Software Asset Management has been with us for well over two decades now. Large companies spend millions of dollars a year on SAM teams, tools and ongoing training. So how is it that fewer than 20 percent of the companies we work with actually have useful deployment data when it comes to a license audit or software contract renegotiation? In my experience, it’s not for lack of trying.
Every company I talk with wants to do a solid job of managing their software (and other) assets, and they also want to follow the publisher’s rules and be compliant. Yet even after years of creating some very powerful SAM toolsets, detailed standards development and implementation efforts, most companies still can’t get a clear picture of their deployments vs. license rights.
There are many reasons. But before we get to that, let’s quickly summarize the typical SAM process.
1) Data collection – reports gathered from software tools and purchase data
2) Data normalization – standardizing disparate tool outputs, naming conventions, versions and data sets collected at different times
3) Compliance check - comparison of deployment data to license entitlements and usage rights
4) License optimization – eliminating “shelf-ware” and purchasing the correct type of license for each use (e.g. Standard edition vs. Professional)
Out of these 4 activities, many companies believe they have the most basic activities (steps 1 and 2) in place because they have purchased a SAM tool. Unfortunately, this couldn’t be farther from the truth… In our work with clients that are renewing enterprise software agreements or preparing for audits, only about 20 percent of them can effectively collect and normalize their data for any given software publisher.
How could that be? As good as modern tools are, they still face challenges like information security and cloud-based infrastructure that make it harder to gain access to the systems needing to be inventoried. SAM tools typically need administrator-level access to the computers and servers they’re inventorying and it’s rare that we find all the data can be collected in the first or even second attempt to scan the environment. Changing passwords, security policies and even network subnets make it next to impossible to keep administrator-level access in place for SAM tools.
Once the data has been collected and appears to be complete, problems often emerge when trying to stitch together data sets from different tools and time periods. Combined with the fact that a single computer can provide over 1,000 software entries, it’s easy for these data sets to grow to millions of rows of data that have to be de-duped, product names rationalized and time periods aligned.
Unfortunately, most companies don’t discover these problems until they’re in the midst of a large renewal, or worse, an audit. While modern SAM tools help with these tasks, we find that they are still very tedious and manually intensive, consuming far more time than organizations expect.
Finally, once you have fairly clean and complete data the real work of checking compliance and optimization can begin. This too is challenging as many publishers’ use rights are extremely complicated and virtually require a PhD in each vendor’s licensing model. Oh, and many of these policies change on a quarterly basis (how’s that for added confusion?). Fortunately, it’s becoming easier to find qualified third-party experts to help validate compliance by comparing deployments against entitlements, and providing deep, vendor-specific licensing expertise.
So, do you think your SAM data is accurate? Much like business continuity and disaster planning, companies must actually collect and review their SAM data on a regular basis. Ideally cross-referencing it with other sources of data like Active Directory entries, physical inventories, employee counts, and even reseller provided purchase data. Only then, can you be sure your data is clean and complete and that you have the foundation for a successful SAM program.