SAM Tool Buyers Guide
This SAM Tool Buyers Guide highlights some of the key requirements and competitive differentiators to consider when selecting and buying Software Asset Management (SAM) tools.
This guide is available in PDF format, subscribe to our newsletter to download it.
I have also included a section on the trends that are driving interest in SAM and some general implementation advice – since this should be integral to your selection choices.
This is version 3 of our SAM tool buyer’s guide. This version combines the advice from the previous six years and updates it with current technology trends.
See the previous versions below:
- https://marketplace.itassetmanagement.net/2011/05/05/sam-tool-checklistv2/ (2011)
- https://marketplace.itassetmanagement.net/2009/05/14/article-new-sam-tool-checklist/ (2009)
This guide is intended as a reference guide to prompt you with things to think about when building your selection criteria. Not all points will be applicable to your SAM selection project so you can pick and choose to meet your requirements.
If you have any comments or you think I’ve missed anything please give me a shout.
Seven Key Ingredients for Successful SAM
Before we begin, I think it is useful to highlight what you need above and beyond a SAM tool to implement a successful and lasting SAM practice within your organisation. Below are what we consider to be seven basic ingredients required for SAM. As you can see, some of these elements go far beyond technology, but are something you should be aware of when selecting tools:
- Authority – Do we have someone in the business that buys into SAM as a practice at a high level, ‘gets it’ and has sufficient impetus to get things done and make changes?
- Internal resource – Do we have resource internally to own and manage our entire SAM practice (and the Tools, Process, People, Partners involved)? Even if you outsource your entire SAM function to a specialist or service provider, you’ll still need internal resource to manage that partner.
- Good trustworthy data – Where is our inventory data coming from? Will the SAM tool provide this or will it come from other sources? How will we verify it is accurate? If you have a $500 application on each of your 5,000 desktops and your inventory is only 70% accurate, that’s a $750,000 potential risk.
- Good trustworthy license records – where will new and historical license records come from? How will we update them as new software is purchased? How will we verify they are accurate? How do we know we won’t be embarrassed with inaccurate records if a software publisher comes knocking for an audit?
- Reconciliation process – Once upon a time SAM involved matching your five licenses against your five machines. Nowadays complex license programs with sophisticated product use rights or measurement mechanisms means most of the large software publishers in your environment will need a unique reconciliation process collecting many data points above and beyond your SAM tool capabilities. The reconciliation process will also be dependent on a broad team of stakeholders within the business to collect the right data.
- Licensing savvy – I believe it is unrealistic for an experienced SAM professional to have expert current knowledge about every single license program in their estate. Which experts, internally and externally, can we lean upon to ensure we have sufficient knowledge to manage our license programs and make informed decisions?
- Executive group to oversee change – SAM is not a point in time project but should be an on going continual service improvement process. It needs an executive group that will sign off on the SAM business plan, set realistic scope, monitor progress over time and have sufficient oomph within the business to make things happen.
How can the SAM tool you select help you with these ingredients?
Business Demands and Trends Driving Interest in SAM
It is important to consider the trends that are driving interest in SAM, since the tool you select needs to be able to cope with these pressures. A good SAM tool manufacturer will anticipate trends in the market and steer its product development roadmap accordingly.
Interest in SAM is being driven by four key industry trends:
Common Implementation Failures
Finally, be aware of the three biggest failures we witness when organisations attempt to implement SAM. Again, your SAM tool, implementation partner and extended SAM ecosystem should help you manage these issues.
The ITAM Review SAM Tool Assessment Model
Bearing in mind what we’ve just discussed in terms of SAM implementation; what can modern SAM tools do to help us?
Our assessment model for SAM tools is split into six major categories as follows:
- Visibility
- Identification
- Risk
- Efficiency
- Agility
- CSI
The diagram below provides a high level summary of the six major areas. The traffic light colour coding on the right hand side of each box refers to our opinion of current industry maturity in each area.
