Quick Start Guide to Software Asset Management

• ITIL

January 21, 2020

Software Asset Management is a crucial part of service management with major cost implications but is sadly ignored.

Here at Pink Elephant, we are helping, on average, a client every month to begin formalising their Software Asset Management (SAM) processes with a view to achieving the potential rewards, so I thought I’d share some tips on how to start your asset management program.

With tough times behind us and potentially even tougher times ahead, many organisations are trying to control their asset base. Software Asset Management SAM has always been one of the lesser-adopted processes within ITSM, which is odd considering it can potentially save an organisation millions of pounds at the same time as helping them avoid costly legal entanglement with software vendors.

SAM never really made it into the core ITIL setting being side-lined in its own book rather than part of the big five of the Service Lifecycle. It’s a very useful book and one I would urge anyone playing in this area to go and read, or even attend the formal training and certification available.

Firstly, let’s establish what SAM is. The book answer is that it’s “all of the processes and controls necessary for the good corporate management of software assets”. The real answer is the ability to ask and answer these questions at any time:

• What software is installed in our environment?
• What software is supposed to be installed in our environment?
• Who is using my software?
• Are they supposed to be using my software?
• How are they using my software?
• How much are they using my software?

These seemingly simple questions are very difficult to answer.

At the start of the journey, most organisations make the mistake of trying to do everything at once. They think the default state is to manage every single software vendor and every single application. That’s not the default state, that’s the divine act of a benevolent deity!

Take a step back, a deep breath and do the following:

Your scope

Remember your Frederick the Great.  “He who defends everything defends nothing!”

There are simply too many applications for the average organisation to bring under control all in one go. Target your efforts, pick the top 5 software vendors that you have spent the most with and that is your starting scope.  For each vendor, define what applications they have that your organisation uses.  What counts as a licence for those applications? You now know what you’re hunting as you need to ensure that those licence entitlements are captured, documented and controlled.

Now set your scope for SAM, is it just servers? User devices and servers? Apple only? Microsoft Only? Make sure you have an agreed scope of what you have to control worked out and agreed.

Now you know what you’re trying to protect.

Check your policies

What are the rules for your organisation? What will you decide to do if under used software is discovered on someone’s PC? Subject to licence terms and conditions, can it be removed and placed into a central pot for redeployment? But what happens if you remove software from one department but wish to deploy it to another? Is cross charging required? How long does software have to be inactive before it can be reclaimed?

Now you know what the rules are on the things you’re trying to protect you can turn your attention to how those rules are to be enforced.

Check your processes

How does software get in, move about, and get out of your organisation?

Knowing how software is ordered, purchased, processed on arrival, installed, moved, removed and retired, allows you to understand where to place your controlling processes.  Go and investigate so you know how your organisation handles these critical activities.

Now you know what the controls are available to you to make sure your rules are followed on the assets you’re trying to protect.

Check your tools

Your tools must cover everything you’ve agreed to scope.  So if your scope covers desktops, laptops, iPads and servers, your toolset(s) must see all of those items.

According to pure ITIL, there are ni e separate abilities that a SAM toolset should offer your organisation. Of those nine, three are utterly critical and you need to see what abilities you have in place.

• Software discovery– What tools do you have that can discover software?
• Software Usage– Do you have a toolset that can tell not only if a software application is present, but if it is actually in use. One client I worked with had over 500 installations of MS Project, but only 75 were actually in use – a significant difference.
• Software Licence Management– This area is critical.  You need a toolset that can match licence entitlement, to license installations, to actual licence usage.

Now you know what automated capabilities you have in place to help you.

Once you have those four areas assessed you will have the basis on how to implement sustainable Software Asset Management.  Now you can make some real plans to address the gaps and move forward.

Good luck!

Find out more about Asset Discovery here

Software Asset Management training