Software Asset Management (SAM)

Management of software licenses as asset of the enterprise

The term Software Asset Management (SAM) is management of software licenses as an asset of the enterprise appeared not suddenly and not now. It is considered that the first more or less complete approach to intangible asset management of the company (in this case the software) was given in the ITIL library which left in 1996 by request of the British government. Ten years later, thanks to efforts of the largest vendors, other interested persons and the organizations, already international standard ISO/IEC 19770 "SoftwareAssetManagement" (SAM) was accepted.

According to analytical researches, the SAM technology is capable to provide economy to 30% of the budget for software in the first year of application. In the years ahead it is possible to reduce costs for 5-10% and that is not less significant, to achieve maximum efficiency of operation of software for core business of the company. Data source: "IT Asset Management: Moving to Higher Ground", Frances O'Brien, Gartner ITAM Conference, 2003.

Implementation and permanent use of SAM brings to the company the following benefits:

• Effective management of resources. SAM is including financial optimization. You control IT – the budget;
• Effective use of software. At excess licensing you sustain notable financial losses;
• Effective security. A clear idea of placement of the software allows to reveal weak points in ensuring your information security;
• Observance of requirements to IT infrastructure. Uniform standards to filling of jobs the software considerably reduce cost of support of all infrastructure;
• License purity. You bear substantial legal and financial risks in case of checks of owners and law enforcement agencies;
• Business continuity risk management. Any legal risks involve idle times of your business processes.

The SAM components are:

• Accounting procedures of licenses, software and its use;
• accounting and updating of documents of title (such as accounting documents, license agreements and agreements, certificates, certificates, etc.);
• regulations of purchase and prolongation of software;
• policy of commissioning and output from it;
• operation of software;
• optimization of use of software (structure, quantity and terms).

High-quality management of software expands opportunities for strategic planning of infrastructure; prevents excess licensing and reveals excesses of the equipment; allows to try to obtain significant savings not only on direct expenses on software, but also on the accompanying processes and costs for infrastructure; reduces costs on administration; allows to obtain exact information on a current status of the used software; minimizes legal risks, allows to be sure of effective use of the available software products, and, to have as a result steadier, more predictable, and, therefore, and more profitable business.

Manage the software – means well to know in each timepoint what programs and software licenses are used in the organization. Management includes regular inventory of licenses and the used programs, introduction of standards of use of software, the centralized purchases and many other things.

Management of program assets is an operational discipline. It, as well as at business activity, has certain results. If results of business are products or services, then results of SAM are services. SAM provides distribution and software installation on computers, management of its use, removal of software when it stops being necessary. Thus, SAM creates the service infrastructure supporting all lifecycle of software for business.

Very often SAM is identified with accomplishment of regulatory regulations concerning licenses softwares. It is incorrect. As any operating activities, SAM surely include risk management functions, including ensuring compliance, however it cannot be reduced only to ensuring compliance of licenses to regulatory requirements. There are other types of compliance, for example to corporate policies of usage of the software. If in your company of all employees oblige to use to joint work only Lotus Notes, then within SAM accomplishment of this policy should be checked — in workplaces products of Microsoft or an open code system cannot appear.

Purposes of uniform policy of management of licenses

• Increase efficiency and keep up to date In the organizations where the software was purchased haphazardly and uncontrolledly, different versions of the same programs and different software platforms often coexist. It conducts to compatibility issues of file formats, idle times and a waste of time on accomplishment of routine transactions are a consequence of what. So, if accounting of the company got used to work with a packet of Microsoft Office 97, and the staff of marketing department provides it data in the XP Microsoft Office format, then their use by accounting will require additional converting.
• Management of licenses will allow to achieve introduction of uniform standards on the used software in all organization, will give the chance to support high technology level that will help to achieve the objects set for the organization and not to lag behind competitors.
• Optimize and plan expenses on development of an information system and also prove need of investments Smart management by licenses will help to understand what programs are necessary to the organization and what — are not present, to understand what program of licensing is most effective for this organization. Besides, it allows to use the programs of corporate licensing giving discounts and an opportunity of payment by installments of payments for wholesale purchases of licenses.
• Having beforehand taken care of management of licenses, it is possible to calculate what return of investments into the software. This analysis will allow to define in what divisions updating old or transition on new is necessary for software and to plan future investments.
• Make business steadier due to risk reduction

Project Task: provide continuous control of licenses having implemented process of management of program assets and means of its automation, to modify the existing processes for providing necessary information.

Development of the SAM standards

2012: Gartner Predicts

According to a series of reports of Gartner Predicts 2012, optimization of cost of IT services remains extremely relevant for most of Chief information officers. Having seen effect of anti-recessionary optimization of IT budgets, the management of the companies does not wish to stop efforts in this direction. But certainly, business is also not ready to offer quality of the provided services. On the contrary, to IT departments constantly raise a level.