- Green –Good, most tools are addressing this area well
- Amber – Room for Improvement – most tools could do better in this area
- Red – Weak – most tools are lacking key functionality in this area
Assessment Model Weightings
We have applied a weighting for each functional area to highlight the relative importance of each area. As mentioned before, consider this a starting point which can be adjusted based on your individual preferences and requirements.
1. Visibility
- Industry Score: Amber (Good inventory and discovery tools exist in the market, very few of them put enough importance on verifying the accuracy of data. Cloud and mobile discovery and risk analysis is emerging).
- Weighting: 20%
- Key competencies in this area: Audit assets, collect inventory, discover devices that have not been audited, verify the accuracy of inventory to build trustworthy inventory.
Questions to ask prospective SAM tools:
- What features does your product include to help clients maintain an accurate and up to date view of their IT assets? See – Total Number of IT Assets – the most basic of metrics
- How can your clients tell if they are getting adequate coverage and regular auditing of their estate? What operating coverage is available? What types of devices?
- How do I communicate with assets? With Agents, Agentless? Zero Footprint? See also Agent vs Agentless
- How can a client identify duplicates, retired machines or machines that have gone missing? There is nothing worse than a bloated out of date database which nobody trusts
- How can clients tell when new machines are added to the environment? Your team adds 50 new devices for new starters – how do they appear in terms of SAM, you need an accurate view of current assets in case the new starter business process slips.
- What is the process for discovering new machines / platforms on the network? How do I classify and manage them? This might not appear very important when looking at a demo with 50 machines – but how do I manage 5000 dynamic machines in a real environment?
Does your technology track and manage the existence and usage of virtual platforms, virtual operating systems or web based applications? Can the tool tell a) Where the VMs are and b) how they relate to users, locations and physical machines. See also Licensing in Virtual Environments – Six Steps to Containing Costs and Managing Virtual License Boundaries.
2. Identification
- Industry Score: Green (Recognising assets, assigning them to product families and suites, comparing technical data with procurement artefacts and identifying licensable status is a core competence for most modern SAM tools)
- Weighting: 25%
- Key competencies in this area: Recognise software titles from raw technical data, identify the product use rights for each software title, manage entitlement statements from software publishers and integrate with procurement systems. Manage complex license types and bespoke negotiated clauses.
Questions to ask prospective SAM tools:
- Describe how your technology recognises software (Header Information = Weak, Add / Remove Programs = Weak, Software Recognition Database = Better – but test it’s accuracy) See also – Software Recognition – What’s the big deal? Does your software identify whether an application installed requires a license?
- How does your technology allow users to prioritise risk and sort software? In intellectual property terms Winzip is equal to Oracle. When looking how much you spend on each vendor each year you need to be a little bit more pragmatic. How do I filter out the noise? See – What License Managers can Learn from the Railways
- How is the usage of applications managed within your technology? Is it actual usage or just open? How are applications linked to devices and/or platforms?
- Does your technology supplement software discovered with any additional intelligence? (SKU, Price, Category, Risk etc.)
- What features are included to automate the recognition process whilst maintaining accuracy? Does it learn? Does it offer recognition suggestions? Does it offer guidance on what needs recognising?
- How does a client reconcile their entitlements against discovered software?
- What features are included to automate the reconciliation process? (if I have 20,000 users do I have to manually link up each license?)
- How are different license types usage rights managed within the reconciliation process? Think about your license agreements in place – per user, per processor, per core, per use, per year etc.
- Product Use Rights – Does your technology provide license intelligence based on what is discovered? If I find an application installed does it suggest how that application might be licensed and how I can use it? E.g. I found an application, it is usually licensed per named user, that named user can also use it on a mobile device as well as their main machine.
- How and where is documentation and / or meta data associated with licensing stored?
- How does your technology handle Global Agreements, Local Agreements and Nested or Parent / Child Agreements or other contracts with dependencies?
3. Risk
- Industry Score: Green (Compliance statements are the meat and potatoes of most SAM tools. More sophisticated tools will prioritise risk and suggest remedial action)
- Weighting: 25%
- Key competencies in this area: Management reporting on compliance risk. Prioritising risks to the business. Suggesting remedial action or most pressing issues to address.
