In-Depth

Meet SAM

For partners serious about protecting their IT investments, software asset management can be a smart move indeed.

• By Anne Stuart
• March 01, 2006

These days, time is just about every company's scarcest resource. Few executives are likely to look kindly on any activity that uses that precious commodity without generating revenue or cutting costs. So at first blush, undertaking a software asset management (SAM) initiative might well sound as if it falls squarely into the nice-idea-if-we-had-more-time category.

But SAM -- essentially, accounting for every piece of software your organization owns or uses -- can be well worth the effort, ultimately saving you a bundle of money. SAM specialist Cynthia Farren, founder and CEO of the Walnut Creek, Calif.-based consulting firm that bears her name, recalls one 2,700-desktop client company that saved more than $1 million over three years after implementing SAM. On average, Farren says, a 700-employee company can expect a SAM initiative to help it save about $200,000 annually, largely by giving its software buyers the knowledge they need to negotiate better deals.

What exactly is SAM? Farren describes it as a holistic approach to managing software throughout its lifecycle: "It's how a company plans for, acquires, deploys and retires its software." Microsoft, which launched a major SAM initiative last fall, says it's simply a process that "helps you recognize what you've got, where it's running and any licensing overlap."

Licensing, of course, is SAM's core, its raison d'etre. An effective SAM process can help companies identify which licenses are active and up-to-date, which have expired or are near to doing so, which should be revised or upgraded and which should be cancelled or replaced.

An effective SAM program can also uncover unlicensed software that, by accident or by design, has wound up in your company's systems. Finding and dealing with such software can help prevent another massive expense: the fines and legal fees that can result from charges of "software piracy." Just how big a bullet might you dodge? Take a look at these two real-life case studies:

• In January 2006, Burt's Bees Inc. of Durham, N.C., a manufacturer of personal-care products paid a $110,000 fine to the Business Software Alliance (BSA), an industry watchdog group, after a BSA audit turned up copies of Microsoft, Apple and Adobe software for which the company couldn't produce licenses.
• In 2004, NexPress Solutions Inc., a printer manufacturer headquartered in Rochester, N.Y., paid a $157,000 fine after the BSA discovered unlicensed software on the company's computers.

In fact, the BSA can levy penalties as high as $150,000 for each unlicensed software program its audits find, whether or not the companies were aware that such programs were in use. Those fines, of course, don't include companies' often-considerable legal expenses or the cost of obtaining legitimate software. (Most major software vendors, including Microsoft, are members of the Alexandria, Va.-based BSA, which estimates the industry's annual losses to pirated software at about $7 billion worldwide. Meanwhile, a study released by Framingham, Mass.-based IDC in December 2005 estimated that every 1 percent drop in software piracy would create $40 billion in new economic benefits worldwide.)

"Many companies are getting much more formal about processes on which they may have put a lower priority in the past." -- Robert Deshaies, Regional Vice President for Microsoft's Small and Midmarket Solutions & Partner (SMS&P) Group

None of which is small change. So, not surprisingly, the industry is now taking SAM seriously from all sides. The International Standards Organization (ISO) expects to publish its first global standards for SAM processes later this spring (see "Setting the Standard" below). Meanwhile, in November 2005, Microsoft began offering a SAM specialization as part of its Licensing Solutions Competency. By early February, 43 partners had qualified for the specialization, with nearly 75 more in the pipeline, according to a Microsoft spokesperson. In addition, the company maintains a well-stocked SAM resource center (for more on the new competency offering, see "More Information" below).

SAM: Why Now?
At the same time, "software asset management is far from a new doctrine," says Farren, a long-time SAM consultant who was among the first to earn Microsoft's new SAM specialist designation. Most companies have known for years -- although often just vaguely -- that they need to keep tabs on their software, which according to the BSA, can account for up to 25 percent of their total IT budgets. "We all know something should be there, we all want to do a good job at it, but [until recently], the issue was whether or not we dedicate the time to it," Farren says.

So what's prompted the recent burst of interest in the concept?

Setting the Standard Later this year, software asset management will officially morph from a fuzzy catch-all phrase to a clearly defined practice built on a set of formal standards that are recognized worldwide. The International Standards Organization (ISO), based in Geneva, Switzerland, will soon publish the business half of its new two-part global SAM standard. Officially known as ISO/IEC 19770-1, the standard's first part sets forth processes and procedures for SAM planning, inventory control and software lifecycle management, among other issues. That part is scheduled to take effect in May 2006. The proposed technical half, ISO/IEC 19770-2, remains in development and won't be final for at least two years, says David Dery, a Ph.D. candidate at the Ecole de Technoligie Superieure (ETS), an engineering school at the University of Quebec and the Canadian representative to ISO's SAM working group. The two halves will ultimately create consistent definitions of approaches to SAM, which Dery says will benefit manufacturers and customers alike. "The ISO standard will give us a common point of reference," he says. "Otherwise, we all think our reality is the only one." That group will accept comments on the proposed technical standard until March 31. For details on the standard, visit www.iso.org; comments may be sent to Dery at [email protected]. The SAM standardization effort, which began in Sweden in 2001, is being promoted by several industry groups. Among them: The fledgling International Business Software Managers Association (IBSMA), of which Microsoft is a founding member. -- A.S.

