For partners serious about protecting their IT investments, software asset management can be a smart move indeed.
- By Anne Stuart
- March 01, 2006
These days, time is just about every company's scarcest resource.
Few executives are likely to look kindly on any activity that uses
that precious commodity without generating revenue or cutting costs.
So at first blush, undertaking a software asset management (SAM)
initiative might well sound as if it falls squarely into the nice-idea-if-we-had-more-time
But SAM -- essentially, accounting for every piece of software
your organization owns or uses -- can be well worth the effort,
ultimately saving you a bundle of money. SAM specialist Cynthia
Farren, founder and CEO of the Walnut Creek, Calif.-based consulting
firm that bears her name, recalls one 2,700-desktop client company
that saved more than $1 million over three years after implementing
SAM. On average, Farren says, a 700-employee company can expect
a SAM initiative to help it save about $200,000 annually, largely
by giving its software buyers the knowledge they need to negotiate
What exactly is SAM? Farren describes it as a holistic approach
to managing software throughout its lifecycle: "It's how a
company plans for, acquires, deploys and retires its software."
Microsoft, which launched a major SAM initiative last fall, says
it's simply a process that "helps you recognize what you've
got, where it's running and any licensing overlap."
Licensing, of course, is SAM's core, its raison d'etre. An effective
SAM process can help companies identify which licenses are active
and up-to-date, which have expired or are near to doing so, which
should be revised or upgraded and which should be cancelled or replaced.
An effective SAM program can also uncover unlicensed software that,
by accident or by design, has wound up in your company's systems.
Finding and dealing with such software can help prevent another
massive expense: the fines and legal fees that can result from charges
of "software piracy." Just how big a bullet might you
dodge? Take a look at these two real-life case studies:
- In January 2006, Burt's Bees Inc. of Durham,
N.C., a manufacturer of personal-care products paid a $110,000
fine to the Business Software Alliance (BSA), an industry watchdog
group, after a BSA audit turned up copies of Microsoft, Apple
and Adobe software for which the company couldn't produce licenses.
- In 2004, NexPress Solutions Inc., a printer
manufacturer headquartered in Rochester, N.Y., paid a $157,000
fine after the BSA discovered unlicensed software on the company's
In fact, the BSA can levy penalties as high as $150,000 for each
unlicensed software program its audits find, whether or not the
companies were aware that such programs were in use. Those fines,
of course, don't include companies' often-considerable legal expenses
or the cost of obtaining legitimate software. (Most major software
vendors, including Microsoft, are members of the Alexandria, Va.-based
BSA, which estimates the industry's annual losses to pirated software
at about $7 billion worldwide. Meanwhile, a study released by Framingham,
Mass.-based IDC in December 2005 estimated that every 1 percent
drop in software piracy would create $40 billion in new economic
"Many companies are getting much more formal
about processes on which they may have put a lower
priority in the past." -- Robert Deshaies,
Regional Vice President for Microsoft's Small and
Midmarket Solutions & Partner (SMS&P) Group
None of which is small change. So, not surprisingly, the industry
is now taking SAM seriously from all sides. The International Standards
Organization (ISO) expects to publish its first global standards
for SAM processes later this spring (see "Setting the Standard"
below). Meanwhile, in November 2005, Microsoft began offering a
SAM specialization as part of its Licensing Solutions Competency.
By early February, 43 partners had qualified for the specialization,
with nearly 75 more in the pipeline, according to a Microsoft spokesperson.
In addition, the company maintains a well-stocked SAM resource center
(for more on the new competency offering, see "More Information"
SAM: Why Now?
At the same time, "software asset management is far from a
new doctrine," says Farren, a long-time SAM consultant who
was among the first to earn Microsoft's new SAM specialist designation.
Most companies have known for years -- although often just vaguely
-- that they need to keep tabs on their software, which according
to the BSA, can account for up to 25 percent of their total IT budgets.
