Getting what you pay for
Companies can't afford to ignore software asset management, but the implications are more than financial.
It’s a no-brainer that organisations across the board want to reduce spend on software, operations and support, and, at the same time, lower the risk of being over- or under-licensed. However, when it comes to adopting software asset management (SAM) tools to help them do this, many are reluctant, due to the complexity that tackling SAM sometimes entails and the lack of understanding typical software agreements. Unfortunately, it’s often viewed as a tedious ‘tick box’ exercise that doesn’t add value to the business.
But this isn’t the case. SAM does more than tick boxes, it answers critical enterprise-level questions, says Chris Ogden, MD of RubiBlue. “With a growing number of tools and software solutions aimed at driving greater efficiency, accountability, data and suchlike, there’s a strong need to ensure that these solutions deliver, and this is where SAM comes in. Look at it from a risk mitigating aspect. You move from a space where you had no idea what software tools were being used or whether all of your data was being protected, to one where you have clear visibility into applications and solutions. From another angle, are you using the most cost-effective, service-delivering solution out there? If not, why not?”
Matthew Poulter, SAM business unit manager at First Technology National, agrees. “If utilised correctly, SAM can be used to build relationships and a common understanding of the customer’s infrastructure, business objectives and overarching strategy. This helps refine conversations so that you’re only talking about what’s pertinent to the business. Furthermore, a properly implemented, transparent SAM practice builds trust between business and software vendors.”
“Simply ticking the box by purchasing a SAM tool will almost certainly lead to tears and recriminations,” adds Martyn Healy, MD at Blue Turtle Technologies. “Software costs, whether product licences, SaaS or cloud subscriptions, make up a significant portion of IT spend. It’s not asset management, it’s not IT service management – both areas where SAM often resides – it’s a discipline that requires IT, financial and contract knowledge and a fair amount of experience.
“SAM allows businesses to budget more effectively for software investments and to determine precisely when upgrades are required,” says Henk Oliver, MD of Ozone Information Technology Distribution. “It allows the business to project its current and future software expenses and provides a direct oversight as to where software spend is wasted. This is a significant factor in the medium enterprise market where software can be bought, changed or upgraded as employees come and go and often results in unused software that incurs unnecessary costs. SAM can also reduce security risks as you have deeper control over patches and versions of software and you gain oversight into when software is vulnerable. You can also develop simpler rollout methods and control projects more effectively.”
Healy says businesses will get more value from the software they’ve purchased if they deploy SAM. “Given today’s economic realities, the biggest benefit is cost savings and cost avoidance. Taking 20% off software costs by having the right information, to make the right decisions, is what SAM can drive. Being able to relate contract terms to installed software to understand what you’re entitled to will result in reducing unplanned licence spend, those ‘true-ups’ that have now become almost run-of-the-mill. SAM enables not only cost-savings, but puts customers in a position to negotiate more effectively with vendors.”
There is much to do in the digital world, and I believe this process is often bullied into submission by things that are perceived as more important.Chris Ogden, RubiBlue
Ogden thinks the perception of SAM’s importance is the biggest challenge to its adoption. “There is much to do in the digital world, and I believe this process is often bullied into submission by things that are perceived as more important. Start somewhere, build it up, use it as a metric or tool to understand where you can drive more from it, save costs, and ensure tools are there to help the business deliver more. It’s a very important item to address internally, and fundamentally has the ability to help a business succeed and truly harness the potential of its technology.”
“Incentive drives behaviour and some software vendors see licence audits as an important source of revenue, one that compensates for the drop in the ‘mega’ licence deals brought about by changes in the customer approach to software spending, subscription licensing and cloud consumption models,” adds Healy.
“Other challenges include the complexity of licence terms and the difficulty with tracking software installs – the use of these put customers on the back foot when a vendor turns up for an audit,” says Healy. “As an industry, we haven’t been very good at pulling the various data together and thinking about what’s installed, where it’s installed, who’s using it, what’s in the contract, what we’re purchasing and what the terms of the licences are. If we did this, we would get full visibility of an environment and then be able to use this data to drive decisions and gain control of SAM. At the same time, the increasing use of SaaS and cloud services is a ‘spend’ management problem waiting to happen – often not part of a common software ‘spend’ or IT financial management mandate. The consequences are that we could be reacting to over-spend, with a limited view of how it came about.”
The move to cloud
Poulter believes that SAM complexity is being driven by software vendors themselves. “Licensing rules vary from vendor to vendor, making it necessary to have an understanding of how to implement each vendor’s specific licensing scenario. Additionally, each vendor has constantly evolving licence rules that adjust with how their software changes, and improves over time. This often means that the rules you understood and applied to your organisation when you last signed an agreement have changed. These can be the licence rules, the terms of the licence contract or even, as we see now with the move toward cloud, a substantial change in how we think about licensing. Software vendors have a tendency to swing between licensing solutions that are complex and simpler ones. The reason for this is when the swing is toward complexity, software vendors promote flexibility and more options. When the swing is towards simplicity, they promote better visibility and easier management.
