Software asset management: Difference between revisions
Reverted 1 edit by Ritu212006 (talk): Unreliable source |
|||
(296 intermediate revisions by more than 100 users not shown) | |||
Line 1: | Line 1: | ||
{{Short description|Software management}} |
|||
'''Software Asset Management''' (SAM) is the practice of integrating people, processes and technology to allow software licenses and usage to be systematically tracked, evaluated and managed. The goal of SAM is to reduce IT expenditures, human resource overhead and risks inherent in owning and managing software assets. |
|||
'''Software asset management ''' ('''SAM''') is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to [[ITIL]], SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets…throughout all stages of their lifecycle.”<ref>ITIL’s Guide to Software Asset Management</ref> |
|||
Fundamentally intended to be part of an organization's information technology [[business strategy]], the goals of SAM are to reduce [[information technology]] (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user [[productivity]].<ref name=infotechsoft>{{Citation |title=Information technology — Software asset management — Part 1: Processes and tiered assessment of conformance |publisher=International Organization for Standardization; International Electrotechnical Commission |page=5 |date=2006-05-01}}</ref> SAM is particularly important for large corporations regarding redistribution of licenses and managing legal risks associated with software ownership and expiration. SAM technologies track license expiration, thus allowing the company to function ethically and within software compliance regulations. This can be important for both eliminating legal costs associated with license agreement violations and as part of a company's [[reputation management]] strategy. Both are important forms of risk management and are critical for large corporations' long-term business strategies. |
|||
SAM is one facet of a broader business [[discipline]] known as [[IT asset management]], which includes overseeing both software and hardware that comprise an organization's computers and [[computer network|network]]. |
|||
SAM includes maintaining software license compliance; tracking the inventory and usage of software assets; and maintaining standard policies and procedures surrounding the installation, deployment, configuration, and use of software assets. SAM represents the software component of [[IT asset management]], which also includes hardware asset management. |
|||
== Role within organizations == |
|||
== Goals == |
|||
*Increase IT efficiency<br /> |
|||
1. Automate and improve accuracy of software inventory processes<br /> |
|||
2. Streamline and simplify access to software asset data<br /> |
|||
*Reduce software costs<br /> |
|||
1. Eliminate or reallocate unused software licenses<br /> |
|||
2. Standardize the desktop environment<br /> |
|||
3. Negotiate volume license discounts that match software usage patterns |
|||
*Limit business and legal risks<br /> |
|||
1. Avoid software license compliance violations<br /> |
|||
2. Comply with government regulations such as the Sarbanes-Oxley Act through more accurate reporting of software assets and liabilities.<br /> |
|||
*Improve network and data security<br /> |
|||
1. Identify the presence and use of unauthorized, harmful, or non-productive applications<br /> |
|||
2. Restrict access to unauthorized programs or applications containing sensitive data<br /> |
|||
3. Verify all machines meet security standards (2) |
|||
SAM can serve many different functions within organizations, depending on their software portfolios, IT infrastructures, resource availability, and business goals. |
|||
== Role in an Organization == |
|||
Software asset management can help organizations:<br /> |
|||
*Streamline migrations by accommodating technology changes and deploying new applications more quickly<br /> |
|||
*Improve help desk productivity by supporting a set of standard applications and extending access to data on individual machine configurations<br /> |
|||
*Increase end user productivity by limiting or eliminating access to time-wasting software<br /> |
|||
*Absorb mergers and acquisitions more readily<br /> |
|||
*Comply with software licensing laws and avoid the fines, set back, and business disruption of forced compliance<br /> |
|||
*Reduce costs by improving software buying decisions and eliminating overspending on maintenance and licensing fees for unused software<br /> |
|||
*Better budget and plan for future IT spending<br /> |
|||
*Minimize security risks by detecting and preventing the use of unauthorized software and enforcing desktop standards<br /> |
|||
