So you’re the “go to” guy or gal within IT, and IT service management (ITSM) has been your life for the last five years. You can soak up ITIL and ISO 20000, and your team is well versed in the nuances of ITSM and how that has been moulded within IT to deliver great service to the rest of the business. And then someone says to you “What about Software Asset Management (SAM)”?
Your IT budget has been apportioned to various projects and training requirements for the next 12 months, and your ITSM solution doesn’t come with a reconciliation engine to enable comparisons of inventory data to proof of entitlement (contracts, licenses etc.), which in turn could produce a license compliance report. Plus the CIO has said there is no money in the budget “for another tool, on a topic I have little comprehension of.” (Sorry – I’m sure some CIOs understand SAM!)
So what’s a hard-pressed IT manager to do to try and enforce some degree of SAM discipline within a company without a bona fide SAM solution to measure his/her efforts? Below are a few ideas that could make the job of managing an IT estate a little bit easier, as well as acting as a way to state the case for obtaining a SAM solution in next year’s IT budget.
The organizations where SAM is weakest will most likely have the most liberal financial control also. If software purchases are not funnelled through an IT portal for a company to maximise the benefits to be derived from economies of scale, then there is also a good chance that any evidence of purchase/proof of entitlement is not finding its way back to a SAM function to justify the install. Commercial culture has to be bent, not broken – so perhaps a step forward is to say to those liberal budgets holders: “Buy whatever IT you like, but buy it through authorized channels.”
Not unlike the previous restraint mentioned, deployment of software should not be a knee-jerk reaction to a red-faced project manager looking to massage his ego by demanding deployments “yesterday”. Granted, certain installations can be justified off the back of existing contracts, but make sure financial evidence can be levied against individual installs for true compliance. However, due-diligence should take place between the requestor, procurement, and deployment to ensure that what was requested was what was bought, and that what was bought was what was installed.
Communications best practice highlights that the right message goes to the right people at the right time in the right format. Clearly, the SAM/IT asset management (ITAM) message that goes to a developer is completely different to the SAM/ITAM message that would go to an end user or a contractor. Ensure that the policies and ambitions for managing SAM are consistent across the board.
If you rationalize the number of software titles that are used to run your company, then the amount of SAM overhead in chasing down entitlement and contract management is also reduced. Interestingly, this can have a knock-on effect to the service desk, as fewer titles also leads to a reduction of support tickets on the dizzying array of titles that could be installed on a given IT estate. Interestingly, a mean supported software catalogue can also be used to further limit purchases, as only approved software will receive authorisation to proceed with a request for purchase.
One license = one install is so 90s! Terms and conditions offered through support and maintenance and/or volume contract agreements can extend the capability/footprint of software considerably (and in a legitimate fashion too). Also, try and stay vendor-neutral in respect of learning licensing types, as you will start to find that terminology plays a large part in how one vendor to the next defines a device, or a user, or an installation. This extends to the roles devices play too – one vendor might view a back-up server as requiring a full production license, regardless of whether the software is being used or not. This gets evens trickier in the database space as the hot/cold standby nature of the reserve install can be factored into a license calculation.
It may be that you believe once a SAM solution is installed, you will be able to produce real-time dynamic license compliance reports at the touch of a button. The question to ask yourself here is: Do you really want to? Is it reasonable to be taking license compliance reports to senior management on a daily/weekly basis asking them to make management decisions on either uninstalling or purchasing software to rectify a compliance position? The churn and frequency of change within your IT estate should offer a fairer indication as to how frequently such reports should be placed in front of senior management for a call to action.
If it is your intention to take SAM into the boardroom, then understand the role and value the software has in revenue production. Calculation of this is a subjective matter, merely comparing the cost of the software against the revenue the software supports could be viewed as naïve. Whatever calculation you do settle upon, make sure you can justify that calculation in support of any figures that might be placed before the board.
Once you start to dig deeper to understand where data is coming from to derive a license compliance position, you will come to realize that a significant portion of it comes from outside of IT. A SAM manager has to ensure the goodwill of key stakeholders in getting that data in a timely and accurate fashion, and also in a format that will ultimately be acceptable to the SAM solution. Establishing those links prior to the arrival of a SAM solution will put you in a great position.
Don’t reinvent the wheel when it comes to creating SAM processes; several of the processes required of ITSM, as outlined in ITIL, can be modified to address SAM concerns.
I hope the above gives you a flavour of issues/steps to address prior to acquiring a SAM solution. Regardless of the size of your organization, SAM should extend as far into your organization as the IT does, and does not “go away” merely because a SAM solution has been purchased. If anything, SAM serves to prove the old maxim of “Garbage In – Garbage Out”. If you can adopt an ounce of quality assurance/plan-do-check-act (PDCA) in your approach/preparation to SAM, then when the SAM solution arrives you will be better placed to gain quality results that serve, and can be trusted by, the business.