If you’ve been assigned responsibility for sorting out that prickly mess called software, you might be asking yourself – Holy moley! Where do I start?
If you are a newcomer to managing software, may I offer you two pieces of advice? You might be feeling slightly overwhelmed by the enormity of the problem. If you want to sleep at night and not blow a fuse try to grasp two concepts:
1) You will never manage everything
Theoretically, with intellectual property law, every license is sacred and should be treated with equal respect. But I’m assuming you don’t have an endless pot of money for SAM and have finite resources. So we have to be a little pragmatic about things, as I have mentioned before, we have to pick our battles. Your job is to provide the best IT environment for your users, at the lowest cost, with lowest risk. As any good IT security professional will tell you, your job is about mitigating risk, not eliminating risk.
2) Your work is never finished
Your estate will always be in a constant state of flux. I have known (very occasionally) of SAM gurus that have left their company because they managed to ‘get it nailed’, got bored, and moved on. But on the whole just assume that the goalposts will always be moving. It’s at times like these you might say SAM is like painting the forth bridge, but it turns out the forth bridge is now finished, drat!
The 80/20 Rule
Ahhh, now we’ve got that out of the way, we can relax and get on with the task at hand.
The Pareto principle applies here; in that 80% of your financial burden and compliance risk is likely to be found in 20% of your software estate.
If you are starting out, you may be looking down the barrel of several hundred or several thousand different vendors. I would wager, that no matter what sort of organization you work for, the vast majority of the compliance headaches and money spent on software in your company could be found in the top 10 or top 20 vendors.
So in short, by carefully picking some vendors, you make a massive impact to the control, costs and risks of your software estate in a fraction of the time it would take to gain control of the whole estate.
Factors to think about when selecting your top vendors to focus on:
- Compliance Risk – Prioritize by compliance risk or likelihood of an audit (see this article for some suggestions: Vendors auditing most frequently according to ITAM Review readers in 2010 – Microsoft, Adobe, IBM, SAP, Attachmate)
- Spend – Total financial exposure (who we spend the most money with)
- Strategic Importance – See more about this here. How important to you are they as a vendor? Or to put it another way – if they threw their toys out of the pram and withdrew the use of all of their software in your business – would it be a showstopper?
- Events – Renewals on the horizon, look at any maintenance contracts or agreements that are up for renewal in the next 3 to 6 months. Preparedness is the key to software negotiations.
- Strategic Changes – changing platforms or technology stacks soon? moving to a new version of XYZ? moving away from ABC? It might be good to put these on your radar. Vendors are known to audit soon after you have dumped them, they like to retaliate after you have taken away their forecasted revenue. Similarly, exiting a site license or all you can eat agreement is know to trigger an audit – since the vendor knows you have gorged yourself at the trough of limitless software and you are likely to have little controls in place.
- Consolidation Opportunities – Is there an opportunity for a quick win by choosing one application and abandoning another similar but redundant application – whilst getting compliant and saving money?
- Gut feel – a bit of gut feel always helps – Asking your broader team might pick up some additional vendors to think about due to previous behaviour or events in the pipeline. Just be careful not to extend the list to far. Aim for 10, set an absolute maximum of 15-20.
- License Type – Sometimes it’s helpful to pick off some quick wins based on type. See table below:
Vendor License Type
|Volume Desktop||High quantity of low value installs||e.g. Adobe, Microsoft – usually a big $$$ number.|
|Premium Desktop||Low quantity of high ticket items||e.g. AutoCad, not many but expensive. Good opportunity for quick win.|
|DataCentre||Low quantity of high value items||e.g. If you can get access to this environment to audit properly – some big ticket items in here. Complex but big $$$ numbers.|
|High Risk||Low quantity, zero value but high strategic risk||e.g. Some zero cost items that might help you win friends and influence people with your SAM project. Service Packs missing, AV missing, malware, key loggers etc.|
|Minutiae||Everything else||That long list of ‘other vendors’. They are important – but let’s get these big Kahunas out of the way first.|
Trying to demonstrate compliance for every single piece of software in your organization can only lead to disappointment. In an ideal world every software publisher should be treated equally, but we don’t live in an ideal world with infinite SAM resource and infinite budget. Picking off big targets and delivering compliance will help build momentum in your SAM practice and justify further investment in dealing with the smaller vendors. All the process improvements, controls and benefits accrued managing the top vendors will naturally have positive benefits to all other vendors.
What happens once I have things under control or at least moving in the right direction for my top 10?
Sit back, crack open one of your favourite recreational beverages, and bask in your SAM glory….
…Then think about expanding your list. The top 10 could be the top 20 and so on. Look at what you’ve learnt and try to apply it to a larger group, whilst not losing the progress you’ve made on the top 10, keep it current.
About Martin Thompson
Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.
On a voluntary basis Martin a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
Learn more about him here and connect with him on Twitter or LinkedIn.