For many organizations, the goal of implementing a SAM program is very tactical, explicitly focused on balancing the number of [[software license]]s purchased with the number of actual licenses consumed or used. In addition to balancing the number of licenses purchased with the amount of consumption, an effective SAM program must also ensure that the usage of all installed software is in keeping with the terms and conditions of the specific vendor license agreement. In doing so, organizations can minimize liabilities associated with [[software piracy]] in the event of an audit by a software vendor or a third party such as the [[Business Software Alliance]] (BSA). SAM, according to this interpretation, involves conducting detailed software inventories on an ongoing basis to determine the exact number of software licenses consumed, comparing this information with the number of licenses purchased, and reviewing how the software is being used in respect to the terms and conditions and establishing controls to ensure that proper licensing practices are maintained on an ongoing basis. This can be accomplished through IT processes, purchasing policies and procedures, and technology solutions such as software inventory tools.<ref>{{cite web|url=http://www.microsoft.com/resources/sam/what.mspx |title=What is SAM? |accessdate=2008-03-19 |publisher=Microsoft }}</ref> |
|||
== Process == |
|||
SAM process, at the minimum, should include the following steps:<br /> |
|||
*Centralize Purchasing Records<br /> |
|||
1. Locate purchasing information for all software titles |
|||
2. Consolidate into digital format |
|||
3. Import or enter purchasing data into SAM tool, to be reconciled with software inventory and usage data |
|||
Counting installations are the most common means of measuring license consumption but some software is licensed by the number of users, capital, processors, or [[Central processing unit|CPU]] Cores. |
|||
*Conduct Software Inventory<br /> |
|||
1. Reconcile installed licenses with purchasing data to determine whether your organization is in compliance with licensing agreements; if not, take immediate corrective action<br /> |
|||
2. Identify computers that do not meet technology standards.<br /> |
|||
This may include:<br /> |
|||
• Locating machines that have unauthorized applications installed<br /> |
|||
• Identifing computers that don’t have required service packs or security patches installed<br /> |
|||
• Determining which machines do not meet minimum requirements for upcoming OS or software migrations<br /> |
|||
More broadly defined, the strategic goals of SAM often include (but are not limited to) the following: |
|||
*Review Software Usage<br /> |
|||
*Reduce software and support costs by negotiating volume contract agreements and eliminating or reallocating underutilized software licenses<ref name=infotechsoft /> |
|||
1. Determine whether your organization has purchased more software than is actually being used, so you can reduce maintenance costs, re-allocate unused or underutilized licenses, and plan better for future software needs<br /> |
|||
*Enforce compliance with corporate [[security policies]] and desktop/server/mobile standards |
|||
2. Explore the extent to which unauthorized applications are being used that may post a threat to productivity, security, or network performance.<br /> |
|||
*Improve worker productivity by deploying the right kinds of technology more quickly and reliably<ref name=infotechsoft /> |
|||
*The limit overhead associated with managing and supporting software by streamlining and/or automating IT processes (such as inventory tracking, software deployment, [[issue tracking]], and [[patch (computing)|patch]] management)<ref>{{Citation |title=Information technology — Software asset management — Part 1: Processes and tiered assessment of conformance |publisher=International Organization for Standardization; International Electrotechnical Commission |page=19 |date=2006-05-01}}</ref> |
|||
*Establish ongoing policies and procedures surrounding the acquisition, documentation, deployment, usage and retirement of software to recognize long-term benefits of SAM<ref>{{cite web|url=http://www.microsoft.com/resources/sam/sbs_4.mspx |title=Microsoft Software Asset Management: Step-by-Step Training - Step 4 |accessdate=2008-03-19 |publisher=Microsoft }}</ref> |
|||
== SAM Technology == |
|||
*Review, document, and communicate policies and procedures<br /> |
|||
*Establish ongoing SAM processes<br /> |
|||
Several technologies are available to support key SAM processes: |
|||
== Tools/Technology == |
|||
* |
*'''Software inventory''' tools intelligently “discover” software installed across the [[computer network]], and collect software file information such as title, product ID, size, date, path, and version. |
||
*'''[[License manager]]''' solutions provide an intelligent repository for license entitlements which can then be reconciled against data provided by Software inventory tools to provide the organization with an 'Effective License Position' or view of where the organization is under-licensed (at risk of a compliance audit) or over-licensed (wasting money on unnecessary software purchases). |
|||
*Software Usage Tracking tools monitor the utilization of software applications across a network. |
|||
*'''[[Software metering]]''' tools monitor the utilization of software applications across a network. They can also provide real-time enforcement of compliance for applications licensed based on usage. |
|||
*Application Control tools block the launch of unauthorized or harmful applications. |
|||
