Software and Hardware Asset Management

Discussions about software purchasing, licensing, and the need for Software Asset Management (SAM) often begin from a position of chaos. With so many day-to-day activities and pressure to complete work, deadlines to meet and a whole ream of other reasons, the purchasing of software licences often finds its way to the end of a long list of things to do. Once the current work has been completed, and the priorities have changed, purchasing a licence can easily fall by the wayside. Software remains installed for others to use and becomes a de facto part of the corporate estate without further consideration; just one example of how unlicensed software accumulates within organisations. In essence, software licence chaos evolves through a combination of ignorance, negligence and bad management.

Other factors which contribute towards allowing this to happen include:

• The lack of control over who can download and install software – Everyone having administrator permission over their desktop is more common than people would care to admit. Combined with unrestricted internet access, is a recipe for software to be downloaded and installed as needed without giving software licensing a second thought.

• Lack of business processes around software installations – restricting internet access and permissions on desktops will prevent users from downloading software and installing it. Without defined processes for managing software requirements, users typically default to asking IT staff to install software, often without considering licensing implications. The higher the number of problems and support activities, the higher the likelihood is of this happening automatically without thinking about software licenses.

• The lack of vendor control over software usage – there are many different ways in which vendors can implement software to exercise control over software usage; however, not all methods are effective. Combined with insufficient control over software installations and by whom, contributes significantly to the use of unlicensed software.

Implementing control of software licenses needs to fall into the following programmes of work:

• Tactical work to clean up the environment of unlicensed software

• Strategic implementation of systems and processes to keep software under control, in essence, corporate-wide implementation of Software Asset Management

Demonstrating both tactical clean-up and a strategic SAM programme, along with a commitment to ‘true-up’ licence usage, can often satisfy vendors and help avoid legal entanglements.

Managing software licences is complex due to the wide range of licensing models used by vendors. Although there are many standard software licensing models, each software vendor has commercial freedom to choose their own. Here are some of the popular licensing models:

• Per user – one licence is required per user, either on a user-account or named-user basis.

• Per installation – one licence is required for each desktop or server installation. Multiple users can share the same computer with one software licence.

• Concurrent – one licence required for each concurrent user of the system. This limits the number of users who can access the system simultaneously, although many more users or installations may exist.

• Per site – all computers and people within a single corporate site can use the software with the same licence.

• Licence per processor – an adaptation of the installation licence for systems with multiple CPUs, and later evolved to address multi-core and virtualised environments

• Freeware – software downloadable and used as needed, copied and distributed without any restrictions. The vendors often include advertisements for commercial software such as a more advanced version of the same product. The ‘free’ in ‘freeware’ typically refers to cost, not user freedoms such as modification or redistribution of source code.

• Shareware – software distributed free, on a trial basis, and may have a built-in expiry date or reminders while using the software. The output from the software may have ‘Trial Version’ embedded, preventing it from being used. It could be free for personal use but requires payment for commercial use.

• Open source – source code is available to everyone to download, use, modify and redistribute. Such code is often released under licenses like the GNU General Public License (GPL) and all derivatives made available must be under the same terms.

With a growing number of cloud-based services where the vendor has control and responsibility for the platform, software vendors and their customers can exercise better control over software usage and licences. For example:

• Per feature – some features are provided as standard and others enabled upon payment of additional fees. Software features can be enabled and disabled by the vendor.

• Per space – the price charged is based on the storage space used.

• Per bandwidth – price based on the quantity of data transferred.

• Per feature usage – price is charged for each time the users take a specific action within the software. A popular approach is to introduce the sale of credits, then allow the use of credits to pay for services within software features.

Individual software vendors have the freedom to choose one or more licensing model or any variation on the same theme for their products.  Licence models can change over time as new software is released and new delivery methods become available.

Given the diverse range of software licensing models, it is sensible to adopt a centralised procurement system for software licences. Benefits include:

• Avoid scenarios where an organisation holds both a site licence and multiple individual licences for the same software at the same location.

• A centralised pool of licences can be monitored and reassigned as needed.

• Use of the most appropriate type of licence for the required usage corporate-wide. It might be more economical to purchase a site licence, for example, an option unlikely considered with decentralised purchasing.

• Reduced expenditure through economies of scale.

• Specialist licensing expertise can be concentrated within a single team, allowing other departments to focus on their primary functions.

