Tuesday, 10 February 2015

                      Effective Asset Management Planning and Maintenance

Any organization would always want to protect its Assets against threats by identifying and eliminating the vulnerabilities within its system. ISO 55000 is the international standard for asset management. In recent years, software asset management (SAM) has rapidly gained importance among many organizations as a strategic imperative that enables them to achieve maximum value from their IT investments. SAM, at a very basic level, involves integrating people, processes and technology in such a way as to allow software licenses and usage to be systematically tracked, evaluated and managed. The goal is to reduce hard-dollar IT expenditures, human resource overhead, and risks inherent in owning and managing software assets, without compromising the technology and service levels needed for the organization to operate at an optimal level.

                        

Companies that recognize the value of SAM and implement effective SAM programs have been able to:
  1. Reduce total cost of ownership (TCO) related to IT assets by eliminating time-consuming manual audits, determining where the organization is overspending on software licenses, and reducing help desk costs.
  2. Manage technology change by using software procurement models that map to current and future needs and by collecting data that assists with technology migration and upgrade planning.
  3. Minimize security risks by preventing the use of unauthorized software and enforcing desktop standards.
  4. Limit compliance risk by identifying PCs with unlicensed applications, preventing employees from using unlicensed software, and producing accurate reports to vendors in the event of an audit.
The purpose of this document is to provide a tactical guide for implementing a SAM program within your own organization, from tracking software assets to developing processes and procedures for managing those assets on an ongoing basis.
 
                        Eight steps in implementing asset management

First Step - Collate your license agreements

As a first step, it is important to consolidate all licensing agreements owned by the company, irrespective of who they were purchased by. Ideally this not only includes the actual license certificate, but also proof of purchase and invoices. Licenses come in many different formats and from many different places, making sales receipts and invoices critical in proving that the software was purchased from an appropriate source. A license certificate may not be considered enough during an external software license audit. All licensing documentation should be recorded electronically and all physical licenses should be stored in a safe location. In addition it is also recommended to collect and store all physical software media to ensure that the software is both accessible and not installed without appropriate approval. Gathering this material is a daunting task for most organizations. A licensing reseller may be able to assist in getting information on volume license purchases if such agreements are in place with the software vendors.
 
Second Step - Determine your actual license position

When all license agreements have been collected they must be analyzed to create a statement of your actual license position detailing the number of licenses owned and the license rights for each software application. Analyzing licenses post collation can also be a complex task, depending on the type and volume of licenses within the organization. It is however critical to establishing the actual position on current licenses owned for each piece of software. When analyzing your licenses, pay attention to these:
  • Some licenses expire and therefore cannot be classified as “current”
  • License upgrades must have a valid initial license
  • Some licenses are not transferable and will therefore not be valid
  • Different software licenses grant different usage rights. For example software licenses might be ‘per computer,’ ‘per user,’ ‘per processor’ or full site licenses
  • Software assurance upgrades need to be performed correctly to ensure their validity
  • Understand the entitlement granted by each license as some licenses count users not computers and must be counted separately
Third Step - Understand your existing software assets

To gain a thorough understanding of software assets on hand, you need to audit your used software. The primary goal is to determine what software has been installed on computers and to generate a list of total installations per application. A software audit must count the correct item that uses a license, i.e. per computer, per user, per process. All systems that use company software must be audited and as the software environment is dynamic, audits need to be done regularly – ideally on weekly basis. Dimension Data does not recommend performing large scale manual software audits. Manual audits are not sustainable on an ongoing basis, are prone to human error and are expensive. Manual audits may be suitable for small scale or isolated computers but the collected inventory should be considered obsolete as soon as it is completed.

Fourth Step - Analyze your software inventory

The raw software audit data does not provide an accurate view of required software licensing as not all software requires the same type of license. Post completing the licensing analysis it becomes necessary to analyze the information collected by the software inventory to determine the licenses that are actually required by all software that is currently in use.

Key steps within:
  • Determine what licensing requirements exist for each piece of software
  • Determine the nature of the license required for all applications i.e. per computer, per user, etc.
  • Identify unapproved and inappropriate software
  • Identify software that is deemed to be a security risk
A key action when analyzing software inventory is to discover unauthorized and untested software, particularly software from a non-trusted source. Unauthorized and untested software could introduce security vulnerabilities or stability issues into your environment and should be identified for remediation.

Fifth Step - Match your software to licenses

To accurately determine license compliance you must have both an accurate license count and an accurate software audit. Then you must ensure that the correct software is compared with the correct license(s) to determine the over/under licensing compliance position for each application.

Key steps:
  • Compare each application with the correct license
  • Compare each application with the correct license type, i.e. per computer or per user, per processor, etc.
  • Identify all deployed software for which there is no license
  • Identify all under-licensed and over-licensed software
  • Identify all retired software still in use
Many organizations are surprised to find out that they are over-licensed. In an attempt to remain compliant, they may be purchasing more licenses than actually required. Industry analyst reports have estimated that up to 75% of organizations worldwide are overspending on their IT assets, which includes buying up to 30% more licenses for more than 50% of their portfolio.

Sixth Step  - Face the reality and take action

If you find that you are under or over-licensed it is likely that your existing software asset management approach is flawed or not rigorous enough. Whether under- or over-licensed it is recommended that a remediation plan be created and followed. If over-licensed you are spending more on licenses than required and/or there are software licenses available to be deployed, but your return on software investments are not being optimized. If under-licensed, the organization is almost always liable no matter the source of the unlicensed software. Uninstalling software does not remove the requirement to have owned a license when the software was installed. Penalties vary by country, but are always in addition to and far greater than the actual licensing cost.

Seventh Step - Create an organizational procurement policy and processes

Post the audit, it becomes important to define a company policy for the purchasing of software, including purchasing authority, approved vendors and how to deal with exceptions. Create a software inventory database to track approved software titles, versions and license purchase information. Clearly delegate and document responsibility and accountability for acquiring new software and recording purchases. Standardize software titles so that all employees have the same versions, and retire obsolete software and PCs.

Key considerations and steps in policy definition include:
  • Define both the policy and the process that follows the policy
  • Define the approval chain
  • Ensure that the policy does not impact any core business actions
  • Define exceptions to the process and when they may be used
  • Define when and how software audit checkups will be performed
  • Get organization-wide agreement to the policy and communicate it to all employees and stakeholders
  • Enforce the policy without exception
The last step in the implementation of SAM is --

Eighth Step - Plan for ongoing management and operations

An organization’s software environment and software requirements evolve on an ongoing basis and should be reviewed periodically. The continuous process of software asset management needs to keep in step with the organization’s requirements. By doing so, you will limit your organization’s legal liability stemming from inadequate license management procedures. This could result in and/or fail to obviate under-licensing and copyright infringements/illegal software usage. Technology-based software asset management solutions are available to help this process. Some only provide a limited subset of the management functions associated with the acquisition, deployment, ongoing management and disposal of a software asset throughout its lifecycle. Ensure that you implement a tool that takes into account the entire life cycle.

_______________________________________________________________________________

Author - Vijayakumar Reddy, CTO & Lead Trainer, A2A IMTCS Pvt. LTD.

© Copyright 2015 A2A - IMTCS. All rights reserved. www.iimtcs.in
_______________________________________________________________________________