Stopping enterprise SAM risks in organisations, permanently

Summary

Most organisations today have faced software audits, resulting in costly settlements and disruption to the business. Post settlement the software products are compliant, so why do these products fall out of compliance again? While we have many ways to address licensing compliance issues, they do not fix the root cause of enterprise license compliance. Only by controlling demand for software through the full Software Lifecycle can we end risk permanently.

Overview

Organisations face an extremely difficult and complex task of managing software licences on a day to day basis. The goal of getting and keeping a product compliant is difficult due to the notion that using SAM tools to discover software is the most effective way to achieve the goal. Unfortunately, this is only half the battle.

Key issues

• Organisations are relying on Software Asset Management discovery tools to manage compliance risk.

• Discovery is only half the battle, to stop high risks from being deployed we must control the full software lifecycle.

• Enterprise software supply chains in organisations are difficult to navigate and influence.

Recommendations

• Implementing an enterprise software request portal for all server and cloud based software.

• Use effective Software Asset Management governance to ensure all software enters the estate as licence compliant.

• Review Astute LDMs technology for these tasks.

Analysis

IT organisations are faced with a challenging task in ensuring the software products that runs its business are license compliant. It becomes even more challenging when we consider we not just have to get a product compliant but also keep it that way.

Traditional SAM programmes are tailored to the question "what is my risk". The goal is to purchase, deploy and use SAM discovery tools such as Flexera's FNMS, to find and identify software that has been deployed. Once organisations know what the licence compliance risk they have is, they can mitigate through settlements or consolidation activities. The product is then licensed and compliant, the goal has been achieved.

Unfortunately while this is effective in dealing with the current risk, the root cause of the problem has not been resolved, which is what caused the compliance risk in the first place. As such, it's highly likely the product will fall out of compliance once again in the future, if it has not already since the last count.

To keep our software products compliant we must mature our SAM programmes past compliance in terms of what is being counted by our discovery tools, to a point where we are controlling the full software lifecycle. Astute LDM provides world class governance build into Astute PACT, the enterprise software request platform, to ensure that once a request has been made, your licensing team can follow the workflow governance model and ensure the software is deployed as known compliant. By controlling the software lifecycle from request, and not discovery, we end compliance risks entering the estate.

Effective software governance should ensure that you ask the following of each request, from the outset:

· Is this software right for the organisation?

· What risks already exist with this publisher?

· Do any spare licences exist to be used for this request?

· If we need to purchase, is it being done correctly?

· Can we consolidate this demand with other requests to make it cheaper?

· Has the requestor provided entitlement, before deployment?

· Do restrictions exist in the entitlement for the software deployment?

· Once deployed can the software be seen by the discovery tool?

· Does the licence entitlement validate against what is seen in the SAM tool?

Trying to do this manually either results in a failed attempted to influence control in the organisation and a lot of ignored Visio flow diagrams, or if successful an extremely over worked team who are constantly chasing requests for updates, software details and trying to record a huge amount of data.

With Astute LDM our platform sets out a centralised point for requests to be made for your organisation to use. Our workflow makes it simple for requestors and SAM users a like to know what they have to do next as part of the request and what should be provided. The effort required by all to manage this process is minimal. All data is captured automatically and used in Astute INSIGHT, our powerful BI reporting tool which is included in the Astute LDM suite.