"We all know something should be there, we all want to do a
good job at it, but [until recently], the issue was whether or not
we dedicate the time to it," Farren says.
So what's prompted the recent burst of interest in the concept?
Later this year, software asset management
will officially morph from a fuzzy catch-all phrase
to a clearly defined practice built on a set of
formal standards that are recognized worldwide.
The International Standards Organization (ISO),
based in Geneva, Switzerland, will soon publish
the business half of its new two-part global SAM
standard. Officially known as ISO/IEC 19770-1,
the standard's first part sets forth processes
and procedures for SAM planning, inventory control
and software lifecycle management, among other
issues. That part is scheduled to take effect
in May 2006.
The proposed technical half, ISO/IEC 19770-2,
remains in development and won't be final for
at least two years, says David Dery, a Ph.D. candidate
at the Ecole de Technoligie Superieure (ETS),
an engineering school at the University of Quebec
and the Canadian representative to ISO's SAM working
The two halves will ultimately create consistent
definitions of approaches to SAM, which Dery says
will benefit manufacturers and customers alike.
"The ISO standard will give us a common point
of reference," he says. "Otherwise,
we all think our reality is the only one."
That group will accept comments on the proposed
technical standard until March 31. For details
on the standard, visit www.iso.org;
comments may be sent to Dery at firstname.lastname@example.org.
The SAM standardization effort, which began in
Sweden in 2001, is being promoted by several industry
groups. Among them: The fledgling International
Business Software Managers Association (IBSMA),
of which Microsoft is a founding member. -- A.S.
In a word: compliance. Companies of all types and sizes must now
comply with requirements in a dizzying array of regulations enacted
following a wave of corporate scandals a few years back. Large public
companies in particular need to know whether their software provides
the sufficient internal controls over corporate accounting that's
now required by the Sarbanes-Oxley Act of 2002. "Many companies
are getting much more formal about processes on which they may have
put a lower priority in the past," says Robert Deshaies, a
regional vice president for Microsoft's Small and Midmarket Solutions
& Partner (SMS&P) Group and an executive sponsor of Microsoft's
SAM outreach. In the course of updating those processes, companies
may well find some surprises. They may uncover software that's too
outdated to meet the company's current needs, software that's not
being used to its full potential and even software that was purchased
and never deployed, still sealed in its shrinkwrapped boxes on a
dusty shelf someplace.
That's all on top of software companies launching their own compliance
efforts -- that is, making sure their corporate customers are complying
with their licensing agreements. Obviously, in all those cases,
a company's knowledge -- about exactly what software it's using,
where it originated and whether it's licensed -- can be a powerful
At the same time, Microsoft's own research indicates that few companies
currently have comprehensive SAM processes in place. That's usually
not because those companies are defiant software pirates, waving
the Jolly Roger to taunt the vendor community, nor are they deliberately
thumbing their noses at government regulators. As Farren puts it:
"Most companies want to be compliant. Very few purposefully
Instead, it often reflects a lack of understanding about software
as an asset, says attorney Jenny Blank, the BSA's director of enforcement.
"It's intangible, so they don't respond to it in the same way,"
says Blank, describing how companies often view their software investments
compared to other purchases. "If they have three new employees,
they'll buy three new desks -- but they'll just buy one copy of
a software program and share it. When they do that, they're opening
themselves to risk."
Myths About SAM
Here are some tips for tackling
software asset management in your own organization:
- Start at the top. Almost every IT effort
needs executive sponsorship, but C-level buy-in
is especially critical with SAM, which often
involves large expenditures and complex legal
- Go wide. A SAM initiative's success
depends on a strong strategy that's promoted,
executed and enforced throughout your company.
- Pick a partner. Thanks to the new SAM
competency, expert assistance is available within
the Microsoft partner community. Partners can
be found no the Microsoft SAM Web site.
- Choose a champion. Your in-house SAM
manager should understand software licensing
and serve as the point person not just for the
initial project, but for ongoing work, problems
and questions as well.
