One challenge that is consistently faced by enterprise leaders is the difficulty of managing hardware and software assets and the financial and operational risks associated with a lack of oversight.
Clearly, the problem is not confined to any one market. For any large organization, simply keeping track of IT assets—knowing what’s been deployed, what’s being utilized and what’s being paid for—is a major challenge, compounded by the increasing ubiquity of mobile devices and BYOD policies. Lack of insight into IT assets raises the obvious issue that you may well be paying for hardware and software you aren’t using. Another concern is that software is not being properly updated for virus protection. Finally, non-compliance with software licensing agreements can generate fines and penalties in the millions, and vendors are becoming increasingly aggressive about targeting customers with enterprise-wide license audits. Customers who are sloppy with their assets, meanwhile, make for an inviting target.
Poor asset management has a number of root causes. Many companies lack adequate discovery tools, or don’t properly deploy the tools they have. Businesses where security is at a premium—think of secret programs run by defence contractors—are subject to strict access rules that trump the benefits of transparency into asset management processes. Innovative firms with “incubator” environments are also at risk, since they encourage a culture of collaborative groups working in isolation from centralized corporate oversight. And then we can always blame the millennials and their lack of respect for rules and regulations and knack for finding short-cuts.
The good news is that enterprises can take specific steps to develop an effective asset management strategy that enables efficient return on hardware and software investment and prepares an enterprise to respond effectively to a software audit. The key is a three-pronged approach that addresses processes, tools and people.
Processes need to ensure oversight of licenses and contracts without posing an obstacle to the delivery of services. It’s important to define what functions should be kept in-house and what, if anything, should be sourced to a third party. The governance strategy should aim to integrate sourcing, procurement and IT functions so that assets are purchased through the right channels. Communication with vendors is imperative, and should be aimed at eliminating surprises. With specific regard to software, the process of requesting and approving licenses needs to ensure that demand management disciplines are enforced and that excess licenses are harvested and redeployed whenever possible.
While world-class and standard-based asset management tools and CMDB-type technology are readily available, the appropriate solution should align with the size, scope, complexity and risk level of the specific enterprise. Multinational, decentralized organizations may choose different solutions than centralized ones that only operate in one or a few countries. Tools have three major requirements—to discover what is being used in the environment and what is being paid for it; to document all existing assets; and to report that usage adheres to contractual and licensing terms. Just because something has been purchased doesn’t necessarily entitle the purchaser to its use. And keeping pace with changes in licensing terms is imperative to ensure that compliance is continuously maintained.
From a people perspective, keep in mind that if no one is directly responsible and accountable for license management, it simply won’t get done. The core team assigned to software asset management should have appropriate skills and knowledge and be entrusted with responsibility, accountability and authority to implement software asset management processes across the enterprise. A potential challenge here is that asset management is like accounting—it’s not for everyone, and people with the right skill sets can be difficult to find. Stakeholder education is critical and should focus on communicating process and accountability across different levels. Finally, millennials, engineers, IT professionals and others who may be prone to hack or crack licenses rather than follow procedures may need focused training.
About the author
David Snell has more than 25 years of experience in IT and business, working with world-class IT advisory firms and service providers. His areas of expertise include transformation, cost reduction and risk mitigation.