June 24, 2010 at 16:02Software Asset Management or how to clean up software
Many people write about the most diverse software for private and corporate use at the hub, from small plug-ins and utilities to huge complexes for distributed client-server systems.
But I am always surprised by the attitude to such a thing as software in organizations. Most (i.e. more than 50%) of those with whom I had to communicate in my profession (middle and senior managers) have no idea what’s going on with the software. They keep track of the fleet of cars - everything is fine, they monitor the real estate, they monitor the goods and materials, they also monitor the toilet paper, but somehow the software is not very good. Most likely this is due to the immateriality of this “phenomenon” - you can’t feel it.
But software is also an enterprise’s assets and often more valuable than other assets (compare the cost of any abstract proprietary server solution and the cost of an employee’s chair). And this asset is recommended to be kept in order. A science called Software Asset Management (SAM) - Software Asset Management Technology - will help us in bringing this order to life.
In this article I will try to briefly describe the essence of this technology and how to apply it at home.
Here I will make a remark in order to avoid ranking my topic in numerous topics on copyright protection and the appearance of many relevant comments, it will not be about the importance of paying for software.
On May 9, 2006 the international standard ISO 19770-1 “SAM Processes” was released which can help us in this direction.
So we have an organization with the number of computers from 1 to infinity, absolutely any software is installed on computers. The organization wants to implement this technology. We will help.
Step One: Gathering Information.
We collect all the general information that may relate to software - the number of computers, servers, network structure, location of computers geographically (offices, branches), how the process of selecting software, purchasing (if we buy), installation, configuration, use, removal, storage, who responsible for all these processes, etc.
Those. we need to fully evaluate what is happening in the organization now do not go into small details.
The result of this stage for small companies will be a few lines of text, for large companies tens and hundreds of sheets can easily come out.
Step Two: Inventory the software.
At this stage, we need in any accessible and convenient way to collect absolutely the entire list of software available on all devices of the organization - computers, laptops, servers, PDAs, servers located at the hosters, personal computers used in work, etc.
Everything that is installed, recorded, saved, etc. on all devices related to the organization’s work, we need to find and put it on a single list, this applies to both ordinary programs, and all kinds of plug-ins and even third-party fonts.
This process can be carried out in several ways or by combining them:
a) manually through the list of installed software and by inspecting the contents of the hard drives (small PC park, remote offices)
b) semi-automatically - they came up with a USB flash drive to the computer, launched any scanner we liked, saved the report to a file, went to the next computer
c) completely automatically - by installing on the entire network a software package for collecting and consolidating such information. The
result of this stage should be a summary table with a list of all software found, quantity, location, etc.
Step Three: An inventory of existing licenses.
If an organization at least once buys software in any form and manifestation, we need this step. We collect all the confirmations of our rights to use the software and related materials received during purchases - certificates, license agreements, boxes, counting stickers on cases, installation disks, electronic serial numbers, etc. Where to look for all this in your organization, you know better than me - EVERYWHERE. Starting from the system administrator’s cabinet and ending with the warehouse with old boxes of equipment.
Also, at this stage, we need to make copies of all documents related to software, but stored in the accounting department - supply contracts, invoices, acts of acceptance and transfer of rights, etc.
After the collection, we need to analyze the documents found in order to understand exactly what they give the right to and what not (often you can’t do without specialists in this field).
The result of this step will be a summary table with a list of available software licenses and quantity.
Step Three and a Half: Matching the Two Lists.
Combining the two available tables into one common, we look for coincidences and disagreements in them.
If it’s a coincidence, we have licenses for this software and its use is legal.
If there is a discrepancy towards the lack of a license or an excess license, we analyze each case individually.
A little remark - I know what GPL, BSD, and other words sympathetic to me are, but at the moment if we have something like ubunta in the table of found software, and in the table of found licenses and documents we have nothing to mention ubuntu - we there may be problems.
Here we must reduce the divergence of the tables to zero in one way or another.
Fourth step: Developing procedures.
At this stage, we need summary information obtained at the very beginning and the ISO-19770-1 standard is very useful.