Questions to ask prospective SAM tools:
- What intelligence is provided to clients to assess their compliance position, negotiate contracts and remove risk?
- How does your technology cater for multiple user types, roles and responsibilities? Your multi-million dollar compliance position or contract negotiation is not necessarily something you want shared with the whole company.
- How does your technology support the optimal usage of software and minimise the risk of non-compliance across multiple cost centres? Is there an internal costing view and external auditor view? Can I auto allocate licenses automatically according to rules?
- Can clients be alerted or sent scheduled reports?
- What information and support is provided to customers to build their compliance position and maintain it on an on-going basis?
4. Efficiency
- Industry Score: Amber (Software usage is common among those SAM that offer inventory but software efficiency is under utilised. There is significant further opportunity for organising to optimise.)
- Weighting: 15%
- Key competencies in this area: Reporting on what applications are not being used, initiating work flows to remove software based on usage, identifying suite or functional overlap, suggesting cheaper alternatives, helping customers make smarter decisions on maintenance or subscription renewals, benchmarking spend against peers.
Questions to ask prospective SAM tools:
- How does your offering monitor the usage of applications or work with systems that track usage?
- What does your solution offer to support the removal of unused software?
- What intelligence does your offering provide to highlight inappropriate product suite usage e.g. customer has professional edition installed but based on usage analytics standard edition would suffice
- What intelligence does your offering provide to help customers consolidate their software portfolio and remove redundant or duplicate applications? E.g. Removing expensive PDF creators when they are built into other tools, or if a client has 15 different image editing applications – helping them consolidate.
- How does your technology support maintenance renewals, contract negotiations or ensuring I’m getting best value from subscriptions?
- What information does your offering provide to assess if I have architected my environment in the optimal way to ensure the most efficient spend whilst meeting my technology goals? i.e. could my architecture be changed to reduce spend whilst meeting license terms?
- What information does your solution provide to allow me to benchmark spend and negotiated terms against my industry peers?
5. Agility
- Industry Score: Amber (Traditionally SAM has been based on reacting to change, there is great opportunity for tools to help with anticipating and helping the business navigate change with SAM data before decisions are made)
- Weighting: 10%
- Key competencies in this area: Service request automation, approved software catalogues, automated approval and removal processes, change management integration and awareness, ITSM lifecycle integrations, Asset register, management of full lifecycle, scenario modelling, advanced reporting, internal markets, charge back / show back features.
To be agile, we need to shift from SAM being a reactive process (counting up the mess after it has happened, performing true-ups) to be Proactive. We need to stand shoulder-to-shoulder with the architects and project managers making technology choices to support them and help the business make smarter decisions.
The table below highlights the six most likely sources of change within your IT environment. By embracing and working with these sources of change, we can help the business make quicker and smarter decisions.
ITAM can be an enabler and source of business intelligence – addressing change at a strategic level rather than in a reactive fire-fighting capacity.
The diagram below shows a typical cradle-to-grave lifecycle of an asset and where the opportunities exist for providing more agile SAM and integrating with ITSM.
What does your prospective SAM tool bring to the table to help with these integration opportunities?
Questions to ask prospective SAM tools:
- How does your offering support the architectural decision-making process and deployment of new projects? (Scenario modelling, what-if analysis)
- Does your offering provide a service catalogue, automated approvals process or online shopping cart facility?
- Does your offering integrate or compliment service desk or ITSM offerings? (Especially change management and incidents involving software changes)
- How does your solution integrate with joiner, mover and leaver process within my organisation? How does it track the live status of users and customers of IT within the system?
- How does the solution track the lifecycle of assets through the whole lifecycle (hardware and software) from request to retirement, destruction or removal?
6. Continual Service Improvement (CSI)
- Industry Score: Red (Missing from the majority of SAM tools, lots of scope for improvement in this area)
- Weighting: 5%
- Key competencies in this area: Monitoring process performance and governance, root cause analysis, business plan performance, KPI dashboards and management reporting.
