Content

What can software asset management do for me?

‘It is an irony of modern business that directors pay more attention to the control of assets such as company cars than they do to the management of business critical investments such as IT.’ So says George Cox, director of the IOD. An irony that deepens further still when you realize that many organizations spend more each year on software than they do on their vehicle fleets.

While most IT Directors would claim to know exactly how many PCs they had on the network, the reality according to Gartner is that 70% of organizations have up to a 30% discrepancy between expected and actual IT inventories. Delve deeper into a company's IT inventory – specifically the software – and the gap is likely to be even bigger.

Recent research undertaken by Centennial Software discovered that while 61% of IT managers believed they knew exactly what software was installed on each PC across the enterprise, the same figure had not conducted an IT audit in the last three months, if at all.

Software Asset Management

The immediate reaction of many who learn about Software Asset Management (SAM) for the first time is to see it as another way of saying 'Software License Compliance'. But, while compliance is inevitably a part of SAM, there is much more to it.

SAM is about managing assets to support the business goals; ensuring that the organization is not over-spending on software, that it is actively minimizing the legal risks of unauthorized or illegitimate copies and that the IT department has full visibility of the corporate network.

Cost control

The BSA (Business Software Alliance) claims that it is twice as costly to get compliant (if you include the damages and cost of purchasing new licenses) than to buy the right number of licenses in the first place.

But it's not just under-purchasing software licenses that can cause problems. If you don't know precisely how many PCs you have on the network, what software they have installed and how often each of those applications is accessed, then you won't be able to identify whether the software in the organization is being used effectively.

Having accurate and up to date information on software usage patterns will allow you to control your costs and will put you in a better negotiation position when it comes to renewal time, or when a user asks you for new copies of a licensable software package to be installed on his PC.

Gartner states that organizations that fail to integrate software usage and inventory data to manage their software assets will overbuy licenses for 60% of their portfolio and will be out of compliance on 30% of their portfolio. Either way, the company risks losing out financially.

Legal risk management

The ease with which software can be downloaded and installed from the internet or cover-mounted CDs, combined with a proliferation of pirated software on the market means it is easier than ever to introduce a legal risk to the network. What may at first appear to be shareware or legitimate licensed software can, unfortunately, often turn out to not be so.

A regular audit, combined with a centralization of software purchasing, ensures that the IT department knows what is on the network and can spot if unauthorized or potentially dangerous software is installed on a PC or server.

An effective SAM strategy can also help organizations address the risks associated with particular file types – notably video and audio files – which, in addition to wasting precious storage, can often present a copyright risks to the network owners.

Network security

Tracking the software on the network can help dramatically improve network security. For example, when a critical vulnerability alert is released for a particular application, those organizations with a full and up-to-date IT inventory will be able to see at a glance which machines are affected and where they are on the network. Armed with this information, administrators can quickly decide to deploy a patch (if available) or even quarantine the affected PCs from the network.

Similarly, managers can use audit reports to check for software known to be 'dangerous' such as file-sharing or internet messaging applications.

Discovery comes first

So where do you start? It's easy to be frightened off SAM by the perceived enormity of the project and the disruption likely to be caused to the wider business. Thankfully, the reality is quite different.

By choosing an effective network discovery solution, any concerns are easily answered and suddenly the cost, risk and efficiency benefits of SAM make the project a 'must-do' rather than a nice-to-do.

The first step of any SAM project is to perform a software inventory. You need to know what you have and where it is before you can manage it. Only by knowing what programs are installed on which computers and how many computers your organization has (desktops, laptops, servers, printers, firewalls and switches) can you decide what changes are needed to best suit business requirements.

An accurate inventory will help administrators establish:

  • Are we using the most recent versions of the programs we need?
  • Do we have any unused programs that can be removed?
  • Do we have a licensing shortfall on any applications?
  • Are there any PCs or laptops that are not being used?
  • Does every employee have the right software to meet their needs?
  • Is the software installed on each machine being used regularly?

And with an inventory tool it is even easier than you would have imagined to create a quick, efficient and accurate IT inventory. What's more, by tracking not just PCs and servers, but all IP-addressable hardware devices and even individual file types. Some products offer not just software asset discovery, but full network discovery.

Benefits for the IT department

Anything that makes your life easier when managing software has got to be good news. Once you have got a full view of your IT assets, you are then in a position to start controlling and managing them effectively. With the accurate inventory data you get from your audit you can then do a license reconciliation to see whether there are licenses you need to purchase or redeploy. And once you have got compliance you need to keep doing regular audits to make sure that you stay compliant and can prove that you are.

Benefits for the business

Establishing an effective SAM strategy will mean that you can be sure that your IT assets are being managed throughout their lifecycle (which can reduce IT asset costs by as much as 30% according to Gartner). You will also be sure that you IT department's future planning is more effective by having a clear understanding of current requirements. And you'll know that you have competitive advantage because your IT team will be able to make better quality decisions about how to use their IT budget, based on facts rather than educated guesswork.

Matt Fisher is VP of Marketing, Centennial Software

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.