Centralising the purchasing of software licences becomes more critical as businesses grow and will in the long-term reduce expenditure. Having individual departments or teams responsible for software purchasing can become costly, inefficient and increase the number of software licence disputes due to lack of awareness and control.

Following extensive discussions on the implementation of Software Asset Management (SAM), it is clear that there remains a widespread misunderstanding about software licensing in general. Licensing implications are seldom given due consideration during change initiatives within organisations. The concept that software is licensed, not owned, is still not fully embedded in public or corporate consciousness.

Company directors could face personal sanctions.  Also, there could be significant financial penalties for the company concerned, let alone the impact on its reputation for knowingly allowing the use of illegal software within their organisations. There is a fine line between ignorance and negligence, either way, poor oversight of software licensing puts directors, and senior management at risk and companies need to get the software on their estate under control.

There are many factors to be considered with software licensing and establishing adequate processes to make sure businesses operate legally. The diverse range of software licensing models alone is sufficient to conclude that SAM is not as simple as it sounds:

• Even products from the same vendor may follow different licensing models

• Software from the same vendor can be licensed differently depending on the product

• A single product can be licensed in multiple ways depending on the option chosen

• Licensing terms and conditions often change between product versions

Organisations need a cultural shift in how they manage software, moving from ad hoc decisions to clearly defined, policy-driven approaches. Implementing SAM is not just a compliance measure; it is a vital part of operational governance. Senior leaders must recognise that proactive licensing oversight is an executive responsibility, not just an IT function.

With many ready-made Software Asset Management (SAM) and Hardware Asset Management (HAM) solutions available, making the right decision can be overwhelming, and making the wrong choice can be costly. In some cases, implementing a vendor system may become so expensive that developing a bespoke system could have been faster, cheaper, and better.

The best solution on the market might not be the best solution for your business if it doesn’t easily integrate within your existing IT ecosystem. Here are some key questions and considerations:

• Integration and Compatibility
  • What data does your business already have about hardware and software?
  • Will the new solution become the authoritative data set, or will you still rely on other data sources?
  • How well does the solution fit into your organisation’s existing processes?
  • What are the infrastructure and operating system requirements?
  • Are software components required on individual assets?
  • Does the solution require customisation to fit your environment?

• Development and Licensing
  • How much bespoke software development is necessary to meet your requirements?
  • Are any third-party software components and licences required?
  • Which database system is required to store the data?

• Operational and Support Requirements
  • Who will maintain and support the solution?
  • How intuitive is the solution, and how much training will your team require?
  • Does the solution manage software deployment and removal?
  • Does the solution include workflow capability for software requests and line-manager approvals?

• Asset Discovery and Management
  • Does the solution maintain a database of known software for identification and cataloguing?
  • How does the solution handle software licences?
  • Can it be easily integrated with licence purchasing records?
  • Can it automatically detect software installations, and if so, how does this detection work?
  • How are software removals detected?
  • How does the solution discover new assets and maintain an accurate asset register?
  • What types of assets does the solution manage?
  • How does the solution identify where installed software is outdated?
  • Does it include patch management capabilities?

• Reporting and Data Management
  • What reporting capability does the solution offer out of the box?
  • Does the solution allow direct access to data for bespoke reporting?
  • How does the system maintain the data?

• Asset Lifecycle Management
  • What is the process for managing newly purchased assets?
  • What is the process for detecting missing assets?
  • How are missing assets handled?
  • What is the decommissioning process for assets?
  • How does the system handle asset renaming?

• Virtual and Physical Asset Management
  • How does the solution manage virtual machines and their hosted environments?
  • How will software on virtual machines be managed?
  • How does the solution distinguish between hardware and virtual hardware?
  • Can the solution identify unauthorised executable files on assets?
  • How are hardware assets uniquely identified?
  • Can the solution track the physical location of assets?
  • Does the solution capture hardware data, such as through Windows Management Instrumentation (WMI)?

• Software Identification and Licence Compliance
  • What documentation does the vendor provide with the solution?
  • How does the solution define a software installation?
  • Does it provide software recognition data to identify individual files?
  • Does it offer data about software and licence requirements?
  • How are software licences reconciled with discovered software installations?
  • Does the solution monitor software usage?
  • Can it manage different types of software licences?

Choosing the right software and hardware asset management solution is about aligning the features with your organisation’s specific capabilities, requirements, and strategic goals. Taking time to carefully consider these questions will help ensure a cost-effective, efficient, and successful implementation.