In a word: compliance. Companies of all types and sizes must now comply with requirements in a dizzying array of regulations enacted following a wave of corporate scandals a few years back. Large public companies in particular need to know whether their software provides the sufficient internal controls over corporate accounting that's now required by the Sarbanes-Oxley Act of 2002. "Many companies are getting much more formal about processes on which they may have put a lower priority in the past," says Robert Deshaies, a regional vice president for Microsoft's Small and Midmarket Solutions & Partner (SMS&P) Group and an executive sponsor of Microsoft's SAM outreach. In the course of updating those processes, companies may well find some surprises. They may uncover software that's too outdated to meet the company's current needs, software that's not being used to its full potential and even software that was purchased and never deployed, still sealed in its shrinkwrapped boxes on a dusty shelf someplace.

That's all on top of software companies launching their own compliance efforts -- that is, making sure their corporate customers are complying with their licensing agreements. Obviously, in all those cases, a company's knowledge -- about exactly what software it's using, where it originated and whether it's licensed -- can be a powerful advantage.

At the same time, Microsoft's own research indicates that few companies currently have comprehensive SAM processes in place. That's usually not because those companies are defiant software pirates, waving the Jolly Roger to taunt the vendor community, nor are they deliberately thumbing their noses at government regulators. As Farren puts it: "Most companies want to be compliant. Very few purposefully avoid it."

Instead, it often reflects a lack of understanding about software as an asset, says attorney Jenny Blank, the BSA's director of enforcement. "It's intangible, so they don't respond to it in the same way," says Blank, describing how companies often view their software investments compared to other purchases. "If they have three new employees, they'll buy three new desks -- but they'll just buy one copy of a software program and share it. When they do that, they're opening themselves to risk."

SAM 101 Here are some tips for tackling software asset management in your own organization: Start at the top. Almost every IT effort needs executive sponsorship, but C-level buy-in is especially critical with SAM, which often involves large expenditures and complex legal issues. Go wide. A SAM initiative's success depends on a strong strategy that's promoted, executed and enforced throughout your company. Pick a partner. Thanks to the new SAM competency, expert assistance is available within the Microsoft partner community. Partners can be found no the Microsoft SAM Web site. Choose a champion. Your in-house SAM manager should understand software licensing and serve as the point person not just for the initial project, but for ongoing work, problems and questions as well. Write it down. Craft a short, easy-to-read SAM policy that clearly spells out the rules and the consequences for violating them. Distribute it to all employees and have them sign forms indicating they've read and understood it. Automate it. Depending on your organization's needs and goals, invest in SAM tools that can stream-line inventory, integrate software expenditures with overall corporate purchasing, offer SAM-related security and monitoring capabilities or assist with patches and upgrades. Stay current. Software asset management is a perennial work in progress. Establish processes for conducting self-audits, renewing licenses and updating your software records, policies and processes. Then set regular deadlines for doing so -- and stick to them. -- A.S.

Myths About SAM
If there's one area on which all these SAM experts agree, it's that many companies harbor wrongheaded notions about how SAM works. Following is a sampling of common misconceptions:

Misconception #1: SAM is a synonym for "taking inventory." Not so, experts say. "You need to go way beyond a basic inventory process," says Microsoft's Deshaies. "You need an overall SAM strategy." Consultant Farren agrees. "One of the first things I hear from new clients is, ‘I already have software asset management because I bought [an inventory] tool," she says. "Inventorying is a necessary part of it, but it is not managing your software." Besides, she says, companies with such tools often fail to make good use of resulting information -- for instance, failing to check the inventory reports against their purchasing records. Bottom line: You should create an overarching strategy of which an active inventory process is an important part of your SAM process -- but just one part.

Misconception #2: Purchasing departments essentially handle SAM process by tracking corporate software purchases. Again, that's often not the case. In many companies, software buying is handled separately from all other corporate purchasing. "Usually, there are gaps in the process that leave company open to having something come in the door and not being deployed," Farren says. Often, she says, "there's no visibility from purchasing to receiving" because the company doesn't receive the incoming software shipment into its primary purchasing system. Purchasing agents can't track -- and probably don't even know about -- orders for which there are no records. In another common scenario, incoming software goes directly into a mailbox or onto a cart headed for the IT department -- and then vanishes without ever being formally received. In some cases, it may be installed without being recorded; in some, it's misplaced and never used; in some, it's simply stolen for home use or resale. Your best bet: As part of your overall SAM strategy, establish a foolproof way to capture and track all software invest-ments from initial purchase to final disposal. If possible, try to integrate that information with your company's main purchasing system.

Misconception #3: SAM is another business trend that's pure theory. Wrong again. There are plenty of practical, hands-on ways to start a SAM practice in your organization -- and most are easy to boot (see "SAM 101" above for more advice).

Microsoft recommends starting with this four-step game plan:

• Make a list. Yes, we've said SAM is more than just conducting an inventory, but that's still the logical place to start. With or without automated inventory tools, figure out what software you've got on every server, workstation, PC and portable device.
• Do a reality check. Match your inventory list to your license records. You'll get an instant snapshot of whether you've got too many licenses -- or too few.
• Lay down the law. Draft or revise your software-related policies and procedures. Distribute throughout the organization. Review and revise those documents regularly.
• Keep going. An effective SAM initiative isn't a one-shot deal; it's an ongoing effort. Set timetables for updating your strategy and plan. Create and maintain a centralized software- documentation library that's accessible to those responsible for licensing, compliance and other SAM-related function.

No question about it: Developing, launching and maintaining an effective SAM program takes a lot of effort. But for most companies, the payoffs from doing the job right justify moving SAM from that "if-we-had-time" file to one labeled "we must make time."