Software Asset Management (SAM) has always been one of the lesser-adopted processes within ITSM, which is odd considering it can potentially save an organisation thousands of pounds at the same time as helping them avoid costly legal entanglement with software vendors.
With hard times behind us and potentially even tougher times ahead, many organisations are trying to gain better control of their asset base.
SAM never really made it into the core ITIL setting, being side lined in its own book rather than part of the big five of the Service Lifecycle. It’s a very useful book and one I would urge anyone playing in this area to go and read, or even attend the formal training and certification available.
Here at Pink Elephant we are helping, on average, a client a month to start their journey in getting the rewards that formalising their SAM processes can bring, so I thought I’d share some tips on how to start your asset management program.
First let’s establish what exactly is SAM? The book answer is that it’s “all of the processes and controls necessary for the good corporate management of software assets”. The real answer is the ability to ask and answer these questions at any time:
- What software is installed in our environment?
- What software is supposed to be installed in our environment?
- Who is using my software?
- Are they supposed to be using my software?
- How are they using my software?
- How much are they using my software?
These seemingly simple questions are very difficult to answer.
At the start of the journey most organisations make the mistake of trying to do everything at once. They think the default state is to manage every single software vendor and every single application. That’s not the default state, that’s the divine act of a benevolent deity!
Take a step back, a deep breath and do the following:
Remember your Frederick the Great. “He who defends everything defends nothing!”
There are simply too many applications for the average organisation to bring under control all in one go. Target your efforts, pick the top 5 software vendors that you have spent the most with and that is your starting scope. For each vendor, define what applications they have that your organisation uses. What counts as a licence for those applications? You now know what you’re hunting as you need to ensure that those licence entitlements are captured, documented and controlled.
Now set your scope for SAM, is it just servers? User devices and servers? Apple only? Microsoft Only? Make sure you have an agreed scope of what you have to control worked out and agreed.
Now you know what you’re trying to protect.
What are the rules for your organisation? What will you decide to do if underused software is discovered on someone’s PC? Subject to licence terms and conditions, can it be removed and placed into a central pot for redeployment? But what happens if you remove software from one department but wish to deploy it to another? Is cross charging required? How long does software have to be inactive before it can be reclaimed?
Now you know what the rules are on the things your trying to protect you can turn your attention to how those rules are to be enforced.
How does software get in, move about, and get out of your organisation?
Knowing how software is ordered, purchased, processed on arrival, installed, moved, removed and retired, allows you to understand where to place your controlling processes. Go and investigate so you know how your organisation handles these critical activities.
Now you know what the controls are available to you to make sure your rules are followed on the assets you’re trying to protect.
Don’t forget this is on the scope you agreed, so make sure if your scope covers desktops, laptops, iPads and servers your toolset(s) can see all of those items.
According to pure ITIL there are 9 separate abilities that a SAM toolset should offer your organisation. Of those nine, 3 are utterly critical and you need to see what abilities you have in place.
- Software discovery – What tools do you have that can discover Software?
- Software Usage – Do you have a toolset than can tell not only if a software application is present, but if its actually in use. One client I worked with had over 500 installations of MS Project, but only 75 were actually in use. A significant difference.
- Software Licence Management – This area is critical. You need a toolset that can match licence entitlement, to license installations, to actual licence usage.
Now you know what automated capabilities you have in place to help you.
Once you have those 4 areas assessed you will have the basis on how to implement sustainable Software Asset Management. Now you can make some real plans to address the gaps and move forward.
By Peter Hubbard.