practices. Kris Johnson, vice president of Anglepoint Group, Inc., a Gold SAM Competency partner, recently attended Russian SAM Academy and agreed to share with us some of his key takeaways from the conference, as well as his views on the increasing need for SAM implementation.
What were some key takeaways from the Russian SAM Academy?
It was great to see a lot of enthusiastic participation and hear a lot of active dialogue. I was also pleased to talk to a number of fellow Russian speakers from other countries as well. Sitting down at lunch for example, I spoke with many native Muscovites, but also attendees from Kazakhstan and other countries in the region. I was surprised to hear a lot of conversation about the challenges people face in trying to convince their company controllers and accountants that software actually is an asset that needs to be paid for, much less one that requires management. That is a topic you don’t hear being discussed at SAM conferences in the U.S. or Western Europe. Also, it seems many organizations in Russia and the surrounding area initially began their practice of SAM with the primary impetus of information security, followed by license compliance. These motivations for SAM are usually reversed in the U.S. and Western Europe. I did get the sense, however, that most attendees felt that general respect for intellectual property in Russia has markedly increased. Perhaps we in the West can also learn from our fellow practitioners in Russia by realizing that the benefits to information security alone justify the need to practice SAM, regardless of any benefits to direct costs or license compliance.
Why is it important for companies, regardless of size, to have good SAM processes in place?
Every organization, regardless of size, uses software to perform functions that are important to the organization. These software assets have to be managed to ensure they are available to the organization in an effective and efficient manner to perform those valuable functions. Managing software assets is a real challenge, particularly because they exist in at least two constantly changing universes; not only is the technical environment where a given asset is deployed constantly changing, but there are living, breathing terms and conditions that govern an organization’s rights to use the asset that have an entire lifecycle of their own to be managed. All of these factors combine—the number and complexity of changes of a single asset, the changing sea of terms and conditions, the staggering volume of assets—to make SAM an exceptionally challenging discipline. The “set and forget” mentality has both direct and indirect costs. Direct costs include buying too much of some software or not getting the optimal value out of existing licenses. Indirect costs are also impacted, like IT support resources, training, and downtime. To gain any real control in these changing universes, an organization has to take a hard look at their processes—how assets come into the organization, what happens to them once they are procured and deployed, and how they are maintained and eventually retired.
Besides cost, what other benefits are there for companies that implement SAM processes?
Organizations that control the asset lifecycle phases, and particularly the monitoring phase, also benefit from a security compliance standpoint. Good information security starts with knowing where all your IT assets are and what applications they are running. Without this fundamental knowledge, security professionals are blind to vulnerabilities that can exist when a PC is running black- or gray-listed software or isn’t current with necessary patch levels or antivirus updates. Effective SAM practices can help an organization assess whether its IT assets are compliant with its security policies.
What are some key processes that all organizations need to have in place for effective software asset management?
This varies somewhat depending on an organization’s needs and size, but the following SAM process areas or capabilities are important for any organization:
- Controlled purchasing processes – The ability to identify and track both when and how software is purchased, who has purchased what, and for what purpose.
- Controlled deployment processes – The ability to identify and track both when and how software is deployed, who has deployed what, and for what purpose.
- Complete and accurate inventory and monitoring processes –The ability to accurately identify software deployments, including both the necessary configurations of both software and hardware. This allows you to have the information necessary to accurately count the licenses that are consumed by those deployments and configurations.
- Software license compliance processes – The ability to effectively assess on a repeatable basis whether the terms and conditions in a given license agreement are being complied with. Just because you might know how much software was purchased or how many deployments were made, doesn’t mean you know how many licenses are actually being consumed, let alone if those license consumptions comply with the license grant or any usage restrictions in the contract.
- Software asset security compliance processes –The ability to effectively assess on a repeatable basis whether software configurations comply with an organization’s security policies.
For those who want to know more, the recently updated ISO standard 19770-1 provides a thorough framework for SAM. However for practical application purposes, it is useful to get beyond the theory of the framework and best practice guides, and reach out to those of us in the industry that spend every day actually implementing these processes.
How is tracking done?
How is it done in reality? Any way that works. However, there is specific knowledge that has to be available and applied in order to do it correctly and accurately. An organization has to understand not only the terms and conditions of its license agreements, they also have to know the detailed licensing rules that apply to each license entitlement and the consumption metrics that apply to each license consumption—the technical nitty-gritty nuances that typically only specialists have. This knowledge must be constantly maintained to keep current on the never-ending changes to publishers’ product offerings, product use rights, and licensing guides. It’s the intelligence that’s needed to take raw historical purchasing transactions and translate them it into “what I can actually use today” and the technical know-how needed to take raw deployment data and translate it into “how many licenses I am actually consuming”. You not only have to know the detailed licensing rules and consumption metrics involved, but also how to apply them. These competencies can come from essentially two sources: humans and tools. Discerning organizations find that there’s little actual licensing intelligence built into tools. Most tools only provide a framework into which you have to put your own intelligence. Once you get past the marketing slicks and sales proposals, and really get into the technical nuts and bolts of the tools themselves, you’d be surprised at the wide differences in tools that are out there. Often, the tools people select don’t end up helping them accomplish things the way that they thought they would.
How do you see the role of SAM evolving as the needs of organizations change?
With growth comes complexity, as well as opportunity. As an organization grows, it often becomes more dependent on the valuable functions that software provides. These software-enabled systems and services also tend to increase in number and complexity. As a result, it not only becomes harder to manage software across sprawling departments and entities, but it also becomes more important to ensure that the software can support the business the way that is needed. When effective SAM is practiced, it allows the practitioner to provide the actionable intelligence needed to inform strategic decision-making within the business. For example, if the business needs to add 20 more stores or buildings, the effective SAM practitioner will readily know what software and licensing is needed as part of that growth, as well as the associated costs. In some situations, effective SAM can allow the IT function to be the enabler of that growth, such as with increasing the effectiveness of product engineering teams, making sure they always have the right engineering applications and development tools.
Anglepoint offers a global team of dedicated SAM implementation specialists that are uniquely qualified to meet the most complex licensing and IT Asset Management challenges of the Global 1000. Anglepoint delivers sustainable solutions for SAM that simply work. Anglepoint’s methodology is process-driven, leveraging industry-leading intelligence and best-of-breed technologies. Specific expertise in licensing rules for the leading software publishers, combined with deep SAM processes (ISO and ITIL) and SAM tool expertise, allows Anglepoint to deliver an effective solution with real and measurable impact to the bottom line.
Readers: Do you have your own insights on implementing SAM? Let us know your thoughts in the comments below.