Software? What software?

True or false? Every piece of software your organisation uses is properly licensed, and you are only paying for as many licences as you actually need.

If you can answer “true” with complete confidence, you're in a small minority. Well done. For those who have to say “false” - or worse, “I don't know” - it may be of some comfort to know that you're not alone. By most estimates, 80% or more of South Africa's corporates don't know exactly what software is deployed in their organisations (and the number is even higher in government departments).

This is not what people usually think about when they hear “IT asset management”. We're far more used to reserving the label “IT asset” for hardware. And yet, software is the most expensive IT asset most organisations own.

“Organisations typically spend at least 10% to 15% more on software than they do on hardware,” says FrontRange Solutions Africa sales director Nick Perkins. “Yet it's amazing how many don't know what software they have and what their licence entitlements are. Hardware assets are now mostly pretty well managed - people know what's there, they have the right people and agreements in place to support it. But software management is still a challenge.”

The consequences of not paying as much attention to your software as to your hardware assets can be costly. “We looked at one large organisation with an annual software budget of over R100 million, about five times as much as their hardware budget,” says Perkins. “Because they didn't actually know what they had installed, they were spending money to buy software they already owned.”

Buying things twice, or paying for new licences when you haven't used all the old ones, is one side of the risk coin. The other is ending up with unlicensed software - and running the risk of paying hefty penalties for non-compliance.

Perkins agrees: “Very few businesses intentionally use pirated software - it's usually a problem of management and awareness. But if the Business Software Alliance audits you and you're not compliant, your motives don't matter. There can be hefty fines to pay.”

Increasingly, automated discovery tools and agents are doing the heavy work of tracking what hardware and software an organisation has, where it's installed and who is using it. These range from “agents” that monitor and report on individual bits of hardware, to agentless discovery tools that interrogate entire networks to quickly build complete pictures of what is out there.

Having an inventory is not enough, though. Those involved in IT asset management are unanimous in agreeing that the real gains come from using the information you've gathered to improve the management of your assets. “We have people saying they can't afford the inventory tools - but then half the time it turns out they're paying even more on software they don't need,” says Perkins. “You can't manage your systems or your costs if you don't have accurate information.”

Eliminating pointless spending is the first gain to be made from an accurate IT asset inventory, and there are plenty of examples. When you do the exercise, the chances are high that you'll discover maintenance contracts still running on hardware that was retired six months ago, or licences being paid for but not allocated, or users sitting on applications they never use.

This introduces another benefit - the ability to set, and actually enforce, appropriate corporate standards for software. Fourie points out, for example, that many organisations buy Microsoft Office Professional for vastly more employees than actually need it.

Software ... proliferates in minutes, it gets all over the company and the licensing can be a nightmare.

Hedley Hurwitz, MD, Magix Integration

“People say they need Access and Publisher, but if you look at the actual usage, you'll probably find 80% of those people have never opened those applications. Companies could save a lot of money by using standard packages.”

Perkins points out that it can also be difficult to control the actions of individual users. “Say you have a policy that your environment must use Office 2003, because that's what you're licensed for and what you're set up to support. Inevitably some users will try to upgrade themselves, which not only puts you in breach of your licence conditions, but can cause all sorts of compatibility problems, and waste a lot of support time.”

“Software is a huge issue,” agrees Hedley Hurwitz, MD of Magix Integration. “It proliferates in minutes, it gets all over the company and the licensing can be a nightmare. Then, if people are running software they shouldn't be, they start complaining that their hardware is too slow and they need new systems. If you're not controlling what people are using, you run into lots of problems.”

Fortunately, says Perkins, there are plenty of solutions on the market. “There are tools available that will automatically flag all installations that don't conform to the standard, then remotely go in to delete what shouldn't be there, reinstall what should be there and bring the entire environment back to policy.”

Lack of an accurate inventory 'could make a complete virtualisation fail horribly'.

Dawid Ras, regional manager for Ionix, EMC SA

Companies that are considering virtualisation - as just about everyone is these days - also have much to gain from sorting out their IT asset inventories first. In fact, Dawid Ras, regional manager for Ionix at EMC South Africa, says the lack of an accurate inventory “could make a complete virtualisation fail horribly”.

“The multiple relationships between different technologies in an even moderately complex environment are virtually impossible to understand manually,” says Ras. “You don't just need a list of all your hardware and software, you need a model of how they're all related - how your applications talk to your storage systems, for example. Once you understand that, it becomes much easier to identify candidates for virtualisation and complete the process successfully.”

Ras says that in these environments, automated discovery tools that can build accurate records through the virtualisation process are essential. But once-off discovery, again, is not enough. “You need to take the next step, which is to take ownership of the technology and the process, to consistently manage the accuracy of your database.”

Hurwitz is similarly insistent on the importance of business processes. “You can't just buy the software and hope that will give you a process,” he says. “That's one of the biggest mistakes companies make when it comes to IT asset management. You need processes in place to make sure the information that is gathered actually gets acted on - and for that, you need to involve more than just the IT department.”

Hurwitz argues that the key performance indicators (KPIs) of all managers need to include indicators related to the state of their IT environments.

“If I'm responsible for the payroll, and one month salaries don't get paid on time because an anti-virus patch wasn't updated, that's my problem - not the IT department's,” he says.

The challenge, he says, is to communicate the state of IT assets in terms that show their impact on business objectives. This, in turn, means the organisation needs to have an accurate picture of those IT assets and what their role is.

“You have to understand which assets underwrite which processes and business events,” he says.

“Only then can people start to understand and buy into the idea that they are responsible for the health of their entire environment, including the IT.”

Failure to understand this tactical importance of IT systems is another of the big mistakes organisations make with their IT asset management, says Hurwitz. “Executives tend to see it as just an audit requirement - tick the box, then move on. They're missing out on the significant opportunities that an accurate IT asset register offers.”

These opportunities include, for starters, the benefits of properly managing IT assets through their life cycles from acquisition to disposal.

“You need to manage every piece of hardware and software from the day you place the order,” says Columbus Technology's Fourie. “A decent asset management application, linked to your supply chain application, will give you visibility of order dates, delivery dates, purchase price, helpdesk records and more. A history like that can give you great insight into the quality of your hardware and a better position from which to negotiate with vendors.

“It can also save a lot of money on maintenance contracts,” he adds. “We've seen cases where maintenance contracts start running from the date of manufacture, not the date of delivery, which can mean you're losing out on weeks or months, especially if the equipment is imported. You need a system to pick up those things.”

There are also missed opportunities for energy management and greener IT, points out Hurwitz. “Replacing an individual CRT monitor with an LCD screen might seem expensive at first sight, but when you add up the extra energy usage across 600 monitors, it might turn out you'll start saving money by replacing them all tomorrow. Again, if you don't have the information at your fingertips, you can't make the decision.”

There are further opportunities to use IT asset registers in compliance more broadly. “IT asset management is starting to converge with identity management,” says Hurwitz. “In any large organisation you need to manage very carefully who has access to what systems, and what they can do inside those systems.

“The ideal is to manage it all seamlessly: on the day I join the organisation, I get a login that is tied to my physical identity and controls exactly what machines and applications I am able to use. That makes take-on easy from an IT and a security perspective - and the day I leave it's equally easy to switch everything off again. When compliance is built into the process like this, there is far less that can go wrong.”

As with most things, it turns out in the end that proactive management of IT assets - software as well as hardware - has benefits beyond the obvious. “If you're not managing things actively, you're always doing damage control,” says Hurwitz. And that's never a good place to be.