INTERVIEW: Steve Klos "Revolutionising the Identification and Management of Software"

16 June 2009
7 minute read
Best practice

INTERVIEW: Steve Klos "Revolutionising the Identification and Management of Software"

16 June 2009
7 minute read

Back in December last year Steve Klos provided me with a helicopter view of the international standard for SAM (ISO/IEC 19770) – the full article is here.

The second part of the standard, -2, is now nearing completion. I caught up with Steve recently and asked him how companies can get involved, what benefits they can expect as the standard becomes reality and how the TagVault initiative helps.

Q. What stage is the -2 standard at?
-2 is entering the final draft phase. Information regarding the process can be found here. The -2 standard is currently in the Stage 5: Approval stage.

Q. What is TagVault and how does it help with the implementation of -2?
The aim of TagVault is to provide tools, knowledge and services to the SAM eco-system to increase speed of adoption and normalized application of ISO/IEC SAM standards, lowering the overall costs involved in automating software asset management and increasing communication between all SAM eco-system members.

Q. What benefits can an organisation look forward to as the -2 initiative filters through the Industry?
End users receive many benefits with the implementation of 19770-2 software identification tags – all of these benefits ultimately lead to lower costs and more effective management of software assets. Benefits include:

  • Authoritative identification of software as specified by the publisher, not as guessed by an application recognition library
  • No concerns over miss identified software that can cause problems in an audit
  • For security concerns, the ability to filter all known software titles, all the way down to the file level to highlight unknown software installations
  • The ability to recognize the channel the software was targeted for (i.e. does your company have software installed that was supposed to be purchased by educational institutions).
  • Much greater reporting granularity
  • Authoritative and registered company names (meaning, you no longer have to create a query that attempts to cover all method used to specify a company name – that’s done for the customer).
  • Product classifications provided by UNSPSC categories
  • Product family relationships (i.e. find all products related to a backup or desktop management product family)
  • Identification of distribution channel and target customer (i.e. does the company have all software installed based on software targeted to volume channels {matching company policy} or are there other channels identified {retail, educational, etc}.
  • No need to normalize reporting data since that’s done as part of the tag creation
  • Recognition of what the publisher views as the software files indicating product usage
  • In general, customers get authoritative recognition of products. This is a fundamental need that you would think is done properly today, but is not. Two good examples – Microsoft’s SQL Server has two versions, one is bundled with other products and is free, and the other is a licensed version. Often recognition libraries cannot tell the two apart since there is no difference in the binaries. Likewise for Adobe, it’s not possible to know which edition of a product is installed, or if the product is installed as a bundle or not using a recognition library. With Software Tags (which Adobe now provides for all of the CS 4 product line), these can be determined easily.

The other detail that’s often overlooked is that when software discovery is done, often a huge number of executable files are returned. With software identification tags, all files related to “known” software can be easily filtered out of the returned list. I have a heavily loaded system due to my job, but doing a search for just .exe files in the program directory on my computer returns 1478 files. That doesn’t include other files that include the requirement for entitlements (fonts, PDF files, .com, .ocx, etc). Being able to remove known “identified files” where that list is created by the publisher is a huge benefit.

Q. How does TagVault fit into my existing software recognition, auditing and inventory systems? Will I have to start again?
TagVault.org is designed to be the certification and registration agent for 19770-2 software identification tags. Its purpose is to promote the use of tags and ensure software tags from all publishers use normalized values and that software tools will interoperate with software tags. The whole goal is to make the impact on customers as small as possible while ensuring they get a huge benefit! There will be no need to start again – using the latest releases of software tools, the data will simply be “authoritative” rather than a “good and logical guess”.

Q. What should an organisation be doing now in preparation for -2?
Software purchasers should be talking to their favourite analysts asking them how long software publishers will take to provide tags in their products. They should also be requiring software tags to be part of any software product they purchase, or renew maintenance on – this should be negotiated during the contract review or renewal time.

Basically, customers should demand that if a software publisher has the right to audit their installations, that software publisher needs to provide the information the customer needs to do their own audits and management at a reasonable cost – that’s the focus of 19770-2 software tags. For further clarity, requiring certified software tags as specified by TagVault.org ensures that the publisher is following the expectations specified by TagVault.org members.

Software publishers should be looking to add support for software tags into their development environments in upcoming releases. TagVault.org will provide tools, services and knowledge to make that happen faster and cheaper than if they try to tackle the issue on their own.

Additionally, having the ability to provide certified tags to the market shows that the software publisher is interested in providing the right level of information for the end-user required for effective software asset management.

SAM tool providers should look at moving towards a TagVault.org supported recognition library. Since TagVault.org can have tags created for existing as well as future products, the details in the TagVault.org repository can be used to retro-actively tag software and as an augmentation to any recognition library the tool uses. The fact that the open source community, software publishers and end-users can all provide software tags means that the library will grow in the fastest possible way since all submissions are immediately available to any tools using the library.

Further details regarding TagVault.org can be found here (Registration Required)

Have your say – do you think this model will make the identification and management of software easier?

Can’t find what you’re looking for?