A Short Guide to Software Asset Management

Software is an integral part of the global economy. Organisations of all sizes rely on software to communicate, build products, offer services and manage operations. It all adds up to more software and more complex software and systems— and mismanaging it can expose your operations to a series of risks, from inefficiency to legal liability. Poor Software Asset Management (SAM) robs companies of the full value of their investments, and increases the significant risks associated with the use of software within an organisation.

Implementing effective SAM requires the development of a holistic management system to control and protect software throughout its lifecycle. This holistic approach needs to have a clear set of objectives and consider how everyone in the organisation must work together to achieve the right outcomes for the business. Of course, a plan of action to get where you want to be is a must, and it is also important to regularly take a step back and review whether you are getting it right.

A core element of software asset management is to ensure that your organisation is compliant with the terms and conditions of its software licenses. Complex license models mean this can be extremely challenging, whether the software you are using is deployed on your own IT equipment or is being used in the cloud. Getting SAM right can require skilled expertise to help interpret and apply software license terms and conditions. You can find out more about software licensing and how to manage your software licenses in Software Licensing the Basics.

However, licensing compliance is only one aspect of SAM. The implementation of an effective software asset management system also brings significant benefits in terms of improving cyber-security and ensuring you get value for money from the software you consume, whether it is in the cloud or elsewhere.

In this overview of SAM, we’ll look at software management, including:

  • The benefits
  • The risks
  • How to do it properly
  • Preventing unlicensed software in your business

How SAM benefits your business

Like most things, software has a lifecycle. Getting the most value from the software you use requires an approach that covers the entire lifecycle from planning, through to requisition, deployment, maintenance, and retirement of your software. Get the management of your software right, and you will minimise the cost of your software, reduce your risks, and maximise the return on your software investments.

Software can account for a significant amount of your IT budget, so it makes sense to keep a close eye on it. Implementing effective SAM means you’ll only acquire the software you need and can be certain staff only use properly licensed software. Knowledge is power and implementing an effective SAM system means you’ll only pay for what’s being used (particularly important in the cloud) and have a better negotiating position with software publishers and cloud vendors. You’ll also know exactly what infrastructure and hardware you need, cutting out redundant and costly technology, as well as providing information useful if you are planning to upgrade equipment or take advantage of cloud services.

Using legitimate software ensures you can access a complete array of support from the product’s publisher, including official upgrades, offers and discounts, training and insight into how to drive value from the investment.

The key to good control is having a separate budget for software. This allows you to plan for purchases and upgrades in an orderly way and improves your ability to control your software and cloud spend. A separate software budget also allows you to track purchases accurately and spot unauthorized copies of software or cloud services in your business.

How SAM protects your business

Malware is a major threat to all types and sizes of business. SAM gives you a significant advantage in your fight against cyber threats by helping you map exactly what technologies you are using, allowing you to identify gaps and vulnerabilities in your IT systems.

Most security experts will tell you that the biggest risk to businesses isn’t a new piece of malware or virus, it’s people – and more specifically, the errors they make. Good SAM involves developing policies and procedures that detail how you obtain software and purchase cloud services while remaining in control of how software and cloud services are being used. If employees know the correct way to procure the software and cloud services they need, and if you’ve done your homework by knowing exactly what they do and don’t require, then the need to download or purchase software unofficially is greatly diminished.

One of the biggest weaknesses cyber attackers exploit are holes caused by outdated software, and good SAM helps you ensure software is regularly updated and secure. It also guarantees that you’ll be using officially-supplied software, which in turn gives you access to publishers’ support and update programmes, sealing holes before they can be exploited.

Finally, implementing effective SAM gives you peace of mind that you are using official, legally sourced and supported software and cloud services. So many elements outside of your control can affect your business; the last thing you want is for a rogue piece of software to cause you significant legal and financial damage. By knowing what you have, what you need and what you use, SAM allows you to identify unlicensed or unbudgeted software and cloud services and remove them or shut them down quickly. This in turn shuts down any possibility of costly and time-consuming legal battles if you are found to be using illegal software, while protecting your software budget, which can quickly spiral out of control in the cloud.

You can find out more about how SAM helps you protect your business in Use SAM to reduce your cyber-risks.