*'''Application control''' tools restrict what and by whom particular software can be run on a computer as a means of avoiding security and other risks.<ref>{{cite news | first=Eric | last=Ogren | title=Application control coming your way | date=2006-11-03 | url=http://blogs.computerworld.com/node/3890 | work=ComputerWorld | access-date=2008-04-03 | url-status=dead | archive-url=https://web.archive.org/web/20080403105700/http://blogs.computerworld.com/node/3890 | archive-date=2008-04-03 }}</ref> |
|||
*[[License Management]] tools reconcile inventory and/or usage data with purchasing information to ensure that organizations are neither underlicensed (and therefore subject to license compliance penalties) or overlicensed (and therefore overspending |
|||
*[[ |
*'''[[Software deployment]]''' tools automate and regulate the deployment of new software. |
||
*[[Patch |
*'''[[Patch management]]''' tools automate the deployment of software patches to ensure that computers are up-to-date and meet applicable security and efficiency standards. |
||
* '''Request management''' tools allow employees to place requests for software products using a centralized form and process specifically designed to capture and assess specific license requirements as well as to manage and track the procurement and deployment process. |
|||
* '''Product catalog''' tools capture product-specific information such as name, edition, version and license agreement types as well as other key top-level information for products used within the business. This information normalizes product naming conventions within the organization and allows mapping between other technology and tools used in the composite SAM solution. |
|||
== International Organization for Standardization (ISO) == |
|||
== External Links == |
|||
{{main|ISO 19770}} |
|||
*[http://www.microsoft.com/sam] |
|||
*[http://www.bsa.org Business Software Alliance (BSA)] |
|||
The ISO/IEC 19770 family of standards are designed to help organizations manage IT assets including software assets (SAM). The published standards are outlined below: |
|||
*[http://www.fast.org.uk Federation Against Software Theft (FAST)] |
|||
*[http://www.iaitam.org International Association of Information Technology Asset Managers (ITITAM)] |
|||
ISO/IEC 19770-1:2017: IT Asset Management Systems Requirements<ref>{{cite web | url=https://www.iso.org/standard/68531.html | title=Iso/Iec 19770-1:2017 }}</ref> is a process framework to enable an organization to incorporate ITAM (including SAM) processes and policies sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. The implementation of SAM processes to be "accomplished in multiple staged increments or tiers."<ref>{{Citation |title=ISO/IEC 19770-1:2012 Information technology — Software asset management-- Part 1: Processes and tiered assessment of conformance |publisher=International Organization for Standardization; International Electrotechnical Commission |page=vi |date=2012-06-13 |url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=56000}}</ref> Part 1 of the standard details SAM processes including control environment, planning and implementation, inventory, verification and compliance, operations management and life cycle. |
|||
*[http://www.ecpmedia.com International Business Software Managers Association (IBSMA)] |
|||
*[http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=33908 ISO/IEC 19770-1:2006] |
|||
ISO/IEC 19770-2:2015: Software identification tag;<ref>{{cite web | url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=65666 | title=Iso/Iec 19770-2:2015 }}</ref> establishes specifications for tagging software to optimize its identification and management. The current version was published in 2015 and is a revision to the 2009 original Software ID Tag standard.<ref>{{cite web | url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=53670 | title=Iso/Iec 19770-2:2009 }}</ref> Using software identification tags or SWID tags makes discovery a simpler and more accurate process that can be verified by software vendors if they audit an organisations entire estate. SWID tags are implemented and supported by many vendors including IBM, Microsoft and Adobe. |
|||
*[http://en.wikipedia.org/wiki/ITIL#Software_Asset_Management ITIL Standards on Software Asset Management] |
|||
*[http://www.siia.net Software & Information Industry Association (SIIA)] |
|||
ISO/IEC 19770-3:2016: Entitlement Management Schema <ref>{{cite web | url=http://www.iso.org/iso/catalogue_detail.htm?csnumber=52293 | title=Iso/Iec 19770-3:2016 }}</ref> outlines a technical schema which can be used to encapsulate license details including contract information, entitlements, rights, limitations and details about invoice, PO numbers, etc. |
|||
ISO/IEC 19770-4:2017: Resource Utilization Measurement <ref>{{cite web | url=https://www.iso.org/standard/68431.html | title=Iso/Iec 19770-4:2017 }}</ref> provides an ITAM data standard for Resource Utilization Measurement ("RUM"). |
|||
ISO/IEC 19770-5:2015: Overview and Vocabulary<ref>{{cite web | url=https://www.iso.org/standard/68291.html | title=Iso/Iec 19770-5:2015 }}</ref> provides an overview of the 19770 standards as well as defines vocabulary used throughout the standards. |
