Andy Fisher examines the Software Asset Management (SAM) landscape on the road ahead and asks what 2013 is likely to bring.
In November 2012, we hosted a seminar for senior management around the future of Software Asset Management. The seminar included speakers from Gartner, Microsoft and PwC and threw up some key trends around what the SAM landscape is likely to look like in 2013. I am keen to share with readers the main SAM issues businesses should be aware of in 2013, some of the common pitfalls that organisations are falling into, plus the key findings that came out of this event which were:
- Tools alone are not sufficient enough
- Duplication of audit data
- Ensure consistent processes
- Cloud, BYOD and the consumerisation of IT
Tools alone are not sufficient enough
According to a recent study from analyst firm Gartner, 90 percent of organisations who started to address Software Asset Management using a SAM tool in 2012 risked failing a licence audit before 2014. This worrying statistic just goes to show that simply implementing a SAM tool is not going to be enough to protect your organisation against either under or over-licensing. If organisations don’t keep on top of managing their software, it is easy to be completely misled by your discovery tool and to some extent, by software vendors.
Duplication of audit data
Organisations think they need to buy more licences than they are actually using due to tiny discrepancies between product versions and vendor names. For example, most discovery tools aren’t set up to recognise that products with similar names could in fact, be the same thing. Any slight discrepancy will highlight the need for more licences, when in fact, there could be enough licences for the right products – but just with a minor spelling difference!
Ensure consistent processes
One of the key findings of 2012 for us was that so many businesses still do not have consistent processes in place to manage SAM.
SAM is still considered a necessary evil and for many organisations it’s tempting to do as little as possible to remain compliant. However, licensing laws are different for all vendors, and can change with each product and version; so it’s worth biting the bullet and implementing a more comprehensive process to manage this once and for all. With so many businesses moving to the cloud, outsourcing to external companies and with the massive increase in Bring Your Own Device (BYOD), there is huge potential to fall foul of your licensing agreements without even realising.
We’ve already noticed that vendor audits are on the increase – with 65% of attendees at a recent Gartner conference having been audited in the last 12 months – now is the time to make sure that your processes and systems are robust enough to pass a vendor audit first time.
Cloud, BYOD and the consumerisation of IT
As mentioned above, new ways of working such as cloud and BYOD are becoming the norm so fast, that it would be easy to assume that just having enough licences is going to keep you compliant. This is sadly not the case, as vendors can be quite specific as to how and where you use their licences: if any part of your usage changes from the initial agreement, this could be a black mark on your audit.
Vendors have different stipulations about the use of their software, but using the cloud, outsourcing and BYOD contravene many vendor compliance regulations; and risk hefty penalties if you are found to be using licences outside of their terms. If, for example, your original agreement with your software vendor was for licences on a UK based data centre, and years later your data centre has moved, you could be in for a nasty shock. It’s important to keep on top of all changes – however small or insignificant they may seem.
BYOD is considered to be a hostile and uncontrollable threat environment that challenges security and privacy and carries its own risks. According to a recent survey by PwC, 60 percent of respondents thought that smart phones were being used unofficially in the workplace. To avoid considerable fines for the misuse of mobile devices, organisations need to develop and implement proper policies that detail who is responsible for the use of such devices – it’s no good assuming that old policies will cover these, smart devices need their own policies set so that everyone is aware of the rules and the consequences should these be broken.
Technology is changing so quickly and shows no signs of slowing down. To make sure that you stay on top of your IT estate and avoid fines or potentially criminal charges, here are our top tips for staying compliant:
- Fix the raw discovery data– some audit discovery tools present incomplete data with publisher, product and version fields either incorrect or missing – ensure that your tool is able to find all the required information
- Cement your policies and procedures – decide exactly what you want to say, how you want to go about this and write up watertight policies and procedures. Send out to all staff and if possible, have them sign a copy. If the worst happens and some staff have been misusing software there can be no arguments or pleading of ignorance if they have signed a policy document.
- Do your research – make sure that you are aware of the terms of your licences and the consequences you face if you do not meet them, and if you’re still unsure, ask the experts! There are many trained consultants out there who can help you to get your estate in order, understand what you have and what you need, and how to manage this going forwards.
SAM needn’t be a daunting issue, but it does require constant care and attention, make sure that you have a proper process set up to manage your IT estate and you should pass any audit with flying colours!
About the author
Andy Fisher is new business development director for Business Continuity Services (BCS), a provider of Software Asset Management (SAM) solutions and services since 1994. BCS Ltd fosters relationships with software vendors and top analyst firms, as well as providing SAM solutions and services to UK organisations; and Andy is keen to share his knowledge of the market.