The Four Steps to Getting SAM Right 

Effective software management is an iterative process. It’s not a ‘one-and-done’ action, but an ongoing cycle. This is critical, as not only is the first attempt never perfect, nothing is constant. Everything changes and evolves, whether it’s the industry you operate in, the technology you use or your own business. The best way to ensure that you continue to get the most value out of your software while managing the risks is to implement a continuous cycle of improvement, which involves the following steps.

Plan

  • Identify what you want your SAM system to achieve and what your SAM objectives are – is cyber security a priority? Or reducing software costs? Or do you need to take advantage of new technologies such as the cloud to help your business grow and compete effectively?
  • Nominate someone in your business to be responsible for SAM, and make sure they have the support they need to build and implement a plan that deals with the people, technology, and process angles required to build the SAM System.
  • Identify what support and resources you will need to implement SAM – there are a load of resources on-line and an army of SAM consultants keen to help you plan and implement effective SAM

Do

  • Review all your existing process and plug any gaps that could lead to the purchase of unlicensed or unauthorised software. Ensure you keep comprehensive records that prove the software is legitimate, that you know your rights and obligations when using the software and that the purchase was properly authorised and budgeted for
  • Communicate the need for effective SAM to employees and ensure they are aware of the new policies and processes
  • If you have outsourced any of your IT (such as when using cloud services) or allow employees to use their own devices for business purposes, make sure your processes cover these scenarios

Check

  • Put steps in place to monitor the implementation of SAM in your organisation – are processes being followed? Are there any gaps in your policies and processes which should be addressed?
  • As a business, check that your SAM system continues to achieve your objectives. Has your business or your priorities changed? How does your SAM system need to be updated to ensure it continues to be relevant and support the business as it grows and evolves?
  • Continue monitoring the SAM system on a regular basis to ensure SAM continues to be responsive to changing technological and business environments

Act

  • Implement any required changes to ensure your SAM system remains up to date and relevant
  • When an issue does arise (for example, if an employee has installed unlicensed software), take clear, documented steps to deal with the issue promptly
  • Think ahead about future changes to your IT infrastructure (such as moving to the cloud) and what you can be doing now to prepare the organization for those changes

Keeping unlicensed and unauthorised software out of your business

Your business as a whole might recognise the importance of avoiding illegitimate or unauthorised software, but what about employees (however well meaning)? Training, processes and policies will ensure that no one purposefully installs unlicensed or unauthorised products.

Use this checklist to help ensure you get the most out of your software assets and minimise the risks to your business:

  • Get top management on board by explaining the risks poorly managed software can pose to the business, and the financial and other benefits good SAM provides
  • Ensure someone is responsible for ‘doing’ software asset management in the business. This individual is responsible for ensuring that all software is properly acquired, deployed, used and retired
  • Develop written policies, that employees can sign, to make them aware of their responsibilities when using any IT equipment or service, including software
  • Make sure all employees are aware of the processes through which they can request and purchase new software or subscriptions
  • Only procure software from vendor-certified partners to ensure that the software you buy is legitimate and properly licensed
  • Keep accurate records of your hardware and software assets – make sure you know what software you own, and how many individuals have subscriptions or which computers have the software installed
  • Carry out regular audits of your IT systems to ensure that you have not over-installed software, are paying for unused subscriptions, or that your employees are not making use of unlicensed or unauthorised software
  • Make sure that your software is regularly updated to stop hackers exploiting vulnerabilities
  • Don’t be tempted to buy software on the cheap – the software may not be sold with a valid licence and may pose security risks to your business. It may also not be licensed for commercial use, particularly if it has been sold at a significant discount

Proper software asset management takes time and effort, but the payback is well worth it. If you have followed the steps outlined in this guide to implement a SAM system to manage your software, you have taken the steps necessary to get the full benefit from purchased software and eliminate your company’s exposure to the risks of unlicensed, unbudgeted and unauthorised software.

Related content

If you found this useful, take a look at the following content.

Use Software Asset Management to reduce your cyber risks

What does SAM mean in practice?

SAM top tips [Infographic]

Software is a major part of your business, but are you sure you’re getting the most value from it?

Buying Software – a Best Practice Guide

This document covers best practice for buying all types of software, whether it is on-premise or cloud-based software, perpetual or subscription licenses.

Software Licensing– the Basics

What do you need to know about Software Licensing?

Topics

 

 

Useful Links

© Copyright 2024 BSA | The Software Alliance

Social Media