The 7 Habits of Highly-Effective Software Asset Managers

Effective software asset managers

Many companies still need to manage their software asset investments better – to reduce risks and financial “wastage.” It can be a huge undertaking but it can also be very rewarding – so start small if you need to, building up your software asset management capabilities over time.

Software asset management (SAM) is an underused IT management discipline that should be employed by IT departments to manage, control, and protect their software assets at an enterprise level. Done well, SAM will not only reduce the risks of compliance exposure, it will also save your organization time and money on maintaining its software estate as part of the overall IT service delivery ecosystem.

If you’re a software asset manager, or have responsibilities involving IT assets, then please read on for seven tips that will make you more effective in your role.

Tip 1: Know Your Environment

You can’t manage what you don’t know.

The first step in any successful SAM initiative is to know what’s out there. So, talk with your IT service desk, analyze network monitoring/discovery tool data, talk with business colleagues re non-networked technology use cases, and don’t forget service catalog data if you have one. Until you get a handle on what you actually have, you won’t be able to manage it effectively.

It’s also a good time to check the SAM basics. For instance, are company PCs locked down or does everyone and anyone have local admin rights – and therefore the ability to download and install software at will?

Tip 2: Start at the Beginning

Tip 2: Start at the BeginningWhat a crazy place to start, huh? Hopefully you know what I mean by this. And don’t try to run before you can walk. Start with baby steps but make those first steps meaningful and high impacting.

Think about what are your company’s biggest software pain points or biggest areas of exposure?

SAM can be complex and it’s all too easy to get side tracked or focused on the wrong things. Prioritize SAM efforts by overall risk and concentrate on the big hitters, for example Microsoft, Adobe, or Oracle products (or whatever your company uses in high volumes and/or with big costs).

Still not sure where to start? Check your software renewals and audit schedules, and start there. As a result, you will either be in a better negotiating position or mitigate risk. And by prioritizing the most urgent situations you can demonstrate clear, tangible value.

Tip 3: Agree on a SAM Policy

Your SAM policy should set out the “rules of engagement” for software. Every organization will have different requirements of a SAM policy, but things that should always be covered include:

  • What SAM is and why it’s so important.
  • The purpose of the policy – what it is and what it will be used for.
  • Scope – which environments are covered? The live environment only? Test and development as well? What about disaster recovery (DR) requirements?
  • How to request software – preferable via request fulfilment and the service desk or via a service catalog/self-service. It needs to be defined, easy, and traceable.
  • Installation guidelines – a major point of control and the opportunity to keep software licensing in line with vendor directives.
  • Software harvesting/disposal – how to handle software that’s no longer needed.
  • Where to go for help, and further information.

Tip 4: Engage with Your “Supporting Players”

Know your SAM process control points to prevent duplication and rework, and agree on touch points with supporting processes. For example, working with:

  • Your IT service desk to ensure that all software requests are processed centrally via a defined request fulfilment process.
  • The purchasing/procurement teams to ensure that an audit trail exists for all software – from the request stage right through to retirement and disposal.
  • InfoSec personnel – align policy details and installation guidelines with information security needs.
  • Change management to ensure any licensing requirements are understood and reviewed appropriately.
  • Release management personnel, as they can help you ensure that software is installed via a central, authorized, safe source such as a definitive media library (DML).
  • Configuration management staff so that you can get relevant information from the configuration management database (CMDB). If your SAM database and CMDB are separate databases, then you will also need to establish a process for sharing information such that you can ensure that the relationship between licensed software and the hardware it is installed on remains correct and up to date.

Tip 5: Understand the Complexity of Software Licenses

One of the biggest challenges facing software asset managers is the sheer complexity of software licenses and then proof of license.

Proof of license could be any of the following:

  • Receipts and invoices
  • The master copy of the software itself on the master media
  • Distribution copies of software on the freestanding media or servers
  • Installed operational instances of the software
  • Software pass codes or license keys; either electronic or paper-based
  • Software maintenance authorization codes
  • Software license certificates or other proof of licenses
  • Terms and conditions of licenses
  • Support contracts
  • Maintenance contracts
  • Software release documentation
  • Upgrade components
  • Training material

How do you make sure that you have everything you need? Get the software vendor to confirm in writing what acceptable proof of license is during negotiations. Have it as a mandatory question/requirement for any large-scale software purchases undertaken by your organization.

Tip 6: Have a Plan for Audits

Remember, panicking is not an option. Preparation and internal sanity checks are your friends here. So, have a game plan for audits, and define the process for audits in your SAM procedures.

Build up a bank of templates for repetitive tasks such as response emails, meeting requests, and written communications so that everything is as easy and as consistent as possible. Where possible, run a “practice” audit first with support from other departments/teams if needed. And if you have an internal audit department, use them! This way, if you’ve missed something during day-to-day operations, then you can put it right immediately. Having a different department involved means a degree of separation, however it also means that they’ll ask about things that you may have otherwise not considered.

When the real audit is happening:

  • Ensure that all your process and procedure documentation is up to date, has been reviewed recently, is in the correct format, and is in a central location.
  • Ensure that everyone knows where to go for the documentation and for any questions.
  • Make everyone aware that an audit is going on. Prior to the start of the audit, it’s useful to communicate the nature of the audit, what to do if asked a question, and who to refer the auditor to if you don’t know or are unsure.
  • Ensure only authorized personnel with the appropriate training talk to software vendors/external auditors to prevent any confusion.
  • Provide your evidence as requested and then work with them to mitigate or close down any observations or findings.

Tip 7: Engage, Engage, Engage

SAM is so much more than a process or even a toolset.

The most important aspect of SAM is your people – from end users understanding the basic dos and don’ts at the induction stage of employment (it’s good to catch them early!), to the SAM team running the process, to your audit and compliance departments.

SAM needs teamwork to be effective. End users will need to understand that they can’t install software at will and the service desk needs to put in place solid fulfilment processes to ensure a quick turnaround to prevent internal controls being circumvented.

One of the biggest measures of SAM success is making it part of everyone’s day job. So, make sure that everyone knows their SAM responsibilities.

That’s my seven tips for becoming a highly-effective software asset manager. What would you add? Please let me know in the comments!