In this article, Craig Bumby, Business Development Manager for Professional SAM Products & Services, Business Continuity Services Ltd, looks at the issues businesses are facing to ensure that they remain compliant with their software licences. He talks about key considerations required to achieve a trustworthy Software Asset Management (SAM) position.
 
Get SAM Smart
 
Perhaps the above title stirs up memories of spoof spy films, and for those of you whose memories of such films have been fondly stirred, I apologise as I now bring you back to reality.  Getting SAM Smart is about understanding some of the key considerations required to achieve a trustworthy Software Asset Management, (SAM), position. So, why would you want to “Get SAM Smart”, how do you do it and what are the benefits?   First let’s tell you why you need to!
 
Commercial software applications are now the lifeblood of every organisation, without them we would probably have to go back to using the tally stick.  Unfortunately, those very same commercial software applications come with rules that can cover a multitude of functions.   How it is installed, who has access rights, what hardware it can or cannot be run on and how many have usage rights, to name but a few. Get any of them wrong and your organisation will be open to audit by the software authors with the probability that additional costs or fines will follow.
 
How do you become SAM Smart?  Contrary to what most organisations think, becoming SAM Smart is not about paying out thousands of pounds on an all singing all dancing tool or product that supposedly does everything for you. Rather it’s about looking to establish and prove the capability of the key processes that define a true SAM solution.  Get the processes right and the rest will logically drop into place leaving you in a position to maintain and manage your newly achieved state of compliance.  Along the way you might want to consider using a pre-defined tool to help you record, manage and report on the relevant data and necessary associations that help you prove that compliant state.
 
So, what are the key steps you should take?  Let’s simplify these.
 
“Don’t Start in the Middle”
Ok, I did say simplify didn’t I?  Well if you entered a 100 meter race and started from the 10 meter line and broke the tape first, you might think you had won but as we all know, you would be wrong.  Well it’s surprising how many organisations have hugely expensive SAM tools that provide chapter and verse on what software applications they have, but did they start from the right position?  Many would not be able to prove that.  It’s not just a case of establishing how many you have and where they are, it’s about being able to prove when you bought them and what usage rights came with those applications; something that catches out many organisations, especially those that take advantage of multi-user licence options. Mistakes will be made.  That sort of situation brings me onto the next key step.
 
“Buy Right Rather than Buy More”
Can you be sure you did that and more to the point, how do you prove it?  Volume purchases of software were at one time simple.  You had a 1,000 PC’s and you wanted a spreadsheet, you went out and bought 1,000 boxed copies.  Physical proof, you can’t beat it.  But we moved on since then and that’s where it gets complicated! Ask any senior systems manager just how many active devices they have on a network and they will tell you, but if they are honest, they will always struggle to be precise because of that word “active”.  This can often lead to over compensating your needs, a real problem when you are trying not to over-spend on your software licences. Get the benefit and best return from what you already have!
 
“See through the Cloud”
This is one that is likely to get even more complicated as more and more organisations are persuaded to put their software assets in the hands of another organisation, the cloud!  Doesn’t matter what you call it, if the terms and conditions of that software application do not cover the way that it will now be used, you could be in trouble.  When is it yours, when is it theirs?  Is it hosted, is it loaned or is it just the data that lives elsewhere?  A cloud by nature is not easy to see through, ask any pilot.  You need to fully appreciate what you can and can’t do with your existing and future software applications and given the complexity of some volume licensing agreements, that isn’t easy.
 
“To CAL or Not To CAL”
You cannot adopt an “as you like it” attitude when working with server software that relies on client access licensing controls.  Did I say controls?  Perhaps I meant “insinuated controls”, as most server applications will probably not have any user access lock-out facilities. The truth is, each software author will probably have their own interpretation of how you should manage access or more to the point, pay for that access.  Getting it wrong and being found out can be a very costly experience and bearing in mind that the all singing all dancing tools cannot possibly cover all possibilities, using qualified and proven knowledge maybe your best call.
 
“Don’t Just Do It, Do It Better”
Since the late 1980’s, we have seen every type of software licensing opportunity imaginable. Now that those software applications installed on a user device cost more than the device itself, more care needs to be taken of those assets.   That’s not a hint to go out and buy a suite of SAM programs that will supposedly do it all for you but it is a cue to establish the processes needed to know what you have, where it is, how you can use it on what device and for what purpose.  Take a step back, use a simpler approach and if in doubt, consult the experts as it very likely that they will be able to save you money as well as make sure you have the capability to make the most of your now tried and tested SAM processes. 
 
Over the coming months BCS is releasing a series of “Get SAM Smart” tips, all of which stem from our great practical experience in the field. These tips and simple ideas will get you thinking SAM Smart, so that you can avoid facing embarrassing and potentially costly audits. Thinking SAM Smart is just the start, becoming SAM Smart is the objective, so if you would like to receive these directly, please contact us at [email protected]