Analysts note that such state of affairs which is expressed in the known formula more value for less spend will lead to the next round of attention to a problem of management of IT assets. If with "iron" many companies managed to deal, then with management of program assets (software asset management, SAM) provision often differs from a situation of two-three-year prescription little. In optimization of license cost and model of acquisition of software and also the cost reduction connected with audit and risks in Gartner see the most perspective direction of further development.

The importance of methodology of SAM was recognized also in IDC, having selected the corresponding products in the separate market and having begun its monitoring. According to estimates of the company, the world market of management tools program assets in 2011 reached 3.5 billion dollars.

In general the situation looks as follows: more or less optimum software is used only in half of the companies. All other either will underuse it, or use is excessive, violating license agreements.

2008

In 2008 the Microsoft corporation as the world's largest software developer, developed the ideas put in ISO/IEC 19770 and offered own model of a maturity of IT infrastructure - Infrastructure Optimization Model (Microsoft IOM).

Level of a maturity has invaluable practical value and characterizes an IT infrastructure status, its development and efficiency. For assessment of level of a maturity there are special questionnaires, recommendations about transition from one level to another are developed. At the same time it is simple to create also an economic case since for each of levels of a maturity financial characteristics are calculated: total cost of ownership (TCO) and others. Recently Microsoft IOM includes also the field of management of program assets – SAM Optimization Model (SOM).

2006: ISO 19770-1

In 2006 ISO 19770-1 describing processes of management of program assets was accepted. It was the first standard in the field of SAM. In the beginning it did not draw great attention, however so far interest in the standard considerably grew, and the community of professionals is interested in its development.

The work on the new version of the standard determining four possible SAM levels in the organization is now completed. All processes described in the initial version of the standard are left without change, but areas of processes, but certain parts of areas are grouped in different levels not just. As a result of the company have an opportunity to select subsets of processes and to receive certification on compliance to the standard only on a certain level.

For example, the first level includes processes which allow to obtain reliable data about what software is in the company and as it is used. It is the first step to creation of effective management of program assets. To reach this level, the company should carry out a certain volume of work and thus ensure accurate and clear advantages.

Intention of the first version of the standard was too grandiose: actually in it all processes of ISO 20000-1 on management of IT services in application to SAM are described. As a result of the organization which wanted to be certified according to this standard, had to correspond to huge number of detailed requirements. The first version of the standard is written as the specification of a product — "yes/no, yes/no, yes/no". It is not quite justified in terms of systems management. Certification on the second version of the standard will give to the company the chance to estimate compliance concerning the set purposes — what it is necessary to reach in general in specific process area, but not rather exact, extremely detailed results. For example, at the first level you should show existence of the processes providing the accuracy and accuracy of the data about used in software company. It is approach of the standard of systems management, but not the standard of the specification of a product. Though if desired the companies will be able to be certified on the different SAM levels and according to the approach accepted in the first version.

Final passage according to the new version of the standard is planned for March 24. But work on the next version is already conducted, the foundation thereby is laid for the general process of reduction of standards of management to a uniform type. Now there are several ISO standards describing management processes in different areas: very popular standard of the systems of quality management of ISO 9001, ISO 14010 on management of the environment, ISO 27000 on information security management, ISO 20000 on management of IT services. All of them in principle describe similar processes, but absolutely differently. And if the company wants to implement the structured approach to management, it should follow in one area to some principles, in another — to slightly others, in the third — the third, etc. It is similar to a madhouse.

To correct a situation, the special committee for creation of a uniform framework under the name Guide 83 to which all standards of management will have to follow was formed. It will mean that the organization which implemented one standard will be able to implement others without need to master new difficult parts of processes and to create special documentation.

The standard of processes of SAM will be rewritten according to Guide 83 too.

Actually ISO 19770 is a standard of management of all IT assets. Though the abbreviation of SAM appears in its name, de facto it covers management of software and all related assets as it is impossible to manage the software in a separation from hardware. In work on this standard the most active participation is accepted by International association of management of IT assets of IAITAM. Another meeting of our working group will take place in October at a conference of association.

Contents and perspectives of parts of this standard

• ISO/IEC 19770-1: SAM Processes — focuses attention on processes of SAM which implementation in the organization is necessary for effective management of program assets. The standard is published on May 9, 2006.
• ISO/IEC 19770-2: SAM Tag — places emphasis on methods of software identification and management of it. Target audience of this part of the standard — software makers, including auditing facilities. The standard is in Final Draft status.

