2. SAM’s challenges….
SAM = People, Process & Tools
How knowledgeable are you and your
team?
How effective are your processes?
How good are your Tools set?
3. Shifting Sands….
• Are legacy toolsets fit for SAM?
• Do you have 100% confidence with the data it gives you?
• Does your tool provide you with all of the information you need for SAM?
• Accurate Inventory – does your discovery tool have 100% coverage?
5. Vendor Audits are on the increase - % of organisations audited in the last 12
months
2014 – 68%
2013 – 63%
2009 – 54%
2007 – 37%
Survey Analysis: Software License Audit Surveys Show Shift in Focus and Intensity in 2014
6. The Main Software Vendors Performing Audits
Gartner – The Software Vendors that are Auditing now & what to do about it – Jan 2012.
7. Objectives of Vendor compliance programmes
Source – Software Compliance without Tears – Ernst & Young
8. The SAM market is evolving
• Past fairly easy to discover & inventory
what is on the PC’s & Servers
• Harder to understand licensing rules (each
vendor different)
• Reporting was a challenge – compare
inventory against entitlement =
compliance
Today
• New methods of application delivery
• Cloud
• Application Streaming / SaaS
• Complex Applications
• BYOD
• Thin Client
• Fast Changing environment
• Estate Growing / Shrinking
• New Applications
• Smaller IT resources
• Faster ROI requirement
9. Thin Client Devices (100) Server Farm
One device needs to use a new application which has
All 100 devices can access MS Project
Num. Licenses Needed
100
device-based licensing
(e.g. Microsoft Project)
10. Thin Client Devices (100) Server Farm
AccessCtrl allows Application Access on the Server Farm
Only the targeted device can access MS Project
No. Licenses Needed
1423675891024501300000
to be restricted by device
12. Certero’s Top 3
Recommendations…
Today
Next Week
In 6 months
Hardware & Software Inventory
Accuracy of Inventory
Periodic Self-Assessment
13. certero.com
Follow us on Twitter
@certeroUK
Like us on facebook
Certero
Join us on LinkedIn
Certero
Watch us on YouTube
CerteroInfo
Editor's Notes
I am not here to talk about the chances of West Ham united staying in the Premier League this season, however this was one of the first interesting photos that appeared when I was preparing this presentation and I wanted an interesting SAM image.
SAM has become a hot topic over the past few years, whether it is due to business cost saving initiatives or the drive for industry compliance. However whilst the industry knowledge is developing the SAM industry in my humble opinion is hitting some major challenges and it is becoming harder than ever to manage this essential and topical component of your IT estate.
Those of you who know me in the audience know that I am not a West Ham fan but I have been working in the SAM industry for close to ten years. During this time I have witnessed many changes, arguably one of the most important of these, is the change in attitudes and improved knowledge both from major software vendors and businesses. I find however that we are at another cross-roads, whilst knowledge levels have increased with technological changes compliancy and management of software, as with trying to keep your club in the Premier League - is becoming more challenging.
Of course it is hard to build an SAM programme or strategy if the data you are basing your decisions on is either not there or not reliable; Most of the traditional software inventory tools are strong in some areas, and weak in others. I would argue that many of the tools on the market today have been designed only to manage your ITAM requirements are whilst they may provide some of the information, in general they do not out of the box provide enough information for you to manage your software.
Now that’s quite a bold statement, so with a little of your co-operation lets test that statement:
Please raise your hand if you have a discovery or inventory tool
Keep your hand up if you are you 100% confident with the data it gives you?
Does your tool provide you with all of the information you need for SAM?
IS the tool deployed to 100% of All of your assets?
As an example, if your organisation uses AutoDesk’s software it is typically licensed in one of two ways – Network (Concurrent) or Standalone (Device). If you were audited by AutoDesk then they want to see the reports from your Network server and they for the Standalone licenses they want to see the installation data as well as a specific registry entry from the device. This registry entry contains the serial key used to install the software.
In reality none of your traditional inventory tools gather this data and therefore you would need to use another tool to gather this data. As this data is not available to you easily how are you going to manage your compliance position?
We completed an exercise for an large international client earlier this year and when our tool pulled back the serial key data it contained nothing but xx’s!! This was because the technical teams instead of installing the correct version and serial key had broken the protection and packaged up the application. Therefore regardless of the number of licenses owned every single installation is non-compliant with the vendor’s licensing rules and therefore a significant legal and financial risk to the business.
I read with interest a paper published by Ernst & Young earlier this year named IT Compliance without Tears. The survey found that when faced with increasingly complex IT estates and software contracts, companies are not always keeping track of all their software deployment. This ultimately means they’re less prepared for vendor reviews and may reduce opportunities to save money by transferring available licences to new users.
75% of respondents stated that Inadequate management of tools was their biggest challenge for managing compliance. Many organisations are attempting to manage their IT assets more effectively, but there are still barriers to be overcome. Three quarters of vendors say that inadequate management tools are a cause of non-compliance and half believe that customers’ management don’t pay sufficient attention to the whole issue of compliance.
I met with a customer only last week who has just had precisely this challenge. They currently utilise Centennial Discovery as their asset tool which has been used for many years. They know technically how to use the tool and have one “expert” managing it. Recently they had a licence review completed by a major vendor (Microsoft to be specific) the Centennial data which they have been replying on to judge their compliance position was not accurate it had a considerable amount of out of date devices and was not fully deployed to their entire estate.