Your SAM tool should help you on a maturity journey: providing good data and showing the risks, helping you satisfy then maintain compliance, cut unnecessary costs, improve efficiencies and ultimately provide agility through quicker and smarter decisions. This is a long road and requires a gradual continual service improvement approach – what does your SAM tool bring to the table to support this CSI process?
Questions to ask prospective SAM tools:
- How does your solution provide exception reporting?
- What features does your solution provide to support customers monitor their performance against the SAM plan?
- How do customers develop and monitor performance against key performance indicators?
- What intelligence is provided to help customers identify root causes underlying compliance issues (if compliance reporting and exception reporting is incident management, what does the SAM tool provide to help with problem management – identifying root causes)
- What intelligence does your SAM tool provide to highlight your current SAM maturity and make progress?
- How can customers tell if their SAM processes are working and whether leaks are occurring?
Summary
In summary, we recommend that you consider the following feature areas when building your selection criteria and short list for SAM tools.
Let me know what you think, is there anything missing?
If you have any comments or you think I’ve missed anything please comment below.
Related articles:
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
Great article with a lot of detail.
From my experience implementing solutions the first point on Authority is probably the most important. You are going to encounter challenges trying to implement your SAM programme as it spans the entire business so having senior sponsor is a critical success factor.
The point about “boiling the sea” is also a good one. I suggest you creating a schedule and a list of products for on-boarding. The list might be prioritised by:
* vendors
* spend
* urgency (audit, true-up, vendor year, etc)
* capability of existing tool
* other business factor
As you on-board each product you maintain it and add more over time.
Hi Martin,
Excellent guide, thank you! I think you also touched the importance of internal resources, and especially in a bigger and more complex environments it certainly is essential to ensure that the processes and related roles are also properly planned and implemented.
A few years back I managed a SAM project in an organization in which we had (if I remember correctly) easily more than 1000 different software titles, and even several hundreds of sofware manufacturers in the database. For me perhaps the biggest success factor was to define a Software Owner role and to assign an owner to each software title. Otherwise it would have been impossible for the small SAM team to understand the purpose, usage, and licensing of every piece of software in order to be able to manage them properly.
Also, perhaps one additional thing for a buyer to consider is how fast and easy it is to implement the tool. Do their admins need to go through exhaustive training courses, how many man days of consultancy work will be required, how much maintenance work is needed etc. This probaly should be quite generic consideration when buying any such tool, but also still quite often appears to be neglected.
Regards,
Simo
Great question from Jon Hall here:
https://twitter.com/JonHall_/status/572410070668980225
Q. What happens if I want to use my own existing inventory sources?
A. Sure, thats common. Then you want your SAM tool to verify the accuracy of incoming data sources. If you are using SCCM, Altiris, whatever – the SAM tool should highlight how accurate it is and help address gaps.
Thanks Piaras and Simo – great additions.
Where is the link to the pdf please, as I am unable to find it?
Hi Ken, you need to sign up to the newsletter to be able to access the PDF. Or do you mean once you’re there you are unable to find it?
Rebecca
I had already signed up to the newsletter. Do I have to sign up again, and each time something like this appears?
Regards
Hi Ken, I have sent you an email so that you can access the downloads. Rebecca
Hi
Can you send me that email so that I can access the downloads as well please.
SteveB
Great article, thanks for pinging me the link Martin.
utilizing the magic quadrant (emerging, strategic, tactical, legacy) along with talking to your architects to determine the IT strategy can help a lot in determining your priority list.
Another thing to consider is complexity of the vendor or product set in use, if the metric are complex and difficult to measure and determine then you have to ask why the vendor has made it that way. Is it to make compliance difficult and drive revenue through audit?
The CCL is there to address that factor I suppose.
Can you please send me the link for the PDF version. I already subscribe to the newsletter. Thanks!
Very frustrating to see that the only way to get the article is re-subscribe to the newsletter and when I did, I didn’t get any link.
Google “ITAM Review Buyers Guide” and you’ll find it.