SAM in the Cloud

When a business moves an operation to the cloud it has an opportunity to adjust its Software Asset Management (SAM) practices to make sure it gets the most out of its subscriptions. By doing so, it acquires agility that previously came with a high price. Services are provisioned, configured, reconfigured and released in a matter of minutes, allowing an organisation’s IT to finally be in lockstep with its growth. But a successful transition to the cloud is not just about getting the right software - it's about having the processes and procedures in place to maximise your investments. In this guide, we'll explore the opportunities of SAM in the cloud, as well as things to look out for.

Given how easy it is to provide new cloud services, there is a chance that a business might not sign up to the right service, or that an employee could sign up to services without proper approval – potentially bypassing the usual SAM checks and balances.

Using cloud-based services also means a different way of looking at the total cost of ownership (TCO) which include issues such as service costs, additional software licensing costs because of using software in the cloud, and minimum commitments that are more than an organisation needs. Being aware of other technology trends, such as bring-your-own-device (BYOD), is also critical in ensuring that you maximise your cloud opportunity and adapt your SAM approach accordingly.

Cloud Service Models

There are ways that you can use cloud services – it’s all about how much you want to be responsible for and how much you’re happy to leave in the hands of the vendor.

  • Software as a Service (SaaS): This allows a customer to use a product or service stored on the provider’s cloud infrastructure, for example, using web-based email.
  • Platform as a Service (PaaS): This allows a customer access to a provider’s cloud infrastructure, but the customer typically provides their own applications and data.
  • Infrastructure as a Service (IaaS): This allows a customer access to a provider’s infrastructure components, such as servers, storage and networking hardware. The customer will provide everything else.

Thinking about SAM with SaaS

Software as a Service (SaaS) is a subscription service most commonly accessed via a web browser.

When using SaaS, there are several ways SAM can help get the most from your subscription, including:

  • Additional software: Some SaaS solutions may require additional software installed on laptops. A good example of this is Microsoft Office 365; cheaper subscriptions do not necessarily include office applications, such as Word and Excel. Knowing what you need makes sure you get the right subscription, and through that the right licences, for your needs.
  • Unauthorised use: SaaS solutions may come with restrictions on use, such as geographical limitations, or sharing accounts. For example, if a manager shares his or her login with staff, ten people could access an account licensed for use by one person.
  • Shelfware: This is when a business pays for more software than it needs. Again, it comes down to knowing what you need, and getting the subscription that meets that.

Virtualisation and SAM

To understand IaaS and PaaS, it is first important to understand what virtualisation is, and the role it plays.

All non-SaaS cloud technologies are based on – and enabled by – virtualisation technology.

Virtualisation involves the deployment of a virtual (rather than physical) version of an IT asset, such as hardware or storage.

What this means is that a machine – the host – may have several virtual machines installed on it, all of which are separate from each other. By creating multiple resources from a single machine, businesses can scale, and run larger workloads, with less infrastructure costs and maintenance.

Traditionally, each piece of software was licensed to a specific machine. However, multiple virtual machines may be running on one physical machine, this can become challenging from a SAM perspective.

Because of the fast moving and flexible nature of virtualisation, software publishers are constantly attempting to update their licensing policies. That’s why you need a robust SAM programme to work with publishers, making sure you know what’s coming up and acting accordingly.

SAM and Infrastructure/Platform as a Service

In non-SaaS deployment models – IaaS and PaaS – some software is provided by the cloud service provider (CSP), while other software is provided by the business. Examples include Amazon EC2, Microsoft Azure and IBM SmartCloud.

When procuring cloud services, it is important to consider service providers. It is possible to procure cloud services directly from Cloud Service Providers (CSPs), such as IBM, Amazon and Microsoft, as well as from third-party providers who are licensed by CSPs to make the CSPs’ services available to the public.

It is also important to ensure that if you are using the third party to provide you with cloud services that they have the necessary contracts in place with the relevant CSPs to provide you with genuine cloud services.

This means adapting your SAM programme for the cloud, with a focus on:

  • Transferring licences to the cloud: Certain licences may require the permission of the software publisher before it can be installed on a virtual machine off-premise. Some major publishers have policies that prohibit using their licences in the cloud, while others are less clear. Falling foul of these policies could be costly.
  • Unauthorised use: Like SaaS, the licence may have restrictions on how the software is used, such as geography (where a CSP may have its servers in a location not covered by the publisher’s license), or devices and platforms (where certain cloud environments may be precluded by the license, or the use of cloud may not be allowed).
  • Measurement: As previously mentioned, many licences are measured using hardware. This is already a challenge when the machine is on-premise, but when you consider IaaS and PaaS, the task becomes more difficult.
  • Audits: Most software licence agreements include permission for the publisher to conduct an audit (with notice) of the customer’s use of the software. CSPs are less likely to grant access, especially if it’s a public cloud used by other businesses.
  • Reclaiming licences: You should check whether they are able to reclaim licences if they end their cloud agreement. In some cases, this may require the explicit permission of the CSP and software publisher.

First Steps

It’s clear that the fast-moving environment of cloud computing requires an adjustment in the way businesses approach software asset management.

Because of the nuances, you need to take a case-by-case look at your software licensing when you come to the cloud. However, there are a few general steps that can be taken right away to move you in the right direction.

  • Make sure you include SAM in your cloud planning process, working with both your CSP and the software publishers.
  • Review your existing licensing agreements and discuss with software publishers the rules about deploying software in the cloud. To help with this you could carry out a SAM baseline review which gives a complete view of your current product deployment and licences and how to optimise your software investments, including moving to the cloud.
  • Get new policies in place to make sure employees engage with new cloud services through the correct channels.
  • Review your existing cloud services to get the most out of them and remain compliant.

Key things to remember:

  • SAM is critical for organisations wanting to get the most out of moving to the cloud and should be an integral part of any cloud strategy.
  • Cloud computing offers companies a great opportunity to manage the cost of deploying software more effectively and monitoring who needs what software and when they need it.
  • Cloud computing means a fresh approach to IT, and a fresh approach to license compliance.
  • Traditional and existing software licences require special attention when moving to the cloud.
  • New policies will be needed to make sure you deploy new cloud services effectively.
  • SaaS introduces potential challenges related to unauthorised use and shelfware.