The net effect was that it was a very expensive realisation that they could not simply rely on the data as being accurate. No matter what tools Licence Management or otherwise you add on top of your discovery tool the old adage of Garbage in Garbage out applies – it is critical to ensure the accuracy of the under lying data – my personal experience tells me that it is dangerous to assume or ignore the accuracy of the under lying data.
These are last years Gartner figures and are polled from the attendees at this event and the corresponding Florida event this time last year.
The Percentage of respondents reporting at least one audit has increased dramatically in the past five years. As an example in 2007, 35% of survey respondents said they had experienced at least one software vendor audit. These figures have gradually increased year on year to 65% in 2011.
I will look out with interest to the results of this years survey.
I was surprised to see that IBM, Adobe, Microsoft and Oracle appeared in the top five in the same order as in the previous years survey. IBM is still at the top of the list, but is auditing a slightly higher percentage than last year. This demonstrates a consistent programme is in play and as such if you are one of the 25% who had not been audited last year then I would recommend you get prepared – Just in case!
There are many reasons driving vendor audit requests and lack of compliance; every organisation will have a different experience. These are the Software Vendors own figures which were published in the Ernst & Young survey a few months ago – of course please note that the respondents could choose more than one option when asked what the objectives were for their compliance programmes.
There are of course some vendors trying to change how these engagements are perceived by their clients.
I regularly work with Microsoft who have developed a SAM Services scheme which is far more engaging and value add. Microsoft have three activities which you can pro-actively complete
SAM Baseline – Compliance review
SAM Assessment – Policy & Procedure Review
SAM Deployment – Toolset deployment & Review
The aim of this scheme is to be pro-active and engaging and as a result you can choose a partner to work with to help deliver this work. I would recommend the value of Independent partners. What I mean be Independence is partners who do not resell software licenses as in my experience you can have a conflict in interests – poacher turned game keeper. At the end of a completed engagement Microsoft will sign off against the work completed thus providing a 12 month certification.
Therefore by being pro-active you can avoid unexpected compliance reviews; but as I say not all vendors have adapted their schemes and in many way Microsoft is trying to create a new standard.
The SAM industry is having to evolve with changing technology and it is no longer good enough to simply reply on traditional “average” tool-sets to do the job.
Cloud computing is the latest industry trend, but how are you going to monitor your use of this technology to ensure you are only paying for what you need and that you have the correct licence agreements in place to allow you to use your software assets in this manner? Add to this other “new” trends with application streaming (SaaS) and BYOD or slightly more traditional technologies like virtualisation or thin client.
Your IT environments are changing faster than ever whether this is through growth or shrinkage – they are changing.
New Applications
Smaller IT resources
Faster ROI
For example if in a Citrix environment you deploy a application like in this instance Microsoft project then it is not licensed by the number of users.
The application is licensed by the number of devices which can potentially serve the application.
Of course technology does exist which will allow you to control the device which can be served with the application. In this example AssetStudio is being used to restrict the actual device which will use Microsoft Project.
If I as the user log on to a different device I will not be able to run the application.
As well as the restriction being in-place, AssetStudio will provide the evidence through its reporting that you have not breached this rule and therefore Microsoft or any auditor will accept this method of licensing.
The next generation of discovery tools must be able to deal with the different methods of application delivery and adapt to the fast changing environments. Modern tools must therefore be able to cope with pretty much everything you throw at them and be developing and improving to cope with the demands of tomorrow. It should not matter if an application is in the cloud, servicing a remote worker or delivered form a virtual environment.
Regardless of what toolset you use today or plan to use tomorrow above all you must have 100% confidence in the data that it is providing you with. It must cover your entire estate – PC’s, MAC’s, Linux, Servers, etc
Ask yourself if it is able to manage all of your applications whether this is Microsoft’s Office 365 or your Oracle estate, because if it does not matter what licence management tools you use to calculate your entitlement, if the underlying data is wrong your calculations will be wrong!
At Certero we believe we have developed the next Generation of IT & Software Asset Management Tools. We believe AssetStudio provides the best in class discovery and inventory to ensure that no matter where your software is we will manage it for you. Add to this the most comprehensive Licence Management solution on the market and you have a potent combination to make managing your IT and Software Assets easy.
So I have a few simple recommendation which I believe will help your business and reduce your financial risk:
Do you have a centralised database containing information about your hardware and software assets?
If so what percentage of the organisation does your this Inventory Cover?
How do you check the accuracy of the database?
How Often?
Have you every visited a PC to quality check your tool is accurate?
On-going & Continued Self Assessment
Do you have any processes in place to review the current SAM reports?
Do executive sponsors sign off SAM reviews?
Do you perform deployment and entitlement reconciliation of high risk software titles?
If your not going to do it then who is? As I am sure you will know there is expert help available in the industry, but make sure you vett any organisation or individual in the same way you would if you were getting someone to build you a house!
I am more than happy to take your questions
my team are in the room and are based for the next two days on stand x so please feel free to approach any of us:
Introduce Simon, Penny, Ivan
We are also joined by Liz Penning from Microsoft, Liz is head of the SAM Services Programme in the UK which I described earlier to you. Liz is located at our stand today – but sadly not tomorrow.