Adopting Standards for SAM
The Rise of Software
One of the longer term trends in IT has been the decreasing
cost of computer hardware while the cost of the enterprise software has been
rising. It stems from the ongoing improvement in hardware, driven by Moore’s
Law, providing us with more and more RAM, processors/cores, and the increasing
clock frequencies driving those processors. Alongside these hardware
improvements we also have the proliferation of virtualization technology which
has enabled physical server consolidation. Software publishers are providing
ever more complex and powerful applications to run on these higher capacity virtualized
systems. Correspondingly, the percentage of the typical IT budget associated
with hardware is declining while the software percentage is increasing. By
2010, software is expected represent about 35% of the IT budget.
Industry Standards for SAM
Many IT organizations have been searching for industry best
practices and standards to help them improve IT operations, gain control of
their assets, and better manage their costs. Consequently, several industry
organizations and standards bodies have been formed over the years to address
this need. Many of these try to encompass the whole of IT processes and
services, yet with the ever increasing importance of software, most
organizations have only recently begun to focus on this area. Software Asset
Management (SAM) standards and practices have only been introduced within the
past several years.
Even now it’s not all that easy to find information on best
practices for SAM, but there are a couple of places that are good starting
points. ITIL (the IT Infrastructure Library) is one of the most commonly
accepted sets of standards used by IT departments. ITIL primarily focuses on IT
service management and provides a comprehensive and consistent set of best
practices in this area. It promotes a quality approach to achieving business
effectiveness and efficiency in the use of information systems.
Several years ago, ITIL recognized the need for a focus on
SAM, and about three years ago it released a book on SAM. This was one of the
first efforts to define an industry standard for Software Asset Management. This
book also provided a good basis for validating the need for SAM in the
enterprise. However, it was somewhat lacking in practice advice on how to adopt
and improve the SAM processes in an organization.
So just what did the ITIL SAM book define? First, it was
able to provide a starting point for SAM that included the definition of just
what SAM is.
So, what are software assets?
ITIL’s definition of a software asset encompasses not just
the physical software media, but all installations of the software. It also
includes the software license keys, license agreements, certificates, release
documentation, support contracts and other items that accompany the software.
Importantly, ITIL is concerned with ensuring compliance with
the terms and conditions of the software licenses that define the user’s
entitlement to a software asset. Not only should license compliance meet the
needs of good corporate governance, but it should also ensure alignment with legal
and regulatory requirements.
The software asset lifecycle
ITIL describes the recommended processes for the complete life
cycle of a software asset, from procurement to retirement. For externally
developed software, this includes the following key points:
- Before making a
purchasing decision, check if there are licenses available for use. Assess supportability
of the software.
- If necessary,
purchase the software.
- Ensure
authenticity of the product—i.e. that you’re not buying counterfeit software.
- Receive and
store proof of license documents, and match these to the purchase order.
- Build, package,
and test software prior to deployment.
- Deploy the
software. Compliance is a key issue in deployment and re-installation.
- Operate the
software and monitor exceptions.
- Optimize
software usage. This includes redeploying unused licenses, planning for future
demands, and assessing any changes in license terms that may be required.
- Retire the
software asset; manage software upgrades and OEM ownership.
SAM Tools
ITIL lists a series of different types of tools that
organizations can use to help them manage their software assets.
- Asset inventory tools
- Discovery tools
- Deployment tools
- Metering tools
- License management tools
- Contract management tools
- Demand management tools
- Security tools
- Procurement tools
- Vendor license management tools
Overall, while the ITIL standard for SAM best practices is
somewhat outdated, especially since it’s not included in the recent version of
the ITIL books, it’s still a worthwhile read for reference if you can obtain a
copy.
ISO Standards
ISO (the International Organization for Standardization) and
IEC (the International Electrotechnical Commission) form a specialized system
for worldwide standardization.
19770-1
In 2006, ISO released the first of a set of proposed
standards in its ISO 19770-1 draft standard. ISO/IEC 19770-1 was prepared by
Joint Technical Committee ISO/IEC JTC 1, Information
Technology, Subcommittee SC 7, Software
and System Engineering.
This standard deals primarily with the key Software Asset
Management processes and provides a framework for self-assessment of an
organization’s SAM capability and maturity. Since its release, many IT organizations
have been able to perform these self-assessments, but there has still been a
need for more practical recommendations on how to improve SAM processes. As a
matter of fact, the recent SAM Optimization Model released by Microsoft is an
example of how organizations are improving upon the processes defined in ISO
19770-1.
Much has been written about this standard, and many
organizations have already begun adopting portions of the standard. For an
organization that is just getting started on the road to software asset
management, one of the best places to start would be to purchase the published
standard from the ISO
website.
In conjunction with the release of this standard, a couple
of key missing links were identified—accurate and reliable information to help
identify installed software, and more importantly, the software entitlement rights for
a particular application. Because of these holes in the existing standards, ISO
has begun work on two additional standards related to the original 19770-1;
these are the ISO 19770-2 “tag” standard, and 19770-3 “software entitlement rights”
standard.
Why implement ISO SAM?
One of the major benefits of this preliminary ISO 19770-1 standard
was the ability to define the value that can be delivered by implementing SAM best
practices, including:
- Managing and reducing your risks associated with software assets
- Reducing costs
- Gaining competitive advantage
The 19770-1 standard defined a specific set of Software
Asset Management processes, and by implementing these processes, organizations
could start to focus on specific areas of IT which could have a very positive
effect on reducing their costs and reducing their risks associated with
managing the software in their environment.
These processes were grouped under a few key areas:
Organizational Management Processes for SAM
- These processes were more about the planning and implementation
of good SAM practices, including obtaining buy-in from senior management as
well as setting up good control procedures to monitor the SAM process
improvements and areas of weakness.
Core SAM Processes
- These processes were core to managing software, including the
discovery, inventory and identification of software that’s deployed and being
used in the environment. Also key to the Core processes were the operational
management aspects of SAM including the processes needed to verify proper
implementation and ongoing management.
Primary Processes for SAM
- These processes defined how SAM is related to many other
processes in your IT environment, including Change Management, Release
Management, Software Deployment, Incident Management and many other processes
used by IT departments around the globe.
This standard is a great place to start when evaluating any
SAM project for your IT department. It provides a basis to conduct a SAM
assessment, as well as a roadmap to create a SAM project going forward.
Recommendations
So what should you do to take advantage of these industry
standards and improve your overall SAM practices and processes? Well, there are
a few good steps to follow:
- Review ISO 19770-1 and the ITIL SAM book
- Build a business case for SAM
- Identify or hire the key personnel in your organization with SAM
expertise
- Conduct a SAM assessment
- Adopt SAM best practices to help alleviate problems identified
in the SAM assessment
- Choose the right SAM tools to effectively manage your software
assets—consider ManageSoft’s Enterprise Compliance Manager™ solution which
enables enterprises to reduce software spend and maintain license compliance.
- Keep track of the latest developments on ISO 19770-2 and -3
|
