Software asset management (SAM) is the capability, and a set of processes, that enables IT departments to better manage their software assets at an enterprise level. It’s part of the wider need for IT asset management (ITAM) and is also a key part of corporate governance activities.
Done well, SAM will save your organization money, reduce waste, and support governance, risk, and compliance (GRC) need. If you want to find out more about adopting SAM capabilities, then this blog will help – by it offering up ten best practices for effective SAM.
In this article, we will share the best practices in SAM that will definitely save your pennies.
Best practices in software asset management
Know what you want (from SAM)
Before you do anything, know what you want to get out of your SAM practice. What is your primary mission? Is it to make sure that you have enough software licenses? To save money? To get a better handle on software vendor audits? If you’re not sure then ask! You might find that the need is all of these things and more.
Unfortunately, many SAM practices run into trouble because their scope is too nebulous, there’s no clear objective or people are confused about what’s needed and the relative priorities of different SAM activities. So, talk to business stakeholders and agree on a plan together. This way everyone knows what the key objectives of SAM for your organization are and how to prioritize them.
Learn from the past
To understand where to start or what to focus on, review past SAM activities or earlier attempts at IT asset management. Things to look at include past software vendor audits, any existing asset databases, and IT service desk records. By understanding what has caused software-related pain in the past – extra work before external audits, overspending to make up for missing licenses, or outdated contact information – you’ll be able to create a roadmap that will help you to generate value where it’s needed most.
Add structure with a SAM policy
SAM is an IT management practice that does well when underpinned with a clear policy – such that there’s no room for confusion. Every organization will have different requirements but things that should be covered in a Software Asset Management policy include:
- Introduction and purpose – why is software asset management important and how does it support your organization?
- Scope – Which services are covered?
- Compliance areas – the regulatory or legal requirements that the process needs to support
- Agreed operational processes – such as how to request software via the IT service desk and its request management practices
- Installation guidelines for technicians – so that IT colleagues are aware of best practices and can install software, that’s appropriately licensed, from a central media library
- Software maintenance – covering how software is updated and patched in line with any licensing terms and conditions
- Guidance – for example for software that’s no longer in use and for unused or reallocated licenses
- Resources – where to go for help and further information.
Start where you’re needed most
A “guiding principle” in the new ITIL 4 service management guidance is the concept of “start where you are.” To my mind, it’s a way of putting aside things that haven’t gone so well in the past and focusing on how to make things better. When it comes to SAM, we’d tweak it slightly “to start where you’re needed the most” and, in the case of SAM, it’s the area with the biggest potential exposure. This is making sure that you’re appropriately licensed for the major software players such as Microsoft, Micro Focus, Adobe, and Oracle.
Stay in control
Software installation is a major point of control for your SAM activities so it’s important to make sure that only licensed and patched software is installed on corporate devices. To this end, it’s generally safer to lock down access to company devices to prevent end users from accidentally installing inappropriate or unlicensed software.
If locking down environments causes pain, then work with your business colleagues to identify a list of applications that can be whitelisted such that they can be installed without IT intervention so long as they’re supported by the appropriate licensing agreements.
Remember the software lifecycle
Many SAM processes can fail to add value by forgetting about assets once they’ve been purchased and installed. Just because an asset is in active use, it doesn’t mean that you can forget about it. It still needs to be managed, maintained, and retired in a controlled manner when it’s no longer needed. So factor these steps into your SAM process.
Also, when planning the types of assets used to build services, negotiate contracts with your suppliers to consider maintenance activities and what happens with an asset or its license when it’s no longer needed.
Have one source of SAM truth
Many organizations start their SAM journey by having each support team capture information about what they support in the absence of a formal SAM tool or strategy. At a certain point, you’ll need to look at having one central place for storing asset data because, otherwise, you’ll have asset information stored across a range of spreadsheets, SharePoint sites, network drives, and so on. Agree to have one central database for asset information and ideally something that can be integrated into any existing IT service management (ITSM) or service desk tools so that you can link SAM data to incident tickets.
Trust but verify
Every process is fallible. People can make mistakes, records can be duplicated, and things can be misplaced or even mislabeled. So, have a process of regular spot checks such that you can ensure that what you have in your SAM tool matches what you’ve installed in the real world.
In addition to manual inventory checks, use automation where possible to scan your network and track assets, and build in workflows to update records when an asset changes status.
Manage the cloud
When many people think of SAM and license management, they think of managing software on physical items such as laptops and servers. However, it’s important to remember that non-physical items like virtualized and cloud-based resources count in terms of licensed software as well.
So, when designing your SAM practice, have a workflow for managing virtual assets such that they can be tracked and managed and make sure you’ve made the appropriate provisions for cloud or SaaS-based licensing structures.
Be proactive with suppliers and partners
For effective SAM, it’s important to build and maintain strong relationships with your software vendors and partners. If you have regular service reviews, you’ll be less likely to be under or over-licensed. Also, have a timetable of renewals and audit schedules so you know when to start planning for renewal negotiations and audit activities.