Software Asset Management - 2011

What is it about 2011 that makes me think...we have officially reached "the future"? 

Is it just that I'm now so old that when I thought forward to the future it was anything after 2010? Probably...but since old age seems to keep growing further and further away from me as I age, I refuse to accept that as the answer, LOL! 

What will happen to Software Asset Management in 2011? My crystal ball is far from perfect but I'll take a stab at predicting this year anyway... 

Software audits rise - sorry, I know you've been hearing that threat for years but based on what I've seen so far in 2011 I think you can count on it as a fact. As the economy (and therefore companies) see an improvement I think you'll find publishers starting to come forward to find out what you have (and haven't) been doing in the past couple of years. They know you've been spending less money with them, so they want to make sure you've been licensing appropriately. Software audits are expensive (even if you're fully compliant and don't have to buy anything), so before you respond please reach out to us to see how we can help! 

Cloud Computing continues to grow and initially companies will manage these in a decentralized fashion (you buy it, you manage it). Hopefully some will remember lessons learned from the past and have these managed centrally by their Software Asset Manager. When I spoke on this topic at the IAITAM Conference two years ago there was a lot of uncertainty from Software Asset Managers as to who owned this responsibility - frankly the role that owns it is the role that steps forward to take control of it. My suggestion is that a saavy SAM Manager will realize that they add value to this function and this function adds value to their position. If you don't have your controls in place for managing Cloud contracts, please talk to us about appropriate processes and controls. 

The role of the CIO will become more ambiguous. OK, so this isn't SAM but it is important to SAM. I think we are clearly seeing the assimilation of IT into the whole of the business. Regardless of industry, IT is critical to all areas of the business and business owners are going to want more control of it. While a certain amount of centralization and segregation of duty is imperative to maintain controls and manage cost, I will not be surprised to see the role of the CIO disappear. However; on the flip side, I think you will start seeing more former CIO's transition into the role of the COO (possibly a natural evolution as CIO's have long been advised to become intimately familiar of all the business units they are serving). If this transition does take place, you might well see the role of SAM Manager follow suite (especially if the SAM Manager has taken on the Cloud Computing aspect). 

Is my crystal ball failing me or do others see the same? Let me know! 

One thing I do know for certain is that Cynthia Farren Consulting will launch an updated website in 2011 (OK, I cheated...since it already launched earlier this month). We tried to simplify matters and provide more valuable content - let us know how we did!

The Timebomb - IT Backoffice Applications

We seem to spend so much time focusing on desktop licensing and trying to get that right...but frequently it is our IT backoffice applications that get us into trouble.

Despite change control on our desktops and servers, it seems that we continue to find an abnormally high number of IT management tools that are underlicensed. This is also an area where we find a lot of functionality redundancy.

IT will police the end users, but typically no one is policing IT's software. Here are some common costly issues we see at new customers:

Symantec NetBackup - it may be part of standard operations to automatically cover new servers by the technology but where is the automatic purchasing of the necessary additional licenses? Also we frequently see resellers selling the Express program licenses, even when the customer is already a Rewards program customer - make sure you're getting the benefits of your overall Symantec spend on each purchase.

Development/Test/Disaster Recovery - typically all of these instances require licensing. Make sure your servers are licensed appropriately, don't assume you can build a Test server and not license it!

Imaging/Virus scan/Desktop management - yes these are all standards of doing business but frequently they don't get reviewed to ensure that sufficient licenses exist to cover usage.

Client Access Licenses - if you're running Microsoft Windows server, each user or device requires a CAL. If you then add Sharepoint on that server, you also then need a CAL for that. If you're running SQL server to support Sharepoint, you need a CAL or a processor license for SQL. The list goes on and on...if you're using the resources of the server chances are there is a corresponding license requirement. This typically falls to IT to manage.

In short, make sure you're looking at licensing requirements on your IT management apps as well as your end-user apps.

As always, if you need help - let us know!

What Your Software Inventory Tool Isn't Telling You!

Hopefully by now you've realized that in order to manage your software (or other IT assets) you need to have an inventory tool. As you will know from my other posts, you can't stop there...but it is a good place to start.

However; you need to understand your tool and how it reports data to you. Otherwise you might get an ugly surprise later on down the road when you find software installed on your systems that wasn't showing on your reports!

Inventory tools have a database of software titles associated with publisher and typically associated with a flag to indicate if it is licensable software (versus freeware, etc). The completeness of this database is the biggest value to you of the tool. With most tools if an executable is not in this database than it gets grouped into a "Misc" category and will fall into an exception report, a "catch all" report or might not be reported at all.

This could include new releases from publishers or simply publishers that your tool publisher doesn't categorize. These "unidentified" programs can cause you a lot of headaches - from a security, licensing and support angle.

Most inventory tools are updated on an ongoing basis as the publisher becomes aware of new software, but if you're not keeping current on your maintenance with that software you might not be getting this updated information.

Protect yourself - keep your maintenance current on any inventory tools you use, check the frequency of the tool publishers updates and include a check of "Misc" or "Catch All" software reports in your Software Asset Management process.

Additionally, if you are concerned about potential risk in this area you might want to consider having all of your software identified. Software ID Technologies has services that will identify all software in your environment. We've teamed with them on a number of engagements and they do a good job of taking the mystery out of those "unidentified" applications.

Digital Asset Management - Respecting IP and Staying Out of Trouble!

Intellectual property rights cover a wide spectrum, and while I typically talk to software licensing IP - I don't want to overlook other forms of digital IP that can place an organization at risk if used improperly.