Here we need to develop internal documents and regulations that will govern the entire software life cycle in the organization.
Those. step-by-step instructions describing the necessary actions of responsible persons and ordinary users in specific situations. For example, what should a user do if he needs new software to work. How new software should get into the organization from the outside. How to handle it in the process - installation, use, storage, decommissioning, etc.
The number and complexity of documents depends on the size of the organization, small ones cost two or three pieces of paper on 1 page, large ones make up a non-acidic multi-volume.
ISO-19770-1 will help us in this matter by providing many templates for such procedures.
These documents will allow to maintain the order imposed at the last stage constantly.
Step Five: Implementation.
It is practically impossible to apply two or three dozen documents and procedures to the established life of the company at once, we run the risk of paralyzing its work.
Therefore, here we are developing a plan for the gradual adoption of documents compiled by us in order to avoid a shock effect. After accepting the latter, it is better to repeat it from the second to the third and a half, if possible, because the implementation of all documents can take a lot of time.
PROFIT!
What is the profit for the organization from this order? I think a reasonable person will understand everything that way, but I will list some of them:
1) Full licensed cleanliness - I don’t need to explain why this is good, article 146 to six years and a lot, a lot of money
2) Saving on purchased software - I saw a lot of situations when buying something that is already there, but got lost in bins or didn’t buy what it needed.
3) Additional security of the entire IT infrastructure - for whom at least once the users did not catch the virus along with incomprehensible software downloaded from the Internet
4) The ability to plan software costs - due to the formalization of the acquisition process,
you can come up with a dozen more points that are not so obvious, but let's stop there .
If the audience is interested in this topic, I can make each of the five steps into an additional topic, which, in principle, I plan to do soon.
afterword:
1) If you type SAM in a search engine, you can see that this technology is most actively promoted by Microsoft, it is connected only with the fact that it is a leader in the software market and, accordingly, is most interested in restoring order among users (most often license deficiencies are revealed naturally )
2) The ISO-19770 standard can be found here - www.iso.org/iso/catalogue_detail?csnumber=33908
unfortunately paid - 112 francs.
But I am always surprised by the attitude to such a thing as software in organizations. Most (i.e. more than 50%) of those with whom I had to communicate in my profession (middle and senior managers) have no idea what’s going on with the software. They keep track of the fleet of cars - everything is fine, they monitor the real estate, they monitor the goods and materials, they also monitor the toilet paper, but somehow the software is not very good. Most likely this is due to the immateriality of this “phenomenon” - you can’t feel it.
But software is also an enterprise’s assets and often more valuable than other assets (compare the cost of any abstract proprietary server solution and the cost of an employee’s chair). And this asset is recommended to be kept in order. A science called Software Asset Management (SAM) - Software Asset Management Technology - will help us in bringing this order to life.
In this article I will try to briefly describe the essence of this technology and how to apply it at home.
Here I will make a remark in order to avoid ranking my topic in numerous topics on copyright protection and the appearance of many relevant comments, it will not be about the importance of paying for software.
On May 9, 2006 the international standard ISO 19770-1 “SAM Processes” was released which can help us in this direction.
So we have an organization with the number of computers from 1 to infinity, absolutely any software is installed on computers. The organization wants to implement this technology. We will help.
Step One: Gathering Information.
We collect all the general information that may relate to software - the number of computers, servers, network structure, location of computers geographically (offices, branches), how the process of selecting software, purchasing (if we buy), installation, configuration, use, removal, storage, who responsible for all these processes, etc.
Those. we need to fully evaluate what is happening in the organization now do not go into small details.
The result of this stage for small companies will be a few lines of text, for large companies tens and hundreds of sheets can easily come out.
Step Two: Inventory the software.
At this stage, we need in any accessible and convenient way to collect absolutely the entire list of software available on all devices of the organization - computers, laptops, servers, PDAs, servers located at the hosters, personal computers used in work, etc.
Everything that is installed, recorded, saved, etc. on all devices related to the organization’s work, we need to find and put it on a single list, this applies to both ordinary programs, and all kinds of plug-ins and even third-party fonts.
