Championing the professional management of software
and protecting members rights

By Jeff Greenwald

The blogosphere is buzzing over SAP’s announcement to reintroduce its Standard Support model and offer its customers a choice between two tiers of support service.

Amy Konary, Research Director for Software Pricing and Licensing at IDC, and Ray Wang, a Partner for Enterprise Strategy at Altimeter Group and the author of the enterprise software blog A Software Insider’s Point of View, recently posted interesting analyses of these changes.

Both applaud SAP for listening to their customers and recognise that this announcement represents a decisive shift of power in the software industry from vendors to customers.

Ray provides SAP customers a helpful decision matrix and points out that if an organisation anticipates expanding their use of SAP, now is the time to renegotiate their contract and address shelfware issues.

But in my experience, many organisations don’t really understand how their SAP applications are actually being used. Without insight into SAP license usage, how can anyone accurately identify shelfware or compliance risks?

I encourage those that are turning their attention to their SAP investments to take a closer look at how their organisation is actually using their licenses and take that information into account when considering their support options. Only by asking this question on a more ongoing basis can organisations guarantee that they’re only buying the software they really need and using all the applications they already have in 2010 and beyond.

What do you think of SAP’s support announcement? How does this impact your software budget plans in the future? How do you measure your SAP license usage today?

The Software Industry Research Board (SIRB) has scheduled next year’s UK Software Management and Licensing Conference to take place on 21st April 2010 at the Madejski Stadium in Reading, Berkshire.

Invitations to the conference will be circulated via our e-bulletin service in January but in the meantime we are interested to know what topics you would like to see covered in the conference workshop sessions. To help us understand we’re inviting you to give us the answer to just 7 questions in our on-line survey. Your answers will enable us to design the content of the workshops to meet your needs and ensure that you gain maximum benefit and value from the conference.

Please click this link to access the survey www.surveymonkey.com/s/F5VWGH3. The survey will close on 24th December 2009, so please make sure we have your answers before then.

In 2006 the International Organisation for Standards passed a standard for Software Asset Management processes ISO19770-1 (dash one). The release of that standard was the product of a great deal of effort initially by Investors in Software (IiS – now merged with the Federation Against software Theft) and the various working groups over a period of 12 months.

Whether or not the release of dash one was a success could be measured through several different approaches. If the success was measured by the number of copies of the standard sold it would undoubtedly be positively appraised, if however certification against the standard is considered key then the zero pass status of the standard would invert the appraisal based on sales.

The reality of dash one was heavy prescription of documentation, many organisations have taken a programmatic view of the content and ‘picked the eyes’ out of it and establish which elements could be practically implemented and drive software asset management benefits.

On Friday October 23rd ISO passed 19770-2 ‘dash two’ a standard which applies to vendors rather than end user organisations and sets mechanisms through which software vendors should ‘tag’ their products to enable identification, recognition and therefore management.

Significant in the development of dash two has been the extended period of development and technical focus by the working group (WG-21) and participation by vendors in the course of it’s development – thereby securing mindshare and at least conceptual buy-in from a number of key members of the software vendor community.

The objective of dash two has been to create software ID tags that provide authoritative identifying information for installed software or other licensable item (such as fonts, or copyrighted papers).
Software vendors / manufacturers / publishers will use the stipulations of dash two to enable their software to be accurately identified. Dash two provides much more than just software identification however, by allowing attributes (27) to be added software identification process including:

• Who distributed the software
• Who may have re-packaged the software
• The individual or unit which authorised the installation
• Mechanism through which the software was purchased

Whilst dash one was drafted by IiS, dash two was initially developed by a committee of the International Business Software Managers Association (IBSMA). Since then WG21 and an other working group (OWG). In the final stages of dash two ratification a non profit organisation call TagVault.org was formed to enable certification of tags and the registration authority therefore.

The organization will act as the registration authority for ISO/IEC 19770-2 software identification tags (SWID Tags) and will provide tools and services allowing all SAM eco-system members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible.

So, we have a new standard – what will the benefits be?

A standardised software tag will enable automated identification of inventoried applications. Minimising administration required by end user organisations and making the task of discovery and licence management tools less onerous.
In reality benefits will be largely long term, however flow through will commence immediately in small percentages as vendors commence applying the stipulations of the standard. A handful of tagged software products will be present in many environments in the coming months, a very small percentage considering the thousands of applications present in many environments.

The number of tagged applications in any given environment should grow towards saturation over a five year period with significant increase as many organisations renew applications in association with implementation of Windows 7.

