Search
Related Links
Good SAM -- Manage Software and Save Money
Well, many companies have illegal or improperly licensed software on corporate IT assets. According to the Business Software Alliance (BSA), about one in four U.S. companies has software installed for which they do not have proper licenses. Their recent study revealed that about 35% of the world's software is pirated. Yikes! The BSA is a watchdog organization that represents most of the major software publishers worldwide. Their mission is to educate the public on "ethical and security risks associated with unlicensed software use" as well as to "investigate" reports of software piracy.
Let's face it; nobody wants the BSA or another watchdog organization, such as the Software Information and Industry Association (SIIA), to knock on their door demanding a software audit. So what can you do now to prevent or reduce the risk of one? The answer is: plenty! Let's run through the basics.
You will need to structure a Software Asset Management (SAM) program for your organization. At first glance, a SAM program seems like a lot of trouble to go through "just in case" the software police decide to show up. Well, my friends, there will be a great many benefits to be found in proper software asset management well beyond that of reducing risk. And that may be just what you need to tell upper management, to get support for your SAM program.
For starters, experts agree that with proper SAM, businesses stand to reduce IT costs by 10-to-30% per year! In addition, SAM is credited with improving help desk efficiency, thus reducing employee downtime. All good things! And, a good SAM program will improve security, regulatory compliance and corporate governance. Wow, that's a lot to be said for keeping your software licensing in order!
Most folks have trouble getting started on a SAM program because staff doesn't understand the complexity of licenses, they have been lax in maintaining proper records for many years, employees have the ability to purchase and install software, and businesses often delay beginning a program because of other IT priorities. "We'll do it next year!"
It is important to obtain senior management support of the program so that everyone in the organization understands that the program is not optional and that support will be required by every member of the staff. Begin by selecting a team from various departments within the organization, including from Human Resources, Purchasing, Accounting, Legal and, of course, IT.
A good place to start is by understanding what software is in use within the organization and by whom. It is extremely helpful to have a tool that is capable of inventorying the computers within the infrastructure. Once the tool is in place, conduct a full inventory of all software on all computers. This will be a job for the IT department, but will require the cooperation of everyone.
Meanwhile, begin assembling all possible records that will help prove the software is legally licensed. The records should include: software license documents, diskettes and CD-ROMs of software, purchase orders, invoices, cancelled checks, etc. Many of these records will be available from IT and from the accounting department; however, you will likely find that many employees have these types of records in their own possession.
Once the inventory is complete and all available records have been assembled, you will need to begin the arduous task of reconciling the two sets of records. I recommend that you use either a database or perhaps a feature of your inventory tool to complete this phase. Please, do not try to use the "spreadsheet" method. Trust me; it will only need to be redone later when you determine the spreadsheet unable to meet your long-term need!
Carefully review the details of each license agreement to determine what your company is entitled to do with the software. Many people assume that when they purchase software they have the right to use it any way they see fit, and they are generally wrong! A typical software license grants limited rights of use and does not convey ownership of the software.
By understanding the limits of use that the license conveys, you will be able to determine when, where and how the program can be used. For example, some software may be free for home computer use, but not free in a corporate environment. Some software licenses may permit installation on a certain number of computers in a training, test or lab environment above and beyond the number of licenses purchased, yet a license for a similar program may not permit this.
Licenses may be issued per user, computer, CPU, site or even for the entire enterprise. A license could even restrict the use to a named user or to a specific hardware device. Without reading and understanding the license agreement one just doesn't know what restrictions and limitations there may be. This can be how a business unknowingly breaks a license agreement. Let me assure you: ignorance is no defense when it comes to software compliance!
Once you (or your purchasing or legal department) clearly understand the limits and restrictions of each and every license discovered, that information should be housed in a database so that it can be matched with installed instances of the software. The physical records should be maintained in a single, secure place. Locked file cabinets or a secure room are the best way to keep the records from "growing legs" in the future.
Many companies find that scanning the licenses and other "proof of ownership documentation" (POD) records and attaching those images to the database is a great way to provide timely access to anyone who might need to review the data. This way, the original paper evidence doesn't need to be accessible to everyone.
What happens next is where it gets sticky; you will undoubtedly discover instances of over- and underlicensing of software. Ouch! First, take a look at the greatest number of installed instances -- are these properly licensed? If yes, move to the next greatest; if not, determine if everyone who has this application really needs it. If not, uninstall the app until you reach your proper license quantity. If everyone who has the software needs it, then, obviously, you will need to purchase additional licenses. When you do, make sure you update your POD database and properly secure the records.
Take on the top ten most installed applications first, as these represent your greatest financial liability. Then, take a look at the ten least installed applications. You will do this for two reasons: the ten fewest installs are likely to be either very expensive applications or security risks such as rogueware, hacker tools, keyloggers, etc. Work your way through the list in the top/bottom, top/bottom approach until you have exhausted the list of discovered applications.
Some companies find that enlisting the support of end users is very helpful, especially at this point in the SAM program. Ask your department managers to analyze the needs of their staff and report what apps are genuinely necessary. In many companies, IT staff will create a PC image of all standard software and distribute it to all employees, when in fact not all employees need every single application on the image. Aha!
It makes sense when you think about it -- does everyone in accounting need a word-processing or database application? Does marketing staff need emulation software? Do executives need the same software as administrative staff? The answers are likely, no. So why would you purchase licenses, pay for support and update licenses that are unneeded? You shouldn't! This is where some of the savings will be found and those savings can add up very quickly.
Once you have reconciled what you have installed with what you have properly licensed, remediate any discrepancies. Now you are in a position to begin proper software license management. That said, you will also need to create corporate software-use policies (I suggest that you actually begin by creating the policies) to ensure that software requisition, acquisition, installation, movement and de-installation is managed by a process.
It will take some effort to change the mindset of staff if software has been acquired willy-nilly for years. They will likely resist a managed process and this is when you will rely on your new software policies to enforce compliance. Uniform support of the policies through all walks of the organization is supremely necessary to the success of the overall SAM program (as well as any compliance effort). If Joe Doe sees that Manager Mark doesn't have to comply, Joe will resist complying as well.
The next phase of maturity for the SAM program is the ability to plan for software license and support renewals. Anyone who negotiates from a position of strength is in a much better spot than one who does not, and knowing exactly what software and how much of it is in use provides a strong position for you! You may find that you do not need to renew as many licenses (nonperpetual licenses) or that you do not need to license support for as many users as you may have previously. All of these savings are a direct result of your successful SAM program.
I realize that this description of a SAM program is necessarily simplistic and there are many other aspects that will need to be addressed in a corporate environment. Sometimes, looking at a simplistic design first helps one get started; the details will fall into place as the project proceeds. Usually the hardest step in any project is getting started. So, remember you must walk before you can run and sometimes that means taking baby steps to begin with! SAM isn't optional, and next year is here!
About the Author
Donna Johnson Edwards is the Director of Consulting for Tenax, Inc. Established in the U.S. in 2002, Tenax provides IT compliance certifications, training and targeted consulting services. For further information on Software Asset Management please visit the Tenax Corporation website at www.tenaxcorporation.com.