Do you want to maintain a healthy distance from pesky publisher audits? Far too often, organizations forget or neglect to properly maintain their licensing agreements and find themselves in a sudden panic due to an unexpected publisher audit. By implementing the below Software Asset Management (SAM) best practices, your organization can mitigate the severity of unsolicited publisher audits.
Know Your Current and Future SAM Risks
If your software portfolio is unhealthy, then you can expect a publisher audit. A few things to keep in mind when determining your state of compliance include:
Mergers and acquisitions – Has your company merged with or acquired another company’s software portfolio? If so, then you need to redefine their software assets under your company name by conducting an extensive internal audit before publishers come knocking on your door demanding their own external audit.
Maintain consistent procurement processes – Software can be acquired so quickly that maintaining proper documentation of all acquired licenses can be a difficult task. Make sure to track all acquired entitlements, such as Original Equipment Manufacturer (OEM) and Fully Packaged Products (FPP) licenses. OEMs come stock on the device you just purchased and are non-transferable, whereas FPPs are sold in a box and have a specific number of licenses you can allocate to devices.
Product Use Rights – PURs outline how a license can be used. Organizations frequently misinterpret PURs by neglecting minor differences such as Standard versus Enterprise editions or neglecting to take advantage of benefits such as Software Assurance and active maintenance.
End of Product/Agreement Lifecycle – Companies operating on Windows Server 2003 need to consider their migration strategy before it reaches end of support in less than 6 months. The added difficulty for maintaining compliance on unsupported software aside, the enormous support costs through a third party alone justify the need for migration. Another example would be Microsoft’s retirement of the Select Plus agreement, which occurs July 2016. An effective SAM practice identifies product and agreement lifecycles that approach end of life, giving you ample time to prepare your next move.
No Two SAM Tools Are the Same
Properly managing your software assets requires specific SAM tools designed to accomplish specific tasks based on your internal problem areas. A Request for Information (RFI) document outlines your asset management requirements which you can then leverage against the specifications of different SAM tool vendors.
SAM tools specialize in different areas: some specialize in risk analysis, some asset inventory, some for usage metering. Some tools try to incorporate all these at once, but fail at specializing in any area sufficiently, ultimately costing you more time and money by not focusing your SAM tool requirements directly towards your asset management needs.
SAM tools, however, are only as good as the processes you put in place. The real heavy lifting comes from back-end resources and SAM knowledge experts tasked with properly interpreting the data retrieved by the tool.
Why Do SAM Projects Fail?
The simple answer is a lack of clear goals, roles, and responsibilities for the program. An in-house SAM project requires inter-departmental commitment and alignment across the organization. Furthermore, setting high expectations and a broad scope without first addressing your immediate needs creates overwhelming complexity.
Some key elements to consider when instituting your own SAM practice include:
- SAM team has the necessary knowledge base and certifications such as CSAM
- Asset management pain points, processes, and IT infrastructure are all aligned so you can choose the appropriate SAM tool to suit your needs
- Sufficient sponsorship and budget allocation from senior management
- An enterprise-wide understanding that SAM enables greater flexibility in its use of software and cloud services
The last point is especially important because many organizations tend to discontinue their SAM practice once their current licensing situation is sorted out, guaranteeing themselves an audit in the near future once their current licenses reach end of life. SAM is about more than getting through the next audit and maintaining compliance; it is about enabling reliable stewardship of corporate resources.