The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Our Software Licensing Is a Mess – Where Do We Start?

If you’ve been assigned responsibility for sorting out that prickly mess called software, you might be asking yourself – Holy moley! Where do I start?

If you are a newcomer to managing software, may I offer you two pieces of advice? You might be feeling slightly overwhelmed by the enormity of the problem. If you want to sleep at night and not blow a fuse try to grasp two concepts:

1) You will never manage everything

Theoretically, with intellectual property law, every license is sacred and should be treated with equal respect. But I’m assuming you don’t have an endless pot of money for SAM and have finite resources. So we have to be a little pragmatic about things, as I have mentioned before, we have to pick our battles. Your job is to provide the best IT environment for your users, at the lowest cost, with lowest risk. As any good IT security professional will tell you, your job is about mitigating risk, not eliminating risk.

2) Your work is never finished

Your estate will always be in a constant state of flux. I have known (very occasionally) of SAM gurus that have left their company because they managed to ‘get it nailed’, got bored, and moved on. But on the whole just assume that the goalposts will always be moving. It’s at times like these you might say SAM is like painting the forth bridge, but it turns out the forth bridge is now finished, drat!

The 80/20 Rule

Ahhh, now we’ve got that out of the way, we can relax and get on with the task at hand.

The Pareto principle applies here; in that 80% of your financial burden and compliance risk is likely to be found in 20% of your software estate.

If you are starting out, you may be looking down the barrel of several hundred or several thousand different vendors. I would wager, that no matter what sort of organization you work for, the vast majority of the compliance headaches and money spent on software in your company could be found in the top 10 or top 20 vendors.

So in short, by carefully picking some vendors, you make a massive impact to the control, costs and risks of your software estate in a fraction of the time it would take to gain control of the whole estate.

Factors to think about when selecting your top vendors to focus on:

  1. Compliance Risk – Prioritize by compliance risk or likelihood of an audit (see this article for some suggestions: Vendors auditing most frequently according to ITAM Review readers in 2010 – Microsoft, Adobe, IBM, SAP, Attachmate)
  2. Spend – Total financial exposure (who we spend the most money with)
  3. Strategic Importance –  See more about this here. How important to you are they as a vendor? Or to put it another way – if they threw their toys out of the pram and withdrew the use of all of their software in your business – would it be a showstopper?
  4. Events – Renewals on the horizon, look at any maintenance contracts or agreements that are up for renewal in the next 3 to 6 months. Preparedness is the key to software negotiations.
  5. Strategic Changes – changing platforms or technology stacks soon? moving to a new version of XYZ? moving away from ABC? It might be good to put these on your radar. Vendors are known to audit soon after you have dumped them, they like to retaliate after you have taken away their forecasted revenue. Similarly, exiting a site license or all you can eat agreement is know to trigger an audit – since the vendor knows you have gorged yourself at the trough of limitless software and you are likely to have little controls in place.
  6. Consolidation Opportunities – Is there an opportunity for a quick win by choosing one application and abandoning another similar but redundant application – whilst getting compliant and saving money?
  7. Gut feel – a bit of gut feel always helps – Asking your broader team might pick up some additional vendors to think about due to previous behaviour or events in the pipeline. Just be careful not to extend the list to far. Aim for 10, set an absolute maximum of 15-20.
  8. License Type – Sometimes it’s helpful to pick off some quick wins based on type. See table below:

Vendor License Type



Volume Desktop High quantity of low value installs e.g. Adobe, Microsoft – usually a big $$$ number.
Premium Desktop Low quantity of high ticket items e.g. AutoCad, not many but expensive. Good opportunity for quick win.
DataCentre Low quantity of high value items e.g. If you can get access to this environment to audit properly – some big ticket items in here. Complex but big $$$ numbers.
High Risk Low quantity, zero value but high strategic risk e.g. Some zero cost items that might help you win friends and influence people with your SAM project. Service Packs missing, AV missing, malware, key loggers etc.
Minutiae Everything else That long list of ‘other vendors’. They are important – but let’s get these big Kahunas out of the way first.

Knock-On Benefits

Trying to demonstrate compliance for every single piece of software in your organization can only lead to disappointment. In an ideal world every software publisher should be treated equally, but we don’t live in an ideal world with infinite SAM resource and infinite budget. Picking off big targets and delivering compliance will help build momentum in your SAM practice and justify further investment in dealing with the smaller vendors. All the process improvements, controls and benefits accrued managing the top vendors will naturally have positive benefits to all other vendors.

What Next?

What happens once I have things under control or at least moving in the right direction for my top 10?

Sit back, crack open one of your favourite recreational beverages, and bask in your SAM glory….

…Then think about expanding your list. The top 10 could be the top 20 and so on. Look at what you’ve learnt and try to apply it to a larger group, whilst not losing the progress you’ve made on the top 10, keep it current.

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.


  1. Lori Samolsky says:

    Love your articles. The 80/20 rule in SAM is critical. If you are starting out, you have to decide about whether you are in protective mode (i.e, audits) or strategic mode. In some cases SAM managers will be spending all of their time on the defensive. But when the air clears, you will find that those audits are 80% of your areas to manage. So my advice, use your audits from suppliers to document and agree process changes and procurement methodologies for you to move forward. It’t not always ideal – but it is reality.

  2. Chris Clark says:

    One of the biggest concerns the organization I recently joined is that of which SW publishers’ should we focus our attention on. This article is great, it outlined all the comments I made to VP. This organization like others, are resistant against Service Management standards and the change tthat comes with it. I’m a big fan of a CMS and data being federated from other sources but this can only happen if those sources are following standards, if not the whole system fails.

Leave a Comment