As organizations increasingly rely on the applications they use, whether through on-premise installations or cloud subscriptions, it is essential for you to understand:
- What you have
- Who is using it
- How it is supported
- What you are paying for
Well-developed and clearly understood software asset management (SAM) processes are your key to getting value from your software investments. SAM also ensures that you are neither using more software licenses that you are paying for (leaving you open to legal consequences), nor less, which means you’re paying for more than you need.
Let’s introduce software asset management, including:
- The concept
- Common challenges
- How to avoid them
- Best practices for choosing SAM tools
- Additional resources
What is software asset management?
Software asset management is an ongoing IT practice. Like the overarching practice of IT asset management (ITAM), the primary end goals of SAM are usually to:
- Ensure compliance
- Mitigate risk of penalties
- Avoid security breaches
- Reduce risk of unplanned costs
- Optimize investments (i.e., lower costs)
Software is a huge, ongoing financial investment for all organizations. The ability for departments, or individual users, to acquire software licenses through software as a service (SaaS) providers means that it can be difficult to understand what software is being consumed by your organization, much less control the financial and legal implications of software use.
To demonstrate this challenge, the image below indicates a variety of asset types you’ll need to manage. Many of these will fall within your SAM practice:
This means that SAM is more important than ever, but also more difficult to do effectively due to the decentralization of software procurement. There is no easy button for asset management—regardless of the tools and content.
I have heard SAM referred to as a “dark art”, which implies SAM is much more than a tool or technology. It requires skilled resources and the right technologies to cover all platforms, titles, and license models within scope.
Common SAM mistakes
Many organizations start with unrealistic expectations because they have not been exposed to the challenges inherent in building a SAM program. Therefore, to build a successful and sustainable SAM program, start with a critical understanding of the most common challenges.
There are many mistakes organizations make when setting up a SAM practice. These three are the most common mistakes I come across:
- Setting unrealistic expectations when planning or maturing a SAM program.
- Not identifying a roadmap, a phased approach with a clear, prioritized list of requirements.
- Not performing the proper due diligencewith SAM vendors to fully understand what you can do out-of-the-box vs. what requires customization, professional services, or consulting. This can have a significant impact on cost.
Any one of these three can delay or even completely derail a SAM project. Not in the list above is something that is almost more problematic—so here’s a fourth mistake:
- Expecting a tool to do all the work for you. As the saying goes: “A fool with a tool…” A SAM tool can do a lot of heavy lifting for you by discovering software and enumerating license usage. But no single tool is going to provide all the answers you are looking for. If you do not design the SAM practice well BEFORE implementing a tool, then you are very unlikely to have a successful outcome.
Challenges and fundamental truths of SAM
Too many organizations ignore or discount these challenges. The value of their SAM practices suffer as a result. The above mistakes are frequent challenges, often due to organizations:
- Jumping in too quickly without any experience
- Setting unrealistic expectations
- Not defining a focused scope with a phased approach
The list below are the most common SAM challenges—and their truths.
No single tool/solution
No single tool can discover all software and the data necessary to measure all license models. I’ll say it again: There is no such thing as an out-of-the-box SAM solution for all software.
Some tools are better with certain vendors and/or platforms than others. Some vendors bundle and/or partner with other technologies and content to broaden their coverage. For example:
- On the discovery front, some software requires usage information and/or specific configuration settings (e.g., Oracle database licensing).
- On the licensing front, the product use rights (PUR) can be very complex—think MIPs and points-based licensing.
On either front, very specialized knowledge is required to create and maintain this level of specialization. This is just one factor as to why a phased approach is essential for success.
Content drives automation
In today’s SAM world, content is a critical success factor. Without it, the onus is on the customer to create and maintain it, which is not practical unless the scope is very limited. Content covers a wide range of areas including, but not limited to:
- Discovery
- License models/SKUs/PURs
- Maintenance
- End of life
For example, with product use rights, the default license can be associated to the discovered software, significantly reducing the effort to measure compliance
Complex and ambiguous
License models can be complex and ambiguous, and they will continue to grow. Datacenter software tends to be the most complex. Some information required to measure compliance may be difficult to collect. Not all vendor terms are clear and/or measurable and new license models continue to emerge.
Tip: Prior to purchasing any software, verify the compliance terms in order to avoid any ambiguity. If you don’t know what to measure, you cannot be confident in your compliance position. (Jump to questions about compliance below.)
Standards slow to adopt
The primary standards in this area (ISO/IEC 19770-1, -2 and -3) have been slow to adopt to further enhance automation in order to reduce the dependency of content services.
As adoption grows, these standards (particularly -2 and -3 below) will reduce the dependency on content which is essential today to drive automation and reduce the SAM effort:
- ISO 19770-1 provides a process framework for SAM. This is a great standard to evaluate and baseline your SAM program.
- ISO 19770-2 provides the standard for software tagging (discovery) which software vendors are slowly adopting.
- ISO 19770-3 standard provides the transport format, which is intended to drive standardization on the entitlements front.
Cloud complexity
Cloud licensing adds complexity as this is typically (but not always) less of an issue regarding licensing and compliance and more about usage and optimization. Hence, some cloud vendors are getting better at controlling the usage to avoid non-compliance, which shifts the primary focus on the customer to ensure they don’t over purchase (i.e. optimization over compliance)—an improvement over traditional on-premises software.
The tools and technology to capture and manage cloud-based software are improving as consuming applications via cloud services moves to becoming the rule rather than the exception.
Choosing SAM tools: Ask the right questions
Understanding the complexity of your own environment is going to provide you with direction when you are planning your SAM initiative.
If your organization simply uses technology for basic productivity tasks and the bulk of your staff only use Microsoft Office 365, then your scope will much easier to define and the licensing much easier to manage. If, however, you use a wide variety of on-premise and cloud-hosted applications—which is likely—you need to plan accordingly.
When dealing with multiple vendors, it is important that you understand the licensing models that apply to each application.
The table below gives you a starting point to find out the information you need to understand when planning SAM for your organization. This is not an exhaustive list of questions, but it will give you direction on the additional information you will need to know in order to effectively manage your software assets.
Most organizations I have worked with to establish SAM have been surprised, in some cases shocked, at what they learned:
- For many it was an opportunity to save money on licenses that were being paid for and not utilized.
- Others discovered that they were overutilizing licensing, leaving them open to fines and other legal consequences
Either way, uncovering the truth of your licensing state means you can know—and ensure—that you’re neither over- nor underutilizing software.
SAM resources
In my experience, it is not that organizations cannot handle the truth—they can. They just need to find and understand the truth before starting a SAM program. So now the question is, “How do I find the truth?”
The best source of truth about SAM is with those who have the real-world experiences of implementing more formal SAM programs. There are a range of sources including several independent industry organizations including:
- The ITAM Review
- The International Association of Information Technology Asset Managers, Inc. (IAITAM)
These organizations provide great content, guidance and training around SAM. For example, The ITAM Review provides a solid SAM Tool Selection Kit, which includes an in-depth questionnaire to assist in the process of selecting the best SAM solution for your business.
Additional resources
For related reading, explore these resources: