Driving forces behind HAM and SAM

Here are some of the reasons why the implementation of Hardware Asset Management (HAM) and Software Asset Management (SAM) are essential in organisations:

  • Security improvement – consider patch management as one example. Having a detailed list of hardware and software is crucial if you want to be sure that all software on all devices gets updated to the latest version and any security patches are applied.
  • Asset valuation – determining the current value of assets for accounting purposes – such as for negotiating a price during mergers and acquisitions or for end-of-year valuation purposes.
  • Software licence compliance – beginning the discussion on HAM and SAM in direct response to vendor accusations or investigation by the Federation Against Software Theft (FAST)
  • Response to an audit – could be an internal or external audit, but generally where SAM and HAM identified deficiencies which need corrective actions. Could also be driven as a preventative measure where software under licensing is known.
  • Budgeting and cost centre allocation – calculating the costs per business unit of IT services for cross-charging purposes

HAM and SAM are crucial aspects in the implementation of security standards. Capturing information about corporate assets and maintaining inventory accuracy is essential, and achieved in several different ways, for example:

  • Use of data from existing services such as Active Directory, anti-virus solutions, DHCP and other sources of data within the organisation
  • Connecting remotely to individual assets to interrogate its state and capture information about software installations
  • Install an agent on each asset which runs in the background and periodically sends information to a server to update software and hardware inventory records
  • Maintain the inventory manually

Agents may not exist for all asset types, and a combination of the above is likely to maintain data over time. This requirement needs to be thoroughly understood as it will impact on the deployment timescales of any SAM or HAM solution. If an asset requires an agent, you will need an initial inventory as a starting point.

Streamlined IT Infrastruture

On numerous occasions with IT projects, the management decided to buy software which didn’t fit into the current technological environment. The consequences of this were costly.

Examples include:

  • The software required Linux, but the IT environment consisted of Microsoft servers. The business needed new servers as there was no opportunity to share with existing systems.
  • The solution required MySQL or Oracle while all the existing database servers were Microsoft SQL Server

Having a defined platform when it comes to deploying new business systems keeps costs to a minimum by taking advantage of existing hardware, software, services and business processes. The alternatives are more costly:

  • Skillsets – existing staff with Microsoft experience would need cross-training in new technology, or the business would need to hire new staff with the necessary skills to operate the system. Introducing a new business system on the same platform would take advantage of the existing skillsets. If additional team members are required, the skills will apply to the new system and all current systems deployed on the estate.
  • In-house software – if the environment has many different systems built in-house to support the business, does the new bespoke system use the same technology as existing systems? Introducing new programming languages may make the system unsupportable by existing teams and result in the need to hire new staff.
  • Security – the more complex and diverse the environment becomes, the higher the potential for breaches, and the greater the requirement for patch management and security testing

The vendor system under investigation may be one of the best in the marketplace. However, if it introduces too much diversity into your organisation, it will quickly become an unmanageable cost centre.

  • Accurately understand the requirements to make the system work
  • Understand your own IT environment
  • Evaluate how the new system will work in your environment and what the realistic cost expectation is factoring in technological diversity.

HAM and SAM data integrity

My observation is that Hardware Asset Management (HAM) and Software Asset Management (SAM) data are seldom accurately maintained, and often there is no expectation of the information being close to accurate. Given that SAM and HAM are cost centres rather than profit centres, this is understandable.

If you were issuing credit cards to consumers, we would expect the bank to account for every transaction, every penny spent, every credit or debit card, and every card cancelled within the system. It is doubtful that someone would ever suggest that 80%, 90% or even 95% accuracy would be acceptable. The same applies to many areas of the core business that generates revenue. However,

Without accurate HAM and SAM data, how can you be expected to, for example:

  • Know if unauthorised software is in use
  • Know if hardware assets are missing or stolen
  • Know which hardware assets and software packages need security updates
  • Identify support costs which are too high because usage has dropped
  • Know if you have adequate software licences

Eliminating unnecessary software licensing costs

The discussion on software licences often centres around software usage without adequate licensing. Over licensed is seldom given the same emphasis, and organisations often find themselves:

  • Buying new software licences while existing licences remain idle. Reallocate unused software licences and assess licence requirements before purchasing new licences. Examples include:
    • staff members who have changed roles and no longer need access to the software
    • staff members who have left the organisation
  • Renewing yearly support contracts based on the current number of licences, while overall software usage has dropped. Reviewing software usage before agreeing to renew support contracts could reduce the costs significantly.
  • Unused software installed – an external vendor software licence audit could identify the need to purchase a significant number of new licences. The business might have 100 staff using a particular product and has correctly purchased 100 software licences; however, if the audit reveals 150 installations, the vendor could demand payment for the extra 50 software licences. Deleting software from computers where access is not required will reduce this risk and financial exposure; cost avoidance rather than cost reduction, but equally important.
  • Reorganise responsibilities to reduce licence requirements – distributing work inefficiently across a broad cross-section of the business increases overall licence requirement. For example, 300 staff with access to software, but 150 use it for less than 5 minutes per day, or where software is allocated ‘just in case’.

Consider the cost of change when undertaking these activities, taking into account the licence unit cost, quantity of licences and support costs.