WIXLIB

FlashpointSoftware asset management (SAM)Getting smart about a new engine for IT business value

Flashpoint Software asset management (SAM)Making sense of your enterprise softwareAs top information technology (IT) leaderscontinue to feel the pressure to unlock valuefor the business, some have turned theirattention to one of their biggest IT budgetitems: software. For many companies,software licensing and maintenance activitiesconsume close to 22 percent of the ITbudget1—thanks to the ever-expanding roleof software.In an era marked by increasing amountsof digital data, an emphasis on processautomation, and the importance of apps,software has become an enabler ofefficiencies. But given the massive rolethat software now plays in the enterprise,software itself has become a prime targetfor efficiency efforts. Many enterprises lacka clear view of their software asset picture—failing to know the quantities of licensesthey own and failing to understand theactual extent to which they have deployed1.2.To begin bringing the software picture intobetter focus, CIOs are turning to softwareasset management (SAM) practices—coordinated, comprehensive programsand policies that seek to control softwareexpenditure, capitalize on volume discounts,avoid noncompliance with licensing contracts,and deploy software more efficiently.maintenance spend.2 The SAM approach alsocan help improve the budgeting process,boost financial controls, curb cyber risk, andhelp reduce audit concerns.An effective SAM approach requires morethan updating your catalog of software andformalizing processes. Organizations thatintend to leverage SAM as a driver of valueand performance should understand thatmanaging software assets in today’s fastchanging IT environment requires a deepunderstanding of the issues. Here’s a look ata few key issues emerging with SAM.It’s an approach that can help avoid costsand align spending with consumption—whichcan free up financial resources that can bereinvested in business activities and helpmake a SAM program self-funding. Suchsavings can be significant. For example, insoftware license assessments performedAbout Flashpointsby Deloitte, clients had unrealized costEvery day brings new ideas andsavings averaging 23 percent of their annualpossibilities to the Technology, Media, andTelecommunications sectors. Flashpoints isyour tool for gaining the context you need toIT Metrics: IT Key Metrics Data. Gartner, Inc. December 14, 2015make sense of these critical developments—Deloitte Advisory results and analytics related to cost savings/avoidance come from a dataset composed of roughly one thousandsoftware license assessments performed across 20 countries between 2009 and 2012. Included data was normalized, removingas they emerge.outliers and calculating values at contracted prices2software. That incomplete view can lead tounderutilization as well as overutilization ofsoftware licenses.

Flashpoint Software asset management (SAM)Key observationsConvergence with IT asset/service managementAn opportunity to tightencybersecurityThe discipline of SAM is rapidlyconverging with IT asset andservice management disciplines,offering a more comprehensiveview of activities as well as newcapabilities for IT leaders.Without an effective SAMprogram, some software canremain hidden from the viewof IT leaders—meaning thatthe organization might not bepatching, updating, or securingit properly to reduce the risk ofa cyber intrusion.3When others manage theinfrastructure: movinglicenses to the cloud,outsourcing data centersDespite the simplicity promised,cloud activities and data centeroutsourcing can presentcomplex challenges for SAM.Missteps could result in yourorganization operating in anunlicensed environment.Software as a service:subscription modelconsiderationsA subscription model can offerhassle-free access to softwarewhile reducing licensing risks.But you might be overpayingand getting more than what youreally need, failing to considerthe full costs and benefits.

Flashpoint Software asset management (SAM)Convergence with IT asset/service managementAs organizations continue to emphasizemanaging IT like a business, efforts areintensifying around IT asset management andIT service management. Within organizationstoday, new sets of policies and proceduresare emerging to give leaders as well as rankand-file workers guidance on how to ensureIT operations run efficiently. The discipline ofSAM is rapidly converging with IT asset andservice management disciplines—in partbecause new automation tools make it easierfor businesses to integrate efforts and seeacross IT activities.The result is that changes to the ITenvironment are no longer looked atjust from the standpoint of security oroperational efficiency. Increasingly, changesto the environment are viewed also throughthe lens of vendors and licenses. The trendis especially obvious when it comes topatch management, which touches on thetraditional security aspect of IT managementwhile heavily involving licensing and relatedconcerns that come with putting in place newor updated software.4On a deeper level, what the convergencemeans is that workers increasingly will havethe ability to manage SAM needs withinthe same platform they use for traditionalIT asset/service management. And thatconvergence helps support new possibilitiesfor managed services or centralizationof efforts—freeing some organizationsfrom the burden of having to be SAM or ITmanagement experts, helping them to gaina more comprehensive picture of softwareassets, to optimize software activities, andto reduce or avoid related costs. Such newcomprehensive capabilities can be especiallyhelpful when the organization is trying toalign software asset status with ever-changingproduct names and license-countingmethodologies from vendors, or when thesecurity team needs to rapidly pinpoint whichapplications have been patched.Ultimately, the convergence and relatedfunctionality mean that organizations cansupport integrated governance aroundsoftware assets, boost their compliance, andhelp reduce the risk of audit.The discipline of SAM is rapidlyconverging with IT asset and servicemanagement disciplines, offering a morecomprehensive view of activities as wellas new capabilities for IT leaders.