- Write it down. Craft a short, easy-to-read
SAM policy that clearly spells out the rules
and the consequences for violating them. Distribute
it to all employees and have them sign forms
indicating they've read and understood it.
- Automate it. Depending on your organization's
needs and goals, invest in SAM tools that can
stream-line inventory, integrate software expenditures
with overall corporate purchasing, offer SAM-related
security and monitoring capabilities or assist
with patches and upgrades.
- Stay current. Software asset management
is a perennial work in progress. Establish processes
for conducting self-audits, renewing licenses
and updating your software records, policies
and processes. Then set regular deadlines for
doing so -- and stick to them. -- A.S.
If there's one area on which all these SAM experts agree, it's that
many companies harbor wrongheaded notions about how SAM works. Following
is a sampling of common misconceptions:
Misconception #1: SAM is a synonym for "taking inventory."
Not so, experts say. "You need to go way beyond a basic inventory
process," says Microsoft's Deshaies. "You need an overall
SAM strategy." Consultant Farren agrees. "One of the first
things I hear from new clients is, ‘I already have software asset
management because I bought [an inventory] tool," she says.
"Inventorying is a necessary part of it, but it is not managing
your software." Besides, she says, companies with such tools
often fail to make good use of resulting information -- for instance,
failing to check the inventory reports against their purchasing
records. Bottom line: You should create an overarching strategy
of which an active inventory process is an important part of your
SAM process -- but just one part.
Misconception #2: Purchasing departments essentially handle SAM
process by tracking corporate software purchases. Again, that's
often not the case. In many companies, software buying is handled
separately from all other corporate purchasing. "Usually, there
are gaps in the process that leave company open to having something
come in the door and not being deployed," Farren says. Often,
she says, "there's no visibility from purchasing to receiving"
because the company doesn't receive the incoming software shipment
into its primary purchasing system. Purchasing agents can't track
-- and probably don't even know about -- orders for which there
are no records. In another common scenario, incoming software goes
directly into a mailbox or onto a cart headed for the IT department
-- and then vanishes without ever being formally received. In some
cases, it may be installed without being recorded; in some, it's
misplaced and never used; in some, it's simply stolen for home use
or resale. Your best bet: As part of your overall SAM strategy,
establish a foolproof way to capture and track all software invest-ments
from initial purchase to final disposal. If possible, try to integrate
that information with your company's main purchasing system.
Misconception #3: SAM is another business trend that's pure theory.
Wrong again. There are plenty of practical, hands-on ways to start
a SAM practice in your organization -- and most are easy to boot
(see "SAM 101" above for more advice).
Microsoft recommends starting with this four-step game plan:
- Make a list. Yes, we've said SAM is more than
just conducting an inventory, but that's still the logical place
to start. With or without automated inventory tools, figure out
what software you've got on every server, workstation, PC and
- Do a reality check. Match your inventory list
to your license records. You'll get an instant snapshot of whether
you've got too many licenses -- or too few.
- Lay down the law. Draft or revise your software-related
policies and procedures. Distribute throughout the organization.
Review and revise those documents regularly.
- Keep going. An effective SAM initiative isn't
a one-shot deal; it's an ongoing effort. Set timetables for updating
your strategy and plan. Create and maintain a centralized software-
documentation library that's accessible to those responsible for
licensing, compliance and other SAM-related function.
No question about it: Developing, launching and maintaining an
effective SAM program takes a lot of effort. But for most companies,
the payoffs from doing the job right justify moving SAM from that
"if-we-had-time" file to one labeled "we must make
Following are a few selected resources for learning more about
software asset management:
- Microsoft Corp. - SAM
home page with definitions, instructions and ROI calculator
- Business Software Alliance
in Software - Home page has bulletins on progress of ISO’s
SAM standards work
- ECP Media
- SAM reports and seminars; information on International Business
Software Managers Association
2006 - May 1-2, 2006, Chicago. Sessions on license negotiations,
self-audits, compliance, enforcement and other issues.