Software Asset Management Best Practices

Optimize software expenditure and minimize risk by implementating best practices in your SAM
Updated for 2024
07 April 2024
Ed Cartier and Paul Lambert
18 December 2022
Ed Cartier

Best Practices in Software Asset Management - Updated for 2024

Software may be the most complicated type of asset to manage. It is intangible, expensive, licensed not owned, presents security risks, and must be regularly maintained. It can also be rendered obsolete by the manufacturer. The operation of most production assets, information technology assets and communications assets rely on software, so having a robust software asset management (SAM) program is not a luxury, it is a necessary part of your IT Asset Management strategy.

Whats new in 2024?

  • Vendors including xAssets are building AI into their SAM offerings
  • Adoption of cloud and hybrid multicloud solutions continues to grow
  • SAAS usage monitoring is now key to controlling spending
  • Software vulnerabilities are now a top security risk

Why adopt best practices?

Software asset management (SAM) is a detailed process for managing and optimizing all aspects of a company's software. This includes the purchasing, deployment, licensing, compliance, maintenance, usage, and disposal of software assets. SAM can also help organizations get the most from their IT operations and improve overall performance. SAM Best Practices help maximize the effectiveness of a company's software investments. They can help limit the risks associated with the licensing of software, as well as achieve long-term savings by identifying overused, underused and illegally installed software.

Establishing a SAM Program

Failing to actively take steps to establish a software asset management plan exposes businesses to significant risks. Software compliance issues can be complex and time consuming. Companies can find themselves committed to ineffective software purchases that can cost hundreds of thousands of dollars.

An effective software asset management (SAM) plan will avoid these risