Getting out of the SAM maze

Maze Investors in Software (IiS) is working towards trustworthy software asset management certification and was a driving force behind the ISO/IEC 19770-1 standard published in May. In this article David Bicket, a board member of the not-for-profit IiS describes progress to date.

There are few subjects as contentious in IT as software licensing.

For the CIO, software licensing a complex game - not only can licence terms for each platform or vendor vary widely, new delivery models, such as software-as-a-service, are further muddying the waters.

For vendors, it's relatively straightforward to carry out a spot check, collect outstanding license dues in the least collaborative way, and potentially impose a hefty fine as well.

The difficulty is, there's no proactive way for a company to demonstrate it is compliant with the licences it holds - and where there is any doubt, a 'belt and braces' approach prevails.

So, organizations may buy more than they need to avoid possible compliance issues, and what they don’t use generally gathers dust on the shelf - hardly a good investment.

The various software asset management (SAM) tools on the market can discover what's in use to a greater or lesser degree, but none can easily reconcile these against the paper-based records of the client or the vendor.

Since SAM remains immature as an overall discipline, software - which should really be viewed as a business asset - is widely perceived to be a risk.

This is the exact opposite of how 'business solutions' vendors market their products, and is severely limiting organizations' ability to make the best possible use of their IT, such as redeploying unutilised licenses, or terminating maintenance on unneeded licenses, for example.

This picture is nothing new: indeed, the need to align business and IT objectives was the chief driver behind SAM’s proud parent, the IT Infrastructure Library (ITIL®), in the 1980s.

But ITIL® was developed primarily as a best-practice toolkit for end users to adopt as they see fit. As a result, ITIL® adoption - and indeed that of SAM - has been limited in scope and hard to measure. For all of its strengths, ITIL®'s emphasis on best practice means it cannot be the basis for independent assurance.
 
When Investors in Software (IiS) came together for the first time, we were motivated by a common view that 'best practice guidance' - no matter how valuable - would not be enough for CIOs.

In order to give them the assurance that their estates were well managed, we felt that a baseline industry SAM standard - supported by independently-accredited SAM consultants - was vital.

To this end, we have been the major driving force behind ISO/IEC 19770-1 (published in May 2006), which lays down SAM best practices as a set of verifiable processes.

We have also defined, together with the IT Service Management Forum (itSMF) a certification scheme, which allows for manufacturer-specific add-ons where appropriate. The endgame is international, cross-industry, trustworthy SAM certification which will provide peace of mind for organizations which comply.

Peace of mind is important: many in the industry currently perceive SAM to be geared towards software vendors lining their pockets at end users' expense. This is chiefly because a few vendors who struggled to collect unpaid licence revenues historically now hide behind SAM to approach customers for their missing revenue.

The fact that many SAM solutions are specific to particular vendors doesn't help matters, but is more a symptom of the current state of the software market, than a reflection on SAM itself.

Indeed, Gartner predicts that organisations that do implement SAM will enjoy per-asset cost savings of around 30% in the first year alone, as a result of renegotiating terms on under-used applications, for example.

However, concerns over who should 'own' SAM are valid. Any SAM standard will only be a success if it is totally independent of any economic stakeholders, and creates value for vendors as well as end users - hence the need for the independent ISO baseline.

IiS's grouping of vendors, end users and SAM consultants has meant that the end product is as relevant to the vendor community as it is to end users.

In the long term, we'd like to think that vendors will begin financially incentivising customers for SAM compliance.

In the short term, however, we would urge anybody with SAM responsibilities to purchase a copy of ISO 19770-1 from the ISO website and begin discussing its implementation with colleagues and suppliers. A way out of the SAM maze is indeed in sight.

Investors in Software is a not-for-profit company limited by guarantee under English law.

IiS's mission is to support and advance professionalism in software asset management and related IT asset management to enable individuals and organizations to improve effectiveness and efficiency. 

November 2006