Software asset management

Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to the Information Technology Infrastructure Library (ITIL), SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control and protection of the software assets…throughout all stages of their lifecycle.”^[1]

Fundamentally intended to be part of an organization’s information technology business strategy, the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity.^[2] SAM is one facet of a broader business discipline known as IT asset management, which includes overseeing both software and hardware that comprise an organization’s computers and network.

Role within organizations

SAM can serve many different functions within organizations, depending on their software portfolios, IT infrastructures, resource availability, and business goals.

For many organizations, the goal of implementing a SAM program is very tactical in nature, focused specifically on balancing the number of software licenses purchased with the number of actual copies installed. In doing so, organizations can minimize liabilities associated with software piracy in the event of an audit by a software vendor or a third party such as the Business Software Alliance (BSA). SAM, according to this interpretation, involves conducting detailed software inventories on a periodic basis to determine the exact number of software installations, comparing this information with the number of licenses purchased, and establishing controls to ensure that proper licensing practices are maintained on an ongoing basis. This can be accomplished through a combination of IT processes, purchasing policies and procedures, and technology solutions such as software inventory tools.^[3]

More broadly defined, the strategic goals of SAM often include (but are not limited to) the following:

• Reduce software and support costs by negotiating volume contract agreements and eliminating or reallocating underutilized software licenses^[2]
• Enforce compliance with corporate security policies and desktop standards^[4]
• Improve worker productivity by deploying the right kinds of technology more quickly and reliably^[2]
• Limit overhead associated with managing and supporting software by streamlining and/or automating IT processes (such as inventory tracking, software deployment, issue tracking, and patch management)^[5]
• Establish ongoing policies and procedures surrounding the acquisition, documentation, deployment, usage and retirement of software in an effort to recognize long-term benefits of SAM^[6]

SAM Technology

A number of technologies are available to support key SAM processes:

• Software inventory tools intelligently “discover” software installed across the computer network, and collect software file information such as title, product ID, size, date, path, and version. Some inventory tools compare software inventory data with purchasing information to reveal license deficits and ensure that organizations remain compliant with their licensing agreements.
• Software metering tools monitor the utilization of software applications across a network. They can also provide real-time enforcement of compliance for applications licensed based on usage.
• Application control tools restrict what and by whom particular software can be run on a computer as a means of avoiding security and other risks.^[7]
• Software deployment tools automate and regulate the deployment of new software.
• Patch management tools automate the deployment of software patches to ensure that computers are up-to-date and meet applicable security and efficiency standards.

International Organization for Standardization (ISO)

Main article: ISO 19770

In 2006, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) began working with the SAM industry to develop a standard of best practices for software asset management programs. Standard ISO/IEC 19770-1:2006, Information technology – software asset management – Part 1, was published by the ISO and IEC in May 2006. Part 1 of the standard details SAM processes including control environment, planning and implementation, inventory, verification and compliance, operations management and life cycle.^[8]

ISO/IEC 19770-2:2009 – Part 2: Software identification tag^[9]; establishes specifications for tagging software to optimize its identification and management.

Using software identification tags or SWID tags makes discovery a simpler and more accurate process that can be verified by software vendors if they audit an organisations entire estate.

Issues with scalability

An example of issues faced when scaling up discovery tools is with Microsoft's System Centre Configuration Manager (SCCM). Using metering rules to monitor software deployment and usage across a small estate is relatively easy and reliable given the total number of unique executables (.exe files) and the number of instances of each executable. If you try turning on metering rules for every packaged application and every executable in a large estate the volume of data generated quickly becomes unmanageable and expensive to maintain.

References

Reference Number 4 is no longer valid (missing link).

1. ITIL’s Guide to Software Asset Management
2. ^ "Information technology – software asset management – Part 1: Processes". International Standard. International Organization for Standardization and International Electrotechnical Commission. 2006-05-01. pp. 5 
3. "What is SAM?". Microsoft. http://www.microsoft.com/resources/sam/what.mspx. Retrieved 2008-03-19. 
4. Dunn, Ian; Daniel Dresner (2004). "SAM Best Practice" (PDF). Federation Against Software Theft. http://www.fast.org.uk/groups/AMG-FASTtalkArticleSAMBestPractice.pdf. Retrieved 2008-03-19. ^{[dead link]}
5. "Information technology — Software asset management-- Part 1: Processes". International Standard. International Organization for Standardization and International Electrotechnical Commission. 2006-05-01. pp. 19 
6. "Microsoft Software Asset Management: Step-by-Step Training - Step 4". Microsoft. http://www.microsoft.com/resources/sam/sbs_4.mspx. Retrieved 2008-03-19. 
7. Ogren, Eric (2006-11-03). "Application control coming your way". ComputerWorld. http://blogs.computerworld.com/node/3890. Retrieved 2008-04-03. 
8. "Information technology — Software asset management-- Part 1: Processes". International Standard. International Organization for Standardization and International Electrotechnical Commission. 2006-05-01 
9. http://www.iso.org/iso/catalogue_detail.htm?csnumber=53670

See also

• IT asset management
• License manager

External links

• Business Software Alliance (BSA)
• Federation Against Software Theft (FAST)
• 19770-1:2006
• ISO/IEC Information Centre
• International Business Software Managers Association (IBSMA
• International Association of Information Technology Asset Managers (IAITAM)
• Software & Information Industry Association (SIIA)
• The ITAM Review