In the immediate term CA, Symantec, Adobe and Microsoft are moving forward with Adobe having treated dash two as a de-facto standard in advance of it’s ratification, commencing with Acrobat 9 and CS4.

Adobe’s tags enable organisations to identify an installation of Acrobat 9 Pro for instance as:

• A stand alone product
• A trial version
• Part of a Create Suite package – which would be named as either Design Premium, Design Standard, Web Premium or Master Collection

In addition:

• Software applications will be tagged as non-prod where distributed as a test or development version.
• A SWID only file can be created for access based products (CALs for instance) and distributed to all devices which access the relevant server application

Does the ratification of dash two mean that software licence management tool vendors who’ve invested heavily in their own recognition capabilities have wasted that investment? Not at all, the investment made largely by the focused vendors will keep them in front in terms of functional delivery to customers now and a reduced cost of their sale in the future.

Whilst the level of excitement associated with dash two ratification will be muted, simplified recognition will flow through to customers and service delivery organisations in the medium term. Resource requirements will inevitably be reduced to an extent, however robust process will remain the key to successfully managing software costs and compliance.

What remains to be seen is how effectively the dash two standard will enable organisations to deal reporting of cores, value units and the chosen methodology of licensing complex datacenter software titles.

Stephen White
Technology Leader Software
Computacenter (UK) Ltd
Services & Solutions
www.computacenter.com/software

When the ISO/IEC 19770-1 international standard for Software Asset Management (SAM) was launched in summer 2006, many in the SAM expert community were no doubt expecting great things, perhaps envisioning a time in the not too far distant future where organizations would treat SAM professionalism with the same respect that many apply to standards such as ISO 9000.

However, three years on and (to the best of this SAM market observer’s knowledge) not a single organization anywhere worldwide has been fully accredited as conforming with the ISO 19770-1 standard.  A few may be close, but none are quite there yet.

Why is that? Why haven’t we yet seen widespread adoption of the international SAM standard?

We know it’s not due to a lack of interest in SAM. Although SAM adoption still lags behind where we (in the SAM community) would like it to be, the fact is that adoption of SAM technologies and best practices is definitely on the rise.

It’s not difficult to find reasons why.  Industry analysts Gartner recently reported that the likelihood of an organization receiving at least one vendor software audit has risen to 56 percent in 2009 (compared with 30-35 percent in 2008). Add to this the fact that research conducted by FrontRange showed that most organizations are currently over-spending on their software assets and its easy to see why more and more organizations are beginning to take software management seriously.

But despite this growing adoption of SAM, we’re not seeing organizations flock to the ISO 19770-1 standard.

The answer then must lie in the standard itself (although, interestingly, according to the ISO, it actually ’sells well’ from their website). Despite it being a very comprehensive and worthy standard, one criticism that is cited over and over again is the complexity of the requirements and the (perceived) daunting nature of the task of achieving full conformance.

Many organizations come to the conclusion that they can achieve their goals without adhering to the minutiae of the standard. But while that might be ‘good enough’ for today, will it be good enough in the future?

However, there may be hope on the horizon.

The proposed ISO 19770-4 standard for ‘Staged adoption of SAM processes’ has the aim of making ISO 19770 adoption faster and easier by breaking down the key requirements of the standard into separate ‘modules’.

It is hoped that this will a) remove some of the fear around the standard and b) prompt organizations to see SAM adoption as a gradual exercise rather than an ‘all-or-nothing’ approach.

‘Dash four’, as it is know within the inner circle, could comprise a staged approach of four tiers, each moving the organization’s approach to SAM forward both in terms of complexity and maturity. Under this kind a program, the four tiers might look something like:

• Tier One – Trustworthy Data – creating an accurate inventory of everything to be managed
• Tier Two – Practical Management – implementing basic management controls
• Tier Three – Operational Integration – making SAM a part of daily IT Operations (such as ITSM)
• Tier Four – Full ISO Conformance – where SAM becomes a strategic enabler to the business

Unfortunately, doing a search for “ISO 19770-4″ on the internet won’t yield many useful results yet.  But according to a reliable source the plans are well afoot to bring ‘dash four’ to market as quickly as possible.

For this particular commentator, ISO 19770-4 appears on first hearing to perhaps be what ISO 19770-1 should have been from the start. It will be interesting to see what final form it takes and whether it can increase the appeal of a SAM standard in the wider world.

Matt Fisher is a Director of Marketing with SAM vendor, FrontRange Solutions.  Learn more at www.frontrange.com.

According to new figures just released by Pierre Audoin Consultants (PAC) and TechMarketView, corporate software spend in the UK is down 3.9 percent in the UK. Not great news for software vendors.

But it’s also potentially small-fry against the value of software investments that are already being wasted each year.

According to research undertaken by SIRB member FrontRange last year, the average organization in the UK actually over-spends on the software by as much as 20 percent annually. This is a symptom of poor control – with many organizations routinely purchasing shelfware or duplicate licenses, individuals failing to purchase through the most effective channels (e.g. buying one-off boxed products when volume licensing agreements are already in place), and even renewing maintenance on software that is no longer in use.

All of these instances of poor management (and there are many more besides), contribute to a general over-spend that no organization can afford. But by understanding what software is on the network, the organization’s current licensing position and exercising tighter controls on procurement and deployment – the good news is that a significant portion of the current IT spend can be reduced with no detrimental effect on IT operations.

So while the reported 3.9 percent drop in software spend isn’t great news for the industry, the fact is that end user organizations that invest in better software management practices can actually save far more. And that, in turn, means they can afford to acquire the software they really need.

Matt Fisher is the Director of Marketing for FrontRange and a commentator on the SAM market. Follow him on Twitter: M_J_Fisher

In July 2009 I was asked by Computer Reseller News to participate in a videoed interview.

I was joined by FAST IiS member Chris Hibbert, SAM General Manager at VAR Bytes Technology Group and interviewed by CRN reporter Kayleigh Bateman. We discussed what effect piracy is having on the channel, the laws that protect copyright material and best practices for organisations to ensure they are never accused of copyright infringement.

18-minute video offers valuable advice on how to implement a proper software asset management strategy and how to avoid Trading Standards and vendor software audits.

To find out more and access the video link please visit:

www.channelweb.co.uk/crn/video/2247135/studio-crn-piracy-channel

Author: John Lovelock, Chief Executive, Federation Against Software Theft

It’s an unpalatable fact of life at the moment that large numbers of organizations are downsizing, undertaking forced mergers or having to fundamentally shift their business focus in order to stay alive.

While all of these activities are conducted with the explicit aim of driving down costs in the business at the same time as (hopefully) increasing profitability, there is one area of cost that is often overlooked – the software owned by the organization.

According to research from McKinsey, software licenses are expected to account for 35 percent of the total IT budget in 2010. This represents a significant expenditure for any organization.

In fact, the concept of ‘owning’ software in this context is actually something of a misnomer. As any software licensing specialist will state, you don’t actually ‘own’ software, you buy the ‘right to use’ it. Nevertheless, if your business has experienced a reduction in workforce (whether through downsizing or perhaps merger) or a change of structure, then there’s a very high possibility that you’re currently paying for more software than you are actually using.

Whatever your actual or expected software usage was when the licenses were originally purchased, volume license agreements agreed or support and maintenance agreements established – the chances are that you’re now using less. As such, it’s perfectly logical to consider renegotiating your license agreements as part of your ongoing cost saving strategy.

But you can only do this when you are confident that you know exactly what your present license position is, what software is currently installed on the network and how it’s being used.

And that’s why – contrary to what many people might think – investing in Software Asset Management (SAM) actually makes even more sense in a recession.

If you want to enter into a renegotiation with a vendor, you need to do it from a position of strength. And that means being in possession of the cold hard facts about software installations and usage across your entire network.

Having this information gives you a number of options to explore. First, you can ensure that any unused software dormant on PCs is removed (in most cases, it only needs to be installed for it to need a license, whether it’s being used or not). Then, armed with information on how many licenses are going unused, you can then make decisions about re-deploying those licenses to other parts of the business (where licensing terms and conditions allow) or using the up-to-date usage information to renegotiate volume license or leasing agreements. And don’t forget support and maintenance; according to Forrester Research, organizations can typically waste as much of 10 percent of their total support and maintenance payments on software that isn’t being used.

Against this backdrop of cost cutting and increasingly strict processes for IT operations, there is another key risk that many organizations are failing to address. Despite policies that might stress that all software is purchased and deployed centrally, the fact is that ‘rogue’ purchasing is still rife across many organizations. Whether the organization has volume license agreements directly with a vendor, or perhaps a preferred VAR partner, the chances are that it is receiving some level of discount on its new license purchases. When an individual (often a non-IT member of staff) decides to satisfy a perceived immediate need by purchasing outside of these agreements, they create additional cost for the business. This is because often a license is already available for the required software (perhaps thanks to the identification of unused applications in another department or site) and also because the purchase of a single ‘off-the-shelf’ product is guaranteed to be more expensive than one sourced through the proper channels.

For each instance of rogue purchasing, the individual cost may be small, but totaled-up from across the organization, this can become a significant unnecessary spend.