“Software technology is constantly changing and being improved, and a SAM programme can become redundant if the business doesn’t have the right SAM partner to keep them up to date on the new technologies, how they’re going to work and how to manage them,” adds Poulter. “In addition, governance is being driven on a global level, and while we do have local legislation such as PoPI, the European-based GDPR also needs to be considered if you do business with any European concerns. Security is also a challenge as the realities of ransomware attacks as well as other cyber risks are prevalent. This is going to become more apparent as we become more dependent on the software that runs our businesses.”
Simply ticking the box by purchasing a SAM tool will almost certainly lead to tears and recriminations.Martyn Healy, Blue Turtle Technologies
According to Olivier, the biggest difficulty associated with SAM is its rollout as it needs to be done 100% effectively. “If it isn’t done completely or constantly managed and monitored, it doesn’t work to have SAM in place. There always needs to be a responsible person who ensures this is consistently managed and updates are monitored. There are many companies that will start SAM, for example, where the IT team manually does the checks and updates a spreadsheet. If one person misses a check, then the whole process has to be restarted.”
“I don’t think SAM is a complicated thing to manage,” says Ogden. “I believe you have to start somewhere, as daunting as it may sound, or even as much of a waste of time as it may seem. Highlight all the tools, how they’re used and compare this insight to what the intention of use originally was. Compare these and test. Then start unpacking their use from a risk-mitigating factor – measure this risk versus what is acceptable. Throw out the badly used systems that don’t fit or work to requirements. Have the data destroyed. Realign your needs analysis with what’s available (you will often not find a perfect match, so you will end up going with what suits the business best, again taking all angles into account). Have a destruction strategy once tools and apps get to that point to ensure the best process is laid out for anyone to follow.”
A wide variety of skills
Says Healy : “Ground level it's getting the right data – whether that is inventory of installed software and the associated hardware configurations, the unique data needed for specific vendors, such as IBM or Oracle, or data in contracts, purchase orders, vendor End User Licence Agreements (EULAs) and business applications. These are usually ‘siloed’ and even getting the stakeholders to support the SAM initiative can be a major obstacle. Also, if SAM is owned too low down in the organisation, it will fail, or if it’s seen as the job of IT or IT service management, it will fail. Recognising that SAM is part of the business management of IT is critical, as is giving it the authority and resources to get the job done.
To get it right, Poulter believes the first step is hiring the appropriate SAM team. “The individuals need a wide variety of skills and knowledge in order to be able to deliver on what’s required. Executive support is also a must; without a level of authority, a SAM programme will not be able to deliver on its mandate. Next comes the technology. Finding a tool that can adequately support the SAM team in gathering the right information across all technology implemented throughout the organisation is essential and these tools also need to be correctly implemented and supported. And don’t forget governance. It’s good practice to certify staff in the selected framework to ensure there’s a common understanding. The SAM team can then leverage this framework to implement the SAM programme. Also, finding the right consultative partners to help where needed is crucial, Poulter says. “Understand that it’s not your business’ core function to know how vendors have changed their licence programme from year to year. Have a virtual team of experts that can assist you to understand a vendor’s contracts and negotiate with those vendors. Finally, develop and execute a SAM plan.”
Healy adds that ‘people, process and technology’ are constants in a business. “Getting more practical lets us identify the significant challenges we’re facing, or the opportunities we see. What business outcomes are we looking to drive? How will SAM realise these and how will we measure the benefits? Then let’s put this into context of our organisation; how ‘mature’ are we in managing software? Are we able to discover and inventory everything? Are we reconciling our software entitlements to what’s installed? Are we relating software use to business use? Have we automated licence reconciliation and our licence compliance processes? Can we optimise costs based on analysis of software spend, licence use, vendor contracts? In establishing a SAM practice, whether internal or with a service provider, we need to understand where we are in the business, what is practical to achieve given our starting point and then set goals and milestones in line with this. Bringing together the right expertise, experience and stakeholders is key. SAM is not an IT technology issue, it requires commercial, finance and IT capabilities to succeed, and executive sponsorship.”
“There are numerous tools that can do a full audit of the network and the software used on the network,” says Olivier. “It’s best to use software tools that can provide this level of in-depth auditing on the network and that can provide you with a centralised console that has access to computers on the network. There are tools that can do an individual audit on a computer and that can provide the exact details of the software used on the computer and its versions. For medium to large enterprises, there are many other functions that can be implemented when you have SAM in place, for example, forcing policies onto users via the management console or set up notifications or automated responses when someone installs or removes software from a device.”