NCC Guideline for IT Management: Software Asset and License Management Best Practice

1. Executive Summary

Software Asset Management (SAM) is a set of processes that enables organisations to gain control of their software estate from both a license compliance and financial perspective. Next generation SAM must include license management and optimisation to allow organisations to achieve the highest possible return on their software investment at the lowest cost. In many companies, SAM represents one of the few remaining ways that substantial IT savings can be realised. McKinsey and Sand-Hill Group estimates that 30% or more of It budgets are consumed by software license and maintenance costs. By adopting software asset management best practices, organisations can maximise software utilisation, reduce the risk of vendor non-compliance (audits, fees, penalties), to reduce overall IT costs by as much as 10% and software costs by over 20% per year.

SAM requires a combination of people, processes and technology to gain optimum efficiency – from both a risk mitigation and cost management perspective. The key to a successful SAM strategy is having the right people and resources in place to ensure that assets are managed and roles and responsibilities are clearly defined so that daily tasks are performed seamlessly.

Also critical is having the technology in place to manage the IT estate effectively – both to discover what hardware and software is installed and to have the ability to fully optimise the IT estate.

These guidelines will discuss some of the key challenges and pitfalls of SAM and examine some of the IT asset management best practices than can be adopted to ensure an effective SAM strategy is implemented throughout the organisation.

'Companies can expect to achieve 30% savings in the first year and between 5-10% annually with an effective Software Asset Management (SAM) programme.'’

2. What Are Software Asset Management and Software License Management Best Practices?

Software Asset Management (SAM) is generally understood as the process of maintaining software compliance or avoiding overspend on software licenses. However, SAM includes much more. It is a set of best practice processes that touch a great number of functions within an organisation. SAM process is a means of integrating optimised licence management with existing IT systems, such as Configuration Management/Inventory tools, enterprise Resource Planning, Procurement, Human Resource and service Catalogue/Helpdesk to allow the collection of the vast amount of data needed to effectively manage a software estate.

2.1 Cost Savings – The Number One Driver for an Optimised SAM Programme

“Companies can expect to achieve 30% savings in the first year and between 5-10% annually with an effective software Asset Management (SAM) programme.” – Gartner

This statement highlights the very real cost benefits to taking a ‘best practice’ approach to SAM. But, it’s not just from a cost saving perspective that optimised SAM makes sense. It resounds as a common-sense approach across the entire organisation that also increases operational efficiency and reduces risk.

‘An organisation should assess the key areas of risk. This could be based around specific software vendors with whom the expenditure is high or there is a strong likelihood of a software audit.’

Figure 1 shows some common industry facts taken from various sources, projecting savings on software for an IT estate of an average of 2,000 PCs.

Without taking into account the number of servers and PC’s, it’s clear to see that savings of £1m over a three-year period are potentially achievable by implementing an effective SAM programme.

Organisations know they have challenges in their ability to fully control all aspects of their It estate. However, the real problem is often knowing how and where to adopt improvements in control to achieve the biggest benefit.

2.2 Getting Started on a Best Practice-Based Approach to SAM

Taking a best practice approach, first and foremost, requires an understanding of the extent of the challenge. Common questions may include:

  • Do we really know how many PCs and servers we have and where they are located?
  • Do we know what software is deployed?
  • Are we counting our entire virtual or thin client infrastructure? Do we understand what we are purchasing?
  • Do we have adequate records of what we are purchasing?
  • Do we know what we are ‘allowed’ to use?

Adopting some practical methods for addressing and improving asset control is required, yet companies often mistakenly try to tackle all aspects at once. An organisation should assess the key areas of risk. This could be based around specific software vendors with whom the expenditure is high or there is a strong likelihood of a software audit. Alternatively, the decision could be based around certain contract renewals. Any of these areas are a good place to start. Reducing the problem into manageable chunks offers a much greater chance of success.

Taking on a best practice methodology at the right level in the organisation is also a key factor. If there is no adequate executive-level backing, then adopting SAM can become a largely ineffective strategy. Because SAM is a matrix of processes, taking an holistic look at all key business areas and identifying practical ways to adopt change can only be successful if those responsible for identifying gaps are given the support and backing at a senior level. Ultimately, SAM requires change to be facilitated across a broad set of business functions within the organisation.

2.3 How to Use These Guidelines

The following section will look at assessing current process maturity levels and identifying the process gaps within to ascertain where the strengths and weaknesses lie. once the current maturity level of SAM is identified, an organisation can begin designing and adopting a methodology for improvement. the subsequent sections will cover SAM best practices, license optimisation and mitigating license liability risk areas.

3. Analysing Current SAM Processes and Maturity Levels

To implement a programme that manages, controls and protects the organisation’s software assets, it is necessary to understand the maturity and effectiveness of existing SAM processes.

By reviewing the policies and processes already in place, an organisation will be able to identify areas of failure or missing resource. this in turn will facilitate corrective action to reduce the risks associated with the management of IT assets and adoption of methodologies for improvement.