This process can be carried out in several ways or by combining them:
a) manually through the list of installed software and by inspecting the contents of the hard drives (small PC park, remote offices)
b) semi-automatically - they came up with a USB flash drive to the computer, launched any scanner we liked, saved the report to a file, went to the next computer
c) completely automatically - by installing on the entire network a software package for collecting and consolidating such information. The
result of this stage should be a summary table with a list of all software found, quantity, location, etc.
Step Three: An inventory of existing licenses.
If an organization at least once buys software in any form and manifestation, we need this step. We collect all the confirmations of our rights to use the software and related materials received during purchases - certificates, license agreements, boxes, counting stickers on cases, installation disks, electronic serial numbers, etc. Where to look for all this in your organization, you know better than me - EVERYWHERE. Starting from the system administrator’s cabinet and ending with the warehouse with old boxes of equipment.
Also, at this stage, we need to make copies of all documents related to software, but stored in the accounting department - supply contracts, invoices, acts of acceptance and transfer of rights, etc.
After the collection, we need to analyze the documents found in order to understand exactly what they give the right to and what not (often you can’t do without specialists in this field).
The result of this step will be a summary table with a list of available software licenses and quantity.
Step Three and a Half: Matching the Two Lists.
Combining the two available tables into one common, we look for coincidences and disagreements in them.
If it’s a coincidence, we have licenses for this software and its use is legal.
If there is a discrepancy towards the lack of a license or an excess license, we analyze each case individually.
A little remark - I know what GPL, BSD, and other words sympathetic to me are, but at the moment if we have something like ubunta in the table of found software, and in the table of found licenses and documents we have nothing to mention ubuntu - we there may be problems.
Here we must reduce the divergence of the tables to zero in one way or another.
Fourth step: Developing procedures.
At this stage, we need summary information obtained at the very beginning and the ISO-19770-1 standard is very useful.
Here we need to develop internal documents and regulations that will govern the entire software life cycle in the organization.
Those. step-by-step instructions describing the necessary actions of responsible persons and ordinary users in specific situations. For example, what should a user do if he needs new software to work. How new software should get into the organization from the outside. How to handle it in the process - installation, use, storage, decommissioning, etc.
The number and complexity of documents depends on the size of the organization, small ones cost two or three pieces of paper on 1 page, large ones make up a non-acidic multi-volume.
ISO-19770-1 will help us in this matter by providing many templates for such procedures.
These documents will allow to maintain the order imposed at the last stage constantly.
Step Five: Implementation.
It is practically impossible to apply two or three dozen documents and procedures to the established life of the company at once, we run the risk of paralyzing its work.
Therefore, here we are developing a plan for the gradual adoption of documents compiled by us in order to avoid a shock effect. After accepting the latter, it is better to repeat it from the second to the third and a half, if possible, because the implementation of all documents can take a lot of time.
PROFIT!
What is the profit for the organization from this order? I think a reasonable person will understand everything that way, but I will list some of them:
1) Full licensed cleanliness - I don’t need to explain why this is good, article 146 to six years and a lot, a lot of money
2) Saving on purchased software - I saw a lot of situations when buying something that is already there, but got lost in bins or didn’t buy what it needed.
3) Additional security of the entire IT infrastructure - for whom at least once the users did not catch the virus along with incomprehensible software downloaded from the Internet
4) The ability to plan software costs - due to the formalization of the acquisition process,
you can come up with a dozen more points that are not so obvious, but let's stop there .
If the audience is interested in this topic, I can make each of the five steps into an additional topic, which, in principle, I plan to do soon.
afterword:
1) If you type SAM in a search engine, you can see that this technology is most actively promoted by Microsoft, it is connected only with the fact that it is a leader in the software market and, accordingly, is most interested in restoring order among users (most often license deficiencies are revealed naturally )
2) The ISO-19770 standard can be found here - www.iso.org/iso/catalogue_detail?csnumber=33908
unfortunately paid - 112 francs.