Flashpoint Software asset management (SAM)An opportunity to tighten cybersecurityNot knowing what you have is a risk. Andwhere there is software, there is the potentialfor security breaches. But given today’schaotic enterprise software landscape, CIOssometimes don’t know what they have. Forexample, it’s not unheard of for the CIO tobe completely unaware of the existenceof an entire data center within his or herorganization.organization. Where do you have data andwhere is it even possible to have softwarerunning? How complete is your view of thehardware on which software runs? What willit take to develop a comprehensive, contentrich, data-rich portfolio that multiple teamsor functions within the organization canleverage? Determining thoroughly where allyour software assets lie allows you to defineyour cyber perimeter and then fortify andSuch “hidden” operations can representdefend it through regular patch managementsignificant instances of software that areactivities and proactive monitoring, foreffectively off the radar of leadership—andexample. Also consider developing a formalpotentially not being patched, updated, orrequest process so your IT organization cansecured properly to reduce the risk of a cyber vet software that business units might wish tointrusion.acquire.Consider developing a complete catalogof software that has been approved froma functionality perspective as well as asecurity perspective. A SAM approach canallow you to inventory assets so that youcan then ensure that they are secured.3Getting started involves a data inquiry aswell as a “corroborative” inquiry within yourThe “SAM and security” approach alsorequires you to look closely at your virtualdata centers, too—to know the number ofvirtual machines and software stacks in playand to place security protocols right on topof a virtual machine each time a new one iscreated.3. Minimizing the threat landscape through integration of Software Asset Management and Security. Deloitte. ml.5As the virtualization trend continues, yourorganization might continue to undertakemajor digital transformation efforts, allwhile complying with changing regulatoryrequirements around data practices.Consequently, your software and softwarevendor landscape can become even morecomplex, requiring you to focus continuouslyon defining and securing the “fence” aroundyour software assets as well as investing inyour cyber risk framework.Without an effective SAM program,some software can remain hidden fromthe view of IT leaders—meaning thatthe organization might not be patching,updating, or securing it properly toreduce the risk of a cyber intrusion.

Flashpoint Software asset management (SAM)When others manage the infrastructure: movinglicenses to the cloud, outsourcing data centersMoving business functions to the cloudoffers many organizations an opportunityto simplify their operations. Why develop ITinfrastructure and platforms in house when acloud provider can do the work for you whilealso overseeing maintenance and upgradeneeds? Despite that simple premise, cloudpresents some complex challenges whenit comes to SAM. What you don’t know canlead to missteps and possibly result in yourorganization operating in an unlicensedenvironment.If the idea of working with a cloud providerto get infrastructure/platform-as-a-servicecapabilities and essentially “migrate” yourexisting software applications to the cloudappeals to you, you should recognize thata bring your own licenses (BYOL) approachrequires a deep understanding of what yoursoftware licenses actually entail. In BYOLmodels, companies can choose to “certify”that they already have end-user licenses thatcan be hosted in the cloud.In such a scenario,companies can create their virtual solutionsin the cloud in the same manner they would6in a software as a service (SaaS) model. In thisexample, both the third-party hosting (cloud)provider and the company take on licensingrisk.Many software vendors have included in theircontracts restrictions that address whethera license can be used on premises or offpremises. Moving to the cloud to addresshardware infrastructure or platform needsdoesn’t mean that your licensing issues—such as the potential for violations andpenalties—go away. Restrictions remain thesame and in many cases issues can becomemore complex if, for example, a cloudprovider instantly scales up infrastructurefrom, say, eight servers to 16 servers to meetgrowing demand from your software userbase. Having a cloud-readiness strategy thataddresses SAM complexities is essential.Likewise, when it comes to the outsourcingof data centers, realize that serviceproviders are more focused on service levelagreements—on keeping hardware up andrunning to meet your needs—than theyare on tracking license issues that mightemerge when they make hardware changes.Ultimately, as you work with cloud or datacenter providers, SAM issues will be yours tooversee and manage.Despite the simplicity promised, cloudactivities and data center outsourcingcan present complex challengesfor SAM. Missteps could result inyour organization operating in anunlicensed environment.