TRADITIONAL SAM IS FAILING TO PROTECT ENTERPRISES
Forrester speaks with dozens of clients each year about their software compliance problems, and thus we know that many have faced unexpected liabilities despite having implemented traditional SAM tools and processes, as espoused by conventional standards bodies such as ITIL and ISO.1 Software companies excuse their revenue generated by compliance audits by blaming customers’ poor or nonexistent SAM. They have a point — many companies deliberately or recklessly stay underlicensed, hoping they won’t get caught. However, the evidence from our research shows that honest, diligent enterprises can also get caught in significantly underlicensed positions due to:
- Self-provisioning by users who are unaware of the license implication. Such users may download trial versions from vendors’ websites that automatically convert to billable licenses after a period or accept invitations to upgrade without knowing the cost implication. For example, a US retailer and European manufacturing company both had to pay Attachmate for new product versions that users had downloaded, assuming, erroneously, that the upgrade was free of charge.
- Technology changes that make their discovery tools obsolete. Server virtualization is the prime example, fatally undermining installation-based asset tracking by breaking the link between hardware and software. Yet no SAM products can reliably count hardware-based licenses in accordance with all the various licensors’ rules.2 Asset managers who track software by physical server will find themselves undone by IBM’s subcapacity, Microsoft’s running instances, and/or Oracle’s soft partitioning. Similarly, discovery tools cannot cope with innovations such as application streaming, multicore processors, and indirect access.3
- License metrics that are outside their SAM processes’ scope. Enterprise applications, such as enterprise resource planning (ERP), often cause problems through unique rules for counting users and other licensing metrics. A lack of good monitoring tools available either from the publisher or from third parties compounds the problems. For example, of the leading SAM vendors, only Flexera has a module to control SAP user category licenses, and even this does not track the various business metrics that SAP uses for its add-on packages. Forrester has encountered a few clients, including a luxury goods manufacturer and a transportation company, that SAP determined were correctly licensed for users but underlicensed on some packages.
License Managers Who Focus On Assets Fail To Control Liabilities
The common theme of the above examples is that no one noticed that they owed the software company money for additional deployment and/or usage. As the name implies, conventional SAM treats software licenses as assets to track and safeguard. According to ITIL, “SAM is all of the infrastructure and processes necessary for the effective management, control and protection of the software assets . . . throughout all stages of their lifecycle.”4
“Control and protection” treats software the same as hardware, as the result of a formal procurement and physical fulfillment process. This definition dates from a bygone era in which SAM is merely a subset of IT asset management, involving tracking floppy disks or licenses permanently and immovably assigned to specific hardware. Another standards body, ISO, repeats this outdated definition:
“The term SAM rather than IT asset management (ITAM) is used for this part of ISO/ IEC 19770 because for nearly all practical purposes the two terms are synonymous. For example, it is impossible to manage software assets without also managing the hardware on which it runs.”5
But today’s streamlined software acquisition models are far more likely to involve the creation of unrecorded liabilities than the formal purchasing of assets. Software companies have made it easier for us to deploy their products — because we asked them to do so — with the understanding that we will true up our license capacity when we need to. This simplified provisioning streamlines our IT operations but bypasses traditional procurement processes (see Figure 1).
SLO IS A NEW, PROACTIVE APPROACH
Forrester has seen a few visionary enterprises, helped by innovative product and service providers, implement a more proactive, farther-reaching approach that we call SLO. Not only does SLO minimize the risk of unexpected costs caused by software audits, but it cuts total spend by enabling reharvesting and eliminating wasteful buying of licenses that won’t be fully used (see Figure 2). These smart organizations extended their SAM frameworks by:
- Defining central responsibility for proactive license management to avoid nasty surprises.
- Establishing a contractual framework for compliance tracking and cost optimization.
- Implementing complete, up-to-date discovery and license reconciliation processes.
- Performing demand management to analyze what users need, not merely what they have.