Navigating the cloud: Why SAM is more important than ever
BSA/Anglepoint “Is SAM still necessary if a company moves to the cloud? The answer is an unequivocal yes”
In 2011 we conducted some research into ‘ITAM in the Cloud’ with Victoria Barber from Gartner. At the time, ITAM Review readers were telling us:
- a) For the most part Cloud contracts had not quite hit their desk and scope of remit…
- b) …But they were expected it to do so soon
Two years on and the growth of Cloud continues to permeate the enterprise in all it’s different forms and a key concern for those of us in the industry is how will this change the role of SAM?
My view is that to think cloud means the end of SAM is to misunderstand what SAM is all about in the first place.
The territory is changing but the core principles remain the same.
Rather than a threat, the disruptive force of Cloud presents a great opportunity for those working day-to-day SAM to broaden their skills, value and strategic importance by helping their businesses navigate these new technologies.
Why SAM is more important than ever
The BSA have published a paper entitled: Navigating the cloud: Why Software Asset Management is more important than ever.
“Is SAM still necessary if a company moves to the cloud? The answer is an unequivocal yes. Although cloud services are different than traditionally distributed software in important respects — the need to effectively manage the lifecycle of software assets is equally compelling in a cloud environment.”
The document reads like a scrapbook of SAM concepts rather than a definitive piece of best practice guidance, but nonetheless it’s good to see BSA shining a light on some of the issues and the document provides some good nuggets:
Key Actions Points / Where to Start:
- “SAM should be embedded in the Cloud Management Process
- SAM functions should review their existing agreements and how their terms apply in cloud environments
- SAM functions should initiate organization-wide policies governing the cloud to address, among other issues, the process for provisioning and releasing cloud services, required approvals and notifications, required controls, and the required terms and conditions to be included in cloud arrangements; and
- SAM functions should gain visibility to and review all current cloud arrangements that the organization has (IaaS, PaaS, or SaaS), review the actual contracts, and understand what software assets are being used in the cloud and what potential licensing and other SAM related risks may exist.”
Shadow IT
That last fourth point might keep us busy for another decade.
With any person in the business equipped with a budget or a credit card able to buy and implement SaaS solutions by themselves without IT – a key challenge will be
- a) finding out exactly what services people have bought and
- b) what is it? (whose infrastructure does it touch, what technology / IP does it utilise, who can access it etc).
As a function, we need to address the growth of Shadow IT by bringing value add to the table, not bellyaching about governance. The SAM market began with inventory and auto-discovery. Management of Cloud requires the same. Watching a browser proxy to see what your users are up to and what cloud services they are buying isn’t going to cut it.
The paper also attempts to summarize some of the key considerations for Software Asset Managers:
SaaS Contract Risks:
- IP Infringement – SaaS provider may infringe on terms of third party IP, unwittingly put end user of SaaS provider at risk.
- Client side software components – ‘authorised users’ might be breached if any client side components (plug-ins, applets, agents etc) are not managed effectively
- Unauthorized use – breaching geographical constraints, shared logins, incorrect logins (e.g. Admin accounts rather than regular accounts) providing logins to third parties, generating value from the SaaS system and sharing with others who don’t have access.
- ‘Shelfware’
- Economies of Scale / Total cost of ownership forecasts – static costs may not add any marginal value when scaling services
- SaaS subcontracting e.g. Impact of Amazon infrastructure outage on SaaS provider
IaaS Contract Risks:
- Transferring existing software license to the cloud
- Unauthorized use – limits of Geography, third party usage, limit by device or platform
- Measuring hardware -related licensing metrics in the cloud
- Software vendor audits – audit provision for third party IaaS providers
- License reclaim if Cloud agreement is terminated
All of these issues point towards fewer configuration/IT led work and more contracts, business relationship management and vendor management.
You can grab a copy here: http://portal.bsa.org/samcloud/bsasamcloud.pdf
I would welcome your feedback on this paper – and in particular would love to hear what resources we could build on The ITAM Review to dig deeper into some of these issues and share your experiences in this area.
Related articles:
- Tags: Anglepoint · BSA · cloud · cloud computing · cloud services · gartner · IaaS · SaaS · SAM · Software Asset Management · The ITAM Review · victoria barber
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
The BSA has hit the nail on the head. Far from eliminating the need for SAM, the cloud makes it more relevant than ever. At the end of the day the cloud is still software, or it is the infrastructure that runs software. Either way, there is software that needs to be effectively licensed and the procurement of it needs to be centrally managed. This is where SAM is still relevant. The cloud is simply a different
infrastructure in which SAM processes need to operate.
It’s good to see the BSA recognizing the fact that the adoption of ‘cloud’ (in its many forms) is forcing a change in the requirements of a successful SAM program. However, for my money, the paper stops short of helping organizations understand ‘how’ to better manage their cloud-based assets. The simple fact is that most SAM technologies simply can’t track assets or usage in cloud-based environments. Without the visibility of what’s being deployed and used, even the best processes in the world are rendered useless. I also would have liked to see a greater focus on the cost-savings that SAM can deliver in cloud situations, rather than more banging-on about compliance issues. But let’s remember this is the BSA and they have their own agenda. Still worth a read.
Whatever load might be lifted from a licensing perspective; it will only come to rest in the contract that is drawn up between the client and the provider. Downtime, recovery, measurement of usage, what happens to software and data in the event of the provider going into administration? Cloud computing places one foot firmly in the BCM/DR space, so contigency planning prior to signing on the dotted line is vital.
Excellent white paper, worth a read!
I agree with your point that even when you move to the cloud, software asset management (SAM) is crucial for organisations. Hence, it is essential to have SAM embedded within the system. Organizations should diligently review their SAM contracts to ensure the management of software contracts efficiently.