In development and in plans two more parts of the standard:

• ISO/IEC 19770-3: Software Entitlements — concentrates by methods of tracking of the rights to use the software. The standard is in a status of preliminary discussion.
• ISO/IEC 19770-4: SAM Maturity Assessments and Incremental Conformance is an emphasis on valuation methods of a maturity of SAM in the organizations and also certification of the organizations on compliance to the standard.

The process approach on which the SAM ISO/IEC 19770 standard is constructed focuses attention of the enterprise on achievement of effective objectives, the analysis of key performance indicators (KPI) and also on the resources spent for achievement of these purposes.^[1]

After in the name of the standard for the first time there was a word "Management", it became finally clear that the best world practices selected the considered discipline from competence only of IT services and partially connected to the divisions which are responsible for finance, security and law. It in general. And in those vertical markets where there is pressure of regulators, connection happened also to specialists on risk management and to observance of regulations (compliance).

Software Asset Management proved that results of management of such object of intangible assets as the software, can be predicted and measurable. It puts the standard in one row with other process standards which are widely put into practice, for example, of ISO 9000, ISO 20000, ISO 27000, BS 25999, etc. What does it give? Unification of approaches and synergy from sharing that means economy and adding of competitive advantages to business.

What SAM projects happen?

Each business faces own problems and calls therefore Microsoft offers several versions of SAM projects, depending on requirements^[2].

• Status SAM Baseline/assessment. It is developed with the purpose to give to Customers the full-scale detailed overview of a current status of infrastructure of Microsoft, the unrolled software and compliance to its available rights and licenses.
• IT security SAM Cybersecurity/assessment. It is developed with the purpose to provide to Customers the basic analysis of IT security taking into account the unrolled software of Microsoft, its use and the appropriate licensing rights. The analysis will form a basis for high-level assessment of a status of IT security, having provided data on where and what is set the software and what are connected with it risks.
• Implementation SAM Deployment Planning/planning. Pilot implementation of means of inventory and management of program and hardware assets of Microsoft. Development planning of SAM regarding installation processes of the software, measurements of use, inventory and control of assets by means of carrying out a pilot project using System Center, Windows Intune or MAP.
• SAM Cloud Ready/assessment of readiness for use of cloud services. Inspection of IT infrastructure of the Customer regarding readiness for upgrade using cloud computing. There is assessment of the current use of the cloud computing calculated taking into account the purposes and the Customer's tasks including assessment of components and services which it is possible to migrate in Office 365 and Azure.

Stages of implementation of technology of management of licenses

How does the SAM project pass?

Usually the SAM project passes in 4 stages: planning, data collection, data analysis, recommendations

• Planning. Determination of the purposes and project tasks, providing access for collecting and data analysis.
• Data collection. Inventory of program assets, comparison of data of inventory to data on use and licensing rights.
• Data analysis. Processing and assessment of the acquired information, analysis of a maturity of the IT system and selection of the suitable SAM project (Preparation for transition to a cloud, cyber security assessment, etc.). Already at a stage of preparation the purposes and strategies of development for your IT infrastructure will be developed.
• Final presentation. At the final stage of the project the partner represents results of work, the recommendation and further actions, including a set of detailed reports. In more detail about what reports you should receive according to the results of proyektasam, it is stated further in the section "Results of work".

• Collecting of necessary initial information - On the first, in fact a preparatory stage it is necessary to collect information required for implementation of management of licenses in the organization. Information includes such components as: the number of personal computers in the organizations, the number of servers, the used software, responsible for purchase, use and utilization of the software.
• Inventory of software - this stage is result obtaining the complete list of the software products installed on the computers, workstations, servers and other devices used by the organization and its design in a report type. You can carry out inventory manually or automatically, using means of inventory of software.
• Comparison of the installed software products to the available licenses - After the analysis of the used software is performed comparison of licenses and the software. Thus, it is possible to find out whether everything you have licenses, and whether is not present among them superfluous.
• Analysis of strategy and procedures - Rules, procedures and policy of purchases of the software, the rule of distribution of software in the organization, its uses, settings on balance and write-offs should become result of the fourth stage. Besides, in the organization there have to be internal standards on the used software and hardware. The purpose of the fourth stage is development and the description of these rules, procedures and standards.
• Plan development of management of licenses - based on inventory is defined the state of affairs in the field of software of time at the moment, and based on development of strategic approaches in the field of management of software licenses the desirable status which the organization needs to be reached is defined. Now, at the fifth stage, the plan allowing to pass from a status which is in a status which is necessary is developed. It is also the management plan licenses at the enterprise allowing to make the software the asset which is effectively operated by the company.