Just because something is available in digital format doesn't mean it can be readily copied, shared or paraphrased. Check those licenses! The hard part is that the digital format frequently makes it that much easier to do something wrong when it comes to IP.

It cost this California company $300,000 because they were internally distributing "press packages" that included unlicensed copies of articles. This was not an intentional act, it was a mistake made by someone who didn't know better...could this happen to your company?

I attended Scott Bain's (SIIA's Litigation Analyst) presentation "Reduce Legal Risks by Managing Digital Content" in June at ECPweb's SAM Summit 2008 in Chicago - a terrific presentation and education for me (I try to be very aware of potential IP issues...but I found that even so I had unknowingly acted illegally in the past when it came to digital piracy).

Let's think about some common examples of potential piracy: Music or Video's stored on your corporate network, subscription based content forwarded through e-mail or stored to the network for others to use, excerpts from e-mail newsletters that you copy and send to others...the list goes on.

I'll let you in on my guilt...like most professionals I get a number of newsletters e-mailed to me on a regular basis. Before I had it pointed out to me that it was wrong, I would think nothing of copying the full contents (author, etc) of an article and sending it to someone I felt would be interested. The problem - those e-mail newsletters are sponsored by companies that pay to have people see their ads...but circumventing the advertising I was cheating them. If you want to share, use the built in mechanism most newsletters have to "Share with a Friend", or send the link to the owners website so the person you're sharing with can access the source. Better yet, check the license terms for sharing the content.

There's a great educational site by the SIIA to help you and your employees make the right choices (www.AskBeforeYouAct.com). Digital assets are a bit tougher to monitor than software assets, but they are every bit as important to manage them appropriately.

Common Ways a Company Becomes Non-Compliant

Over the years I've worked with a number of companies and what has become obvious to me is that - it is rare that a company knowingly pirates software.

So, how do so many companies become non-compliant on their software agreements?

1) Lack of proper processes (and adherence to those processes) for software acquisition, deployment and retirement.
2) Lack of a good asset inventory tool that will accurately and easily report on what is installed.
3) Lack of records of what is owned.
4) Misconception or lack of knowledge of product use rights.
5) Misconception or lack of knowledge of volume licensing agreement rights.

Of all of these, I find the last two to be the most universal and it's a combination of misconception and lack of knowledge. Of the two I find misconception the most dangerous...because the company thinks that they're doing things right so they never ask for help.

How do the misconceptions happen? Generally, through outdated knowledge or guesswork.

Some things to be aware of:

1) Different use rights exist for different versions as well as different forms of acquisition.

For example, Microsoft 2007 software (Office, Server, Operating System) acquired OEM normally does not allow for downgrade; however, if acquired through Open, Select or Enterprise it normally does allow for downgrade. This was not always the case, in the past it had been allowed...was it allowed when you did it? Reference - http://download.microsoft.com/download/d/2/3/d23b9533-169d-4996-b198-7b9d3fe15611/downgrade_chart.doc). How were you planning to handle those OEM Office 2007 that are coming in the door? Were you going to downgrade those to 2003 until you're ready to upgrade?

2) Test and Development servers need to comply with product use rights same as Production.

3) Your Developers may have the "Professional" version of the software for development purposes but not be licensed for those for business use - be careful what's being installed on their production machines.

4) Vendors selling you a solution dependent upon another companies technology may not always provide you with full/accurate information about the licensing requirements...do your homework.

5) Client Access Licenses - in general if you're using the resources of a server, you need some form of client license for each user/device. Watch this carefully, it's the most common problem we find.

Just to name a few...

So, how do you keep up and still do your job? Frankly, you don't. You bring in professionals to educate you and provide you with documentation from the publisher supporting that education (do not rely on anything else...if a problem comes up, you're the one holding the bag) which you retain in a centralized location until those licenses (and their future upgrades) are no longer in use.

Questions? Comments? Would love to see them...

Startups and Small Companies Exempt from Buying Software?

I was at a CFO conference last month and had an interesting discussion with another attendee over lunch one day.

This attendee (we'll call him Jeb) is the CFO of a small firm in California. This is not his first time at being a CFO and is an intelligent, articulate gentleman who endorses an entrepreneurial spirit within his company.

The conversation started out the usual way with him asking what my firm does (Software Asset Management-SAM) and then asking a variety of questions about how SAM benefits companies. The conversation then turned towards compliance and he shared that a former company had been audited by the Business Software Alliance (BSA) right before he had gone to work for them and had been fined due to inappropriate use of software licenses. He described some of the financial and operational pain the company had experienced as a result of not being properly licensed.

Finally, the conversation turned to the financial impact of outfitting an organization with software licenses. Being a business owner myself, I could definitely commiserate with Jeb over the costs to properly outfit an organization. However; I was amazed to hear him share his viewpoint that start ups and small businesses shouldn't be expected to license every computer.

Frankly, I was blown away. Here was an intelligent, financial professional stating that companies should be allowed to break the law, steal intellectual property, and essentially mis-state their financial earnings (when you realize that they wouldn't be including a major cost to doing business...buying software).

Desperately trying to stay off of my soap box, I raised these issues with Jeb. I tried every logical argument to try to have him understand how integrally unethical his viewpoint is...I hope I at least gave him something to think about. Unfortunately, he's not alone in his viewpoint...can someone please explain to me how you can morally or ethically justify software piracy?

Weeks later and it still amazes me...