|||
== Issues with scalability == |
|||
An example of issues faced when scaling up discovery tools is with Microsoft's [[System Centre Configuration Manager]] (SCCM). |
|||
Using SCCM Metering Rules to monitor software usage across a small estate or a small number of applications is relatively easy and reliable given the total number of unique executables (.exe files) and the number of instances of each executable. Turning on Metering Rules for every packaged application and every executable in a large estate quickly makes the volume of data generated unmanageable and expensive to maintain. Most SAM tools which consume SCCM data rely on these Metering Rules to understand usage. |
|||
== See also == |
|||
* [[Certified software manager]] |
|||
* [[License manager]] |
|||
* [[Software licensing audit]] |
|||
* [[Financial Software]] |
|||
== References == |
|||
{{Reflist}} |
|||
[[Category:Information technology management]] |
|||
[[Category:Asset management]] |
Latest revision as of 13:58, 29 December 2024
Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to ITIL, SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets…throughout all stages of their lifecycle.”[1] Fundamentally intended to be part of an organization's information technology business strategy, the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity.[2] SAM is particularly important for large corporations regarding redistribution of licenses and managing legal risks associated with software ownership and expiration. SAM technologies track license expiration, thus allowing the company to function ethically and within software compliance regulations. This can be important for both eliminating legal costs associated with license agreement violations and as part of a company's reputation management strategy. Both are important forms of risk management and are critical for large corporations' long-term business strategies.
SAM is one facet of a broader business discipline known as IT asset management, which includes overseeing both software and hardware that comprise an organization's computers and network.
Role within organizations
[edit]SAM can serve many different functions within organizations, depending on their software portfolios, IT infrastructures, resource availability, and business goals.
For many organizations, the goal of implementing a SAM program is very tactical, explicitly focused on balancing the number of software licenses purchased with the number of actual licenses consumed or used. In addition to balancing the number of licenses purchased with the amount of consumption, an effective SAM program must also ensure that the usage of all installed software is in keeping with the terms and conditions of the specific vendor license agreement. In doing so, organizations can minimize liabilities associated with software piracy in the event of an audit by a software vendor or a third party such as the Business Software Alliance (BSA). SAM, according to this interpretation, involves conducting detailed software inventories on an ongoing basis to determine the exact number of software licenses consumed, comparing this information with the number of licenses purchased, and reviewing how the software is being used in respect to the terms and conditions and establishing controls to ensure that proper licensing practices are maintained on an ongoing basis. This can be accomplished through IT processes, purchasing policies and procedures, and technology solutions such as software inventory tools.[3]
Counting installations are the most common means of measuring license consumption but some software is licensed by the number of users, capital, processors, or CPU Cores.
More broadly defined, the strategic goals of SAM often include (but are not limited to) the following:
- Reduce software and support costs by negotiating volume contract agreements and eliminating or reallocating underutilized software licenses[2]
- Enforce compliance with corporate security policies and desktop/server/mobile standards
- Improve worker productivity by deploying the right kinds of technology more quickly and reliably[2]
- The limit overhead associated with managing and supporting software by streamlining and/or automating IT processes (such as inventory tracking, software deployment, issue tracking, and patch management)[4]
- Establish ongoing policies and procedures surrounding the acquisition, documentation, deployment, usage and retirement of software to recognize long-term benefits of SAM[5]
SAM Technology
[edit]Several technologies are available to support key SAM processes:
- Software inventory tools intelligently “discover” software installed across the computer network, and collect software file information such as title, product ID, size, date, path, and version.
- License manager solutions provide an intelligent repository for license entitlements which can then be reconciled against data provided by Software inventory tools to provide the organization with an 'Effective License Position' or view of where the organization is under-licensed (at risk of a compliance audit) or over-licensed (wasting money on unnecessary software purchases).
- Software metering tools monitor the utilization of software applications across a network. They can also provide real-time enforcement of compliance for applications licensed based on usage.
- Application control tools restrict what and by whom particular software can be run on a computer as a means of avoiding security and other risks.[6]
- Software deployment tools automate and regulate the deployment of new software.
- Patch management tools automate the deployment of software patches to ensure that computers are up-to-date and meet applicable security and efficiency standards.
- Request management tools allow employees to place requests for software products using a centralized form and process specifically designed to capture and assess specific license requirements as well as to manage and track the procurement and deployment process.
- Product catalog tools capture product-specific information such as name, edition, version and license agreement types as well as other key top-level information for products used within the business. This information normalizes product naming conventions within the organization and allows mapping between other technology and tools used in the composite SAM solution.
International Organization for Standardization (ISO)
[edit]The ISO/IEC 19770 family of standards are designed to help organizations manage IT assets including software assets (SAM). The published standards are outlined below:
ISO/IEC 19770-1:2017: IT Asset Management Systems Requirements[7] is a process framework to enable an organization to incorporate ITAM (including SAM) processes and policies sufficient to satisfy corporate governance requirements and ensure effective support for IT service management overall. The implementation of SAM processes to be "accomplished in multiple staged increments or tiers."[8] Part 1 of the standard details SAM processes including control environment, planning and implementation, inventory, verification and compliance, operations management and life cycle.
ISO/IEC 19770-2:2015: Software identification tag;[9] establishes specifications for tagging software to optimize its identification and management. The current version was published in 2015 and is a revision to the 2009 original Software ID Tag standard.[10] Using software identification tags or SWID tags makes discovery a simpler and more accurate process that can be verified by software vendors if they audit an organisations entire estate. SWID tags are implemented and supported by many vendors including IBM, Microsoft and Adobe.
ISO/IEC 19770-3:2016: Entitlement Management Schema [11] outlines a technical schema which can be used to encapsulate license details including contract information, entitlements, rights, limitations and details about invoice, PO numbers, etc.
ISO/IEC 19770-4:2017: Resource Utilization Measurement [12] provides an ITAM data standard for Resource Utilization Measurement ("RUM").
ISO/IEC 19770-5:2015: Overview and Vocabulary[13] provides an overview of the 19770 standards as well as defines vocabulary used throughout the standards.
Issues with scalability
[edit]An example of issues faced when scaling up discovery tools is with Microsoft's System Centre Configuration Manager (SCCM). Using SCCM Metering Rules to monitor software usage across a small estate or a small number of applications is relatively easy and reliable given the total number of unique executables (.exe files) and the number of instances of each executable. Turning on Metering Rules for every packaged application and every executable in a large estate quickly makes the volume of data generated unmanageable and expensive to maintain. Most SAM tools which consume SCCM data rely on these Metering Rules to understand usage.
See also
[edit]References
[edit]- ^ ITIL’s Guide to Software Asset Management
- ^ a b c Information technology — Software asset management — Part 1: Processes and tiered assessment of conformance, International Organization for Standardization; International Electrotechnical Commission, 2006-05-01, p. 5
- ^ "What is SAM?". Microsoft. Retrieved 2008-03-19.
- ^ Information technology — Software asset management — Part 1: Processes and tiered assessment of conformance, International Organization for Standardization; International Electrotechnical Commission, 2006-05-01, p. 19
- ^ "Microsoft Software Asset Management: Step-by-Step Training - Step 4". Microsoft. Retrieved 2008-03-19.
- ^ Ogren, Eric (2006-11-03). "Application control coming your way". ComputerWorld. Archived from the original on 2008-04-03. Retrieved 2008-04-03.
- ^ "Iso/Iec 19770-1:2017".
- ^ ISO/IEC 19770-1:2012 Information technology — Software asset management-- Part 1: Processes and tiered assessment of conformance, International Organization for Standardization; International Electrotechnical Commission, 2012-06-13, p. vi
- ^ "Iso/Iec 19770-2:2015".
- ^ "Iso/Iec 19770-2:2009".
- ^ "Iso/Iec 19770-3:2016".
- ^ "Iso/Iec 19770-4:2017".
- ^ "Iso/Iec 19770-5:2015".