Process of SAM

• Accompanies software at all stages of its lifecycle
• It is closely connected with other processes of IT
• Is not an internal process of IT as affects accounting, purchases and project office
• The existing processes are touched minimum
• Provides control over the implementation of all necessary procedures

IT infrastructure maturity levels in relation to SOM according to Microsoft

• Basic SAM (basic) is the minimum level of development. Actually processes of management of program assets are absent, inventory of software is performed seldom, licensing of software is executed from time to time. Generally processes are shown as reaction to the arisen problem (check by law enforcement agencies, the requirement of the business partner, a claim from software maker, excessively heavy expenses on software, etc.).
• Standardized SAM (standardized) - in the organization is executed inventory of software, the appropriate software tools are unrolled, software repository is created. Perhaps, it is selected responsible for licensing, some standards and processes of management of program assets are implemented. However SAM does not influence decision making.
• Rationalized SAM (rationalized) is the level at which will be selected active management of program assets, the methodology of SAM is implemented in full. The employee or the department responsible for management of program assets and licensing is appointed. Processes of SAM are integrated with other processes (ITIL, Microsoft Operations Framework - MOF). In the organization there is a development plan for software and it is approved with the development plan for business and all IT infrastructure.
• Dynamic SAM (dynamic) is the highest level of development at which management of program assets is implemented in real time. Software as a part of IT infrastructure, is considered not as an instrument for ensuring of operability of business, and as an asset of the enterprise.

Open source as problem solving of legalization of software

Having passed completely to open source, it is possible to solve at once all problems and not to "confuse" managers with an issue of legalization of software.

This cruel delusion. The Tax Code of the Russian Federation refers similar to software (if a number of steps is not undertaken) to category of gifts from which the corresponding tax which value depends on the cost of proprietary software, similar on functionality, is levied. As they say, ignorance of the law does not exempt from liability.

Additional risk factor in a case with open source is also that one day it can become proprietary. For example, many people around the world with a sinking heart monitor messages from the corporation Oracle which absorbed SUN Microsystems together with its technologies Java mySQL, Solaris, etc. And suddenly someone else will purchase the Web server Apache and PHP for the company …

But, considering the fact that any company cannot pass Basic SAM stage, it makes sense slightly will dwell upon audit as a cornerstone of implementation of this methodology at any level of a maturity.

So, in the company it developed certain IT ifrastruktura. It is required to systematize all general information which belongs to software — the number of computers, servers, structure of network, location of PC territorially (offices, branches, mobile employees). Then it is required to study elements of lifecycle of the software in the organization.

Here enters: acquisition, installation, setup, use, updating, removals, storage of software, etc. At the same time it is crucial to be defined - who personally is responsible for all these processes.

Inventory of software can be carried out in several ways:

• manually by method of creation of the list of the set software and survey of contents of hard drives;
• semi-automatic — using local scanners;
• automatically — having set on all network a software package for collecting and consolidation of up-to-date data

In parallel with inventory of software lawyers and financiers collect the facts confirming the right to use software: certificates, license agreements, boxes, stickers on the body, setup disks, serial numbers in electronic form, laid on, etc.

In a final phase of audit examination and liquidation of discrepancies between actually set software and existence of the rights to its use is carried out. In conclusion it is necessary to develop internal documents and provisions which will regulate all lifecycle of the software in the organization.

Usually, it is the step-by-step instructions registering actions of officials and users in specific situations. For example, what the employee if he needed new software should do? How should it get on balance of the organization? As to treat it in use: installation, use, storage, write-off, etc.

The system of assessment of level of return of the investments enclosed at implementation of SAM

Specialists of department of SAM (Software Asset Management) on the basis of a number of the implemented projects developed the special methodological system of assessment of level of return of the investments enclosed at implementation of SAM. Results of application of a new technique allow to say with confidence that making investments in SAM projects, it is possible to save: so, at implementation of processes of management of program assets, ROI for the company which has 1,000 PCs makes 316.46% in three years.

There is a question: how calculation is carried out?

The technique of assessment of return of investments is based on recognized international metrics, such as Microsoft SAM Optimization Model; Management by objectives (key performance indicators – KPI); CoBiT; ITIL and ISO 19770.

"Calculation of the index of return of investments is the most widely applicable technique for calculation of financial performance now. Within management of IT this calculation allows to make the weighed and investment decisions. Having adapted a method of calculation of ROI for management of program assets, we can state with confidence, SAM is an investment, and bringing a real powerful financial dividend", – Maxim Melsitov, the consultant for business processes of department of SAM of Softline company says.

The wide experience of specialists of department of SAM in project implementation says that this technology has payback of 950% for 3 years at high degree of assessment of legal assets. If to take into account only financial economy, then at implementation of processes of management of ROI of program assets for the company which has 1,000 PCs, makes 316.46% in three years.

You See Also

• The pirated software in Russia (Unlicensed software)
• Stop Online Piracy Act (SOPA, the Act against Internet piracy)
• Licensing of software
• Copyright on the Internet
• Microsoft Software Assurance

• SAM at the heart of everything