In the beginning, there was compliance: that’s when Software Asset Management starts...

In the beginning, there was compliance: that’s when Software Asset Management starts to get really interesting

by -
0 101
Erste Schritte mit Microsoft Secure Productive Enterprise

Is Software Asset Management (SAM) even necessary? Isn’t it there to ensure that companies come out of audits no worse for wear and before disappearing into the nearest drawer until the next audit? The short answer is: of course not. You can find the somewhat longer (but more informative) answer below.

SAM must pay for itself

As mentioned, SAM isn’t a necessary evil that only costs more money before/during an audit. On the contrary, with SAM in place you will never find yourself in a situation in which damage control is the only option. SAM begins with compliance (ideally when contracts are renewed) and ensures an ongoing optimisation.

The goal is that you and your consultant gain an overview of your software assets at the beginning. Without this step, you’re running the risk of paying too much by buying unnecessary products in the wrong contract model. This process often lays open that there is both over- and under-licensing in certain areas.

Perhaps software products from different vendors are being used for the same purpose. If an audit shows that you are under-licensed, not only are you missing cost savings but you may receive a fine and look at re-licensing in worse conditions.

Comprehensive SAM ensures that costs are covered with the optimisation and savings are often higher.

What can SAM do?

First and foremost, you are legally secured vis-à-vis the licence provider if you have a well-established SAM system. You are compliant. This means that your licensing equals the contractually defined frame conditions, even if they change dynamically. If the software environment shifts, you are aware of it and know what repercussions your company faces because of it.

But not only can the licence provider change the conditions, your software use is subject to continuous change. It is not merely the legal aspects, after all. During a metering, for example, it becomes visible whether installed software is used, as well. This uncovers where one part of the optimisation potential is hidden. Insight into the purchase process (who buys products when and from whom) is particularly revealing, as this process is not always explicitly regulated, and overlaps (i.e. double licensing for the same or a similar product) occur, regularly.

You gain transparency which allows for you to review your assets at any time and create added value through savings. This transparency also ensures that you can deliver the information requested by the vendor in a short amount of time during an audit.

In short: SAM is an ongoing process.

How is SAM implemented successfully?

Successful and sustainable SAM happens gradually. As our experience shows, the necessary steps are ideally split into five phases:

  • Phase 1: SAM maturity analysis
  • Phase 2: Definition and creation of SAM strategy
  • Phase 3: Step-by-step SAM implementation
  • Phase 4: Inspection and initial SAM operation
  • Phase 5: Ongoing SAM and optimisation

During the SAM maturity analysis, no tools are applied and no licences will be counted. This step is designed to determine how advanced the SAM processes are in a company. Structured interviews with senior stakeholders of the company are used to collect this data.

The following 7 SAM areas are evaluated and questioned during the interviews (on the basis of ISO 19770-1):

The SAM strategy must express the goal of the company to ideally manage software, only use legal software, and elaborate the approach for legally obtaining software. Often, relevant instructions and trainings of the employees are necessary. Employees must recognise the value of software, understand the difference between legal and illegal use, and pledge to use software duly.

To build SAM in a focused way, a short and clearly phrased SAM strategy is essential. Less is often more:  “What do we want?” “Where do we want to go?” “What kind of roles, processes, and methods are important?”

The answers to these questions should be included in the information for new employees and need to be communicated to existing employees (e.g. on a bulletin board of the company, an intranet, or trainings). All employees must know the SAM strategy and the consequences of non-compliance. It is advisable to include the SAM strategy in the IT guidelines and the user manual and to have employees confirm that they have understood it.

The more specific question, “Which software do we need?” will help to correctly and efficiently buy and use software. Furthermore, the answer to this question can be a guideline for the establishing and upkeeping of the appropriate standard. They can determine the right software profile for every computer and user by checking whether or not the department/ employees need other or additional software/ applications. This first step identifies superfluous software, and your company can decide if it wants to keep using a product.

Phase 3 is all about implementing SAM, step by step. The interaction between processes and the SAM tool is central during this step. A first inventory of your software has to be created with the SAM tool. Only if you know which programs are installed on all computers of your company (desktops, laptops, and all software copies your employees have installed at home) you can define the current software need as well as how to proceed. The processes will help, continuously developing SAM and thereby improve its maturity. Another aspect of this step is to test the existing roles, processes and methods in terms of functionality and adjust them if necessary.

You can compare the installed software on your computers with the existing licences and licence regulations. It is necessary to keep in mind that there are certain licence contracts (e.g. multiple licence contracts) which allow for a defined amount of copies of individual programs and a limited number of users who access the software simultaneously in a network. A tool with included licence management can support you with this.

The original licence states how many users are permitted. Do not rely on original CDs or discs, as only the original licence is valid!

After having identified the illegal software copies in your company, you must delete them from your computers. Now you can compare the legal software copies which remain on your computers with the software need that you have determined during the creation of the inventory.

At the end of phase 4, you can create an official list of software to use based on the inventory, the upgrades, new purchases and the purchase requisition of your employees. This list should include the following: the name of the programs, language versions, version numbers, number of allowed copies or users for the licence, computers on which copies are installed, as well as plans of future extension, upgrades, or software removals.

The correct software management is an ongoing process, which means that phase 5 – ongoing SAM operation and optimisation – is a step into the future. It allows to supervise the adherence to regulations, protect against illegal software use, keep your list of supported software up-to-date, and plan ahead for the coming three years.

And finally…

Every company can profit from SAM. This may appear to be a bold statemen but it is nonetheless accurate. Those who do not have their software assets under control will end up paying more overall.

The rule of thumb states that the bigger the company, the more complex the process and the higher the potential savings/ optimisation. An appraisal of the existing processes pays off, if only to evaluate the risk and optimisation potential. A SAM maturity analysis offers the necessary overview with which you can calculate the next steps.

Used industry standards and reference models

ITIL as well as the ISO 19770-1 are essential components of a SAM model: