The Challenge of Software Asset Management SAM

‘SAM’ happens to be the name of my lovely old Alsatian cross (Photo Left) and just thinking about him gives me a ‘warm fuzzy feeling’… SAM also refers to Software Asset Management and in no way does this leave me with the same feeling, in fact quite the opposite. If you’re involved in SAM you will likely have felt the pain of getting your ‘house in order’…

What is SAM?

Managing your licenses can be a tricky business. Licenses come in all shapes and sizes and are not just specific to software, hardware can also come with a host of ‘license-able’ functions. Getting your head around licensing is in itself a challenge, and for anyone involved in SAM the challenge is never underestimated.

SAM is a way of bringing order to chaos by centralising all your license assets in one place. SAM is not simply about acknowledging the 25 copies of Microsoft Project you have purchased. The key part of SAM is ‘Management’. This entails a much broader set of activities for example:

  • Linking and evidencing purchase orders
  • Linking and evidencing delivery notes
  • Linking and evidencing invoices
  • Adding, removing and updating license agreements
  • Managing expiry and renewal dates
  • Identifying where licenses are being used or are dormant
  • Identifying where you have a license shortfall
  • Identifying where you can save money by re-provisioning licenses

Getting to grips with SAM

If you have a small estate then SAM will be fairly straight forward, if however, you have a complex estate involving thousands of users and hundreds of servers then the problem becomes exponentially harder. This is particularly a challenge if you manage licensing for different legal entities within the same Enterprise. Some vendors offer assistance in addressing this challenge, for example Microsoft offer the Key Management Services to assist those with ‘volume licenses’.

You can of course purchase SAM software to help you organise your licenses such as Phoenix Dashboard. Also many IT Service Management suites have SAM built in. SAM software will carry out the usual network scan to ascertain the software licenses currently in use. However, a simple scan can divulge a huge range of ‘detected’ software that may fall under a number of different license agreements. Often it will take significant human intervention to validate what has been discovered and associate it with the correct license agreement.

Many SAM products include Software Metering which is a way of monitoring actual software usage, this allows you to make an informed choice about removing it from one person’s equipment and installing it on another users equipment who actually needs it, thereby avoiding unnecessary purchases.

Another approach is to get support from FAST (Federation Against Software Theft). One half of the organisation will work with and defend your interests, assisting you with training, awareness, legal support and even provide you with a SAM tool. They will also provide you with an accreditation process from Bronze through Gold depending on how embedded FAST is and how mature your SAM approach is within your organisation.

The less fluffy other half of FAST are best described as the chaps with blacked out vehicles who will come knocking and have powers from UKIPO law enforcement to access your property. Now you may be feeling a little skeptical at this point… isn’t this a major conflict of interest? Well rest assured! there is apparently a locked door separating these two divisions at their head office in Maidenhead, Berkshire…

How hard can SAM be?

If you’re fortunate, licensing may be a simple affair, for example you might have a server license for an accounting package such as Sage or SUN with with 100 CAL’s (Client Access Licenses), your license agreement allows for copies of the software to be used for testing and recovery purposes. Your organisation only has 80 users so you know you’re within the limits of your license. You only run the software on a single server so no problem there.

Now let’s take Oracle as an example of how complicated things can get. Oracle licensing is notoriously difficult to get right, even Oracle staff struggle to interpret their own licensing models. Oracle license many of their server products by processor or processor core. Add Virtual Machines into the mix and Oracle will expect you to license every virtual core that their software may interact with within the Virtual Server Cluster, even if it doesn’t actually use it. This often prompts a re-design of the server infrastructure to avoid unnecessary and costly licensing especially where HA (High Availability) and DR (Disaster Recovery) services are employed.

Why SAM is important

SAM should be considered part of ‘business as usual’ and as important as embedding Information Governance into your organisation. Professionally your ‘house should be in order’ and it is an illegal activity to use unlicensed software or hardware. Without time and investment in a robust SAM approach you may end up like Perth and Kinross Council who paid £67,675 to FAST in April 2013 after it was found, following a whistle blower report, to have fallen short of licensing requirements. Of course, the consequences should not be the only reason to implement SAM, it is simply the ‘right and proper’ thing to do to remain within the law and prevent negative reputational risk to your organisation.

What happens if i’m audited?

It’s a question of ‘when’ rather than ‘if’, vendors have a legal right to protect their IP (Intellectual Property) and to recover costs for unlicensed use. You may receive a letter requesting an audit due to a variety of triggers. Most large vendors such as Oracle, Adobe and Microsoft have dedicated teams whose job it is to audit customers. They may choose a particular vertical to focus on, such as retail, and then a particular geographic area. You may find that a request for a quote of a significant size triggers a ‘house keeping’ process to ensure you are on the correct license agreement, or as the example of Perth and Kinross Council shows, you may be audited due to a whistle blowing trigger.

In most cases, the vendor will appoint a third party ‘partner’ who speacialises in your particular business activity or license agreement. You typically have eight weeks from receipt of the letter to respond and carry out the audit which often involves an onsite presence using software tools to ascertain your license usage.

At this point, it should be said, that the activity of auditing also comes with positive recommendations and approaches to help you best fill the gap, it is not a method to ‘hold you over a barrel’, but it should be acknowledged that legal process will be used if you do not comply with the recommendations. It’s also entirely possible that you might find that the vendor has a better licensing model that may actually save you money in the longer term.

Proactive SAM Management

You may wish to engage directly with a license auditor, under an NDA (Non-Disclosure Agreement) to carry out the same activity that would be done under an official audit. By so doing, you can tidy up your licenses and have an official statement to share in the event that you receive a letter requesting an audit. In the case of SAM, prevention is usually better than cure.

SAM will be a challenge, and you will have moments of frustration as you embed it into your organisation, but you might be surprised to find that the end result is that SAM, like my dog, may just give you an unexpected ‘warm fuzzy feeling’ after all…

ITwaffle.com Copyright © 2014 Gareth Baxendale

Creative Commons License

ITwaffle.com by Gareth Baxendale is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s