Whether it’s in the datacenter, on local Windows servers or spread across the wider PC estate, the fact is that failing to have complete visibility and control of your software is hurting the business. At best, unused software represents a cost saving which going unrealized. At worst, the de-centralized purchasing of software and lack of re-harvesting and re-deployment is actually causing the enterprise a significant cost it can ill afford to carry.

Back in 2006, Gartner estimated that the average organization was over-licensed on around 30 percent of their software estate. Today that figure is likely to be much higher – and that’s a real cost to the business that it doesn’t need.

Author: Matt Fisher, Director of Marketing, FrontRange Solutions

Software Industry Research Board (SIRB) member FrontRange Solutions has launched a ten-question online self-assessment microsite for companies to compare their approach to Software Asset Management against industry best practices. The ‘FrontRange Analyzer’ is free to use and confidential, giving users a full and frank appraisal of how they are doing against standards such as ISO 19770 and Microsoft’s SAM Optimization Model (SOM).

The self-assessment tools looks at everything from basic practices around software audit to how the organization deploys new applications onto the network. At the end of the process, the tool highlights key areas of both success and opportunities to implement improvements.

See what the press has to say about FrontRange Analyzer!

In a time of unprecedented global financial turmoil that has seen governments intervene, companies fail and heavy job losses – the need to save for that ‘rainy day’ and avoid risk is both relevant and heightened in consciousness of each and every one of us in our day to day lives.  Now take that same philosophy and apply it to our business lives – do we have the same sense of urgency, care and preparation for our spending and do we have a similar sensitivity to risk?

Most leading Analyst firms are advising that IT spending will flatten or contract in 2009.  Big new purchases may be deferred and people will concentrate on investing precious funds in areas that improve operational productivity, reduce operating costs or deliver a quick and proven return on investment.   Equally those same Analysts predict that as markets get tougher, vendors will naturally be more conscious of ensuring that existing customers are adequately and properly licensed, and as such an increase in vendor led reviews is inevitable.  In fact a recent survey carried out by IDC for FAST IiS identified that 55% of 600 UK based companies had been subject to a vendor review, a considerable uplift on the 35% often quoted as an industry average.  Therefore, with everyone aware that the prevalence of audit reviews is increasing, and against the backdrop of the financial pressure on budgets for 2009, there is no better time for an organisation to kick off its own Software Asset Management initiative in order to drive out un-necessary cost on an informed basis, negotiate new agreements based upon proven need and mitigate non compliance risk.

Sound too easy?  Well maybe in those few words yes, but the point is this – doing nothing really is not an option.  The reality is most companies that only react to an audit review find the internal cost and distraction significant because they were not properly prepared, and the reality is in the current financial climate it is good governance to seek out inefficiency and risk and to erradicate it.

If you need to tighten the financial belt in your company; if you have had to face employment freezes or internal redundancies; if you need to make a choice between competing priorities because you can’t fund them both, if you have no formal or enforceable Software procurement and deployment controls; or just because you want to be confident of the controls in your business – the financial justification for Software Asset Management has never been greater than it is today.  Take the time to understand how SAM can drive down material costs and reduce business risk.

Software procurement, operational management and maintenance now represent a very significant, increasing, and yet often poorly visible, expenditure for most businesses.  The truth is that we cannot operate without Software today as it enables our basic business processes and often underpins our competitive offering.  It should be surprising then that many businesses still struggle to control the deployment, use, remediation, licensing and security impacts of Software in the workplace.  As a result unnecessary risks are incurred ranging from under used software and poor lifecycle management driving up costs to unauthorised software deployment and poor license reconciliation increasing the tangible security and compliance risks to the organisation.

That said, the Software Industry has sought to provide guidance and best practice to the business community through supporting the launch of the ISO 19770-1 SAM Best Practices standard in 2006.  With ever increasing awareness of this standard along with the growing adoption of ITIL as a framework, the business community is adopting a more proactive approach to SAM, going beyond the traditional stimulus from the risk of a compliance audit to seeking to harness maximum value and control from their investment in Software.

This blog has been established to provide an on-going commentary about the drivers for SAM, real-world best practices, industry activity and evolving trends.  With relevance to both the business executive and the SAM practitioner, I am seeking to provide an independent view on whats working, and whats not, and to encourage a wider discussion that will enable businesses to harness the full potential of their investment in Software in a practical and efficient way. 

So bookmark this blog, follow the commentary …  and share your thoughts and insights to drive greater recognition and awareness of the real benefits that can be achieved though effective management of Software.