1. Ask yourself: “Is this the best way to do this?”
Ok, this might seem obvious to some, but it is something that many of us simply don’t take the time to do, because we’re being pushed by outside elements. While we could make this blanket statement for lliterally doing anything, in the context of SAM (Software Asset Management), we should be asking it for each stage of the software lifecycle.
What is the Software Lifecycle?
You can search the web for this and get a few different definitions from a few sources (for example Microsoft has their own), but according to the ITIL Guide to Software Asset Management it consists of the following:
So, what’s the best way to improve Software Asset Management at your organization? For any/all of those above processes, ask your team “how can we do this better?”
2. Look at what is installed across your network
A simple software inventory can often yield surprising results. Run a report from any existing system you may have to show all installed applications across the network and see how it matches up with your expectations. My recommendation would be to also bring in a separate software asset management/discovery tool, to check against your current data sources, and provide a new perspective on what your liability is in terms of software licensing.
If you’re looking for a separate tool to quickly run this discovery, reach out to us, we have some free software asset management tools/scripts you can quickly run to get a fresh perspective.
3. Request License statements from your vendors
You may or may not have your own documentation for what software your business owns, but often times this can differ greatly from what the actual software publisher believes you own. In an audit scenario, if there are any discrepancies regarding entitlement, the customer (you) is required to provide proof of license. If you are being audited by a software vendor, we can help. For any volume licenses your organization owns, make sure you have as many transaction details as possible, including agreement number and order number. Most of the time, entitlement discrepancies come from “Box” or “OEM” licenses, which require 3 levels of proof to constitute full “proof of license”:
- Proof of possession – this shows that you have the software, and can usually be satisfied with the box the software came in, or the disks used to install the software.
- Proof of Authenticity – Meant to prove that your software is not counterfeit, presenting a “Certificate of Authenticity” would do the trick here, these are usually included in the box with the disks.
- Proof of Purchase – So you’ve already proved that you have the software, and that it’s legitimate, now you need to prove that you paid for it through an approved channel. This would be a receipt or similar from the reseller you originally purchased the software from.
Reconciling your own software entitlement is a fundamental step toward improving your overall Software Asset Management position, and when you’ve done this, I would highly recommend keeping these findings in a central database or resource location so that it can be updated over time and used by anyone who may need it.
4. Don’t give end users the ability to install software on their work machine
This one is a bit controversial, and can be utterly impossible in a BYOD (bring your own device) environment, but the idea here is to reduce risk through control. If you’re able to restrict installation of new applications to privileged users, such as the IT staff, then that keeps your environment simplified down to the standard image. Not only does this keep your network more secure, but you can also be sure that nobody is installing pirated copies of design software on their work machine.
5. Check your servers for applications that don’t belong
In the world of software licensing, the desktop environment is the tip of the iceberg. Where things tend to get very risky, complex, and expensive, is on the server side. There are several examples where an application installed on a server ended up costing a company a great deal more than they realized in an audit. The main thing to keep in mind here is access.
“How many people have access to this server?”
It doesn’t matter if only one user actually logs into the server, if all authenticated users could theoretically interact with that server, directly or indirectly, the software vendor is going to want to license any and all of those users.
Finally, even if it seems like there aren’t any users that have access to a server or application, don’t assume you’re in the clear. If you’re getting a significant amount of business value from an application on a server, chances are the vendor is ready to get their piece of that action. If you look at your server environment and see anything you don’t recognize, ask yourself if you really need it and if not, remove it!
Conclusion
So there you have it: 5 quick and easy wins you and your team can work on to start improving your Software Asset Management process. It’s not brain surgery, and some of these might even seem obvious! Revelations aside, the fact remains that IT teams are squeezed more and more as the landscape changes, and that is where we can help. If you would like to go through any of the above exercises or more in depth SAM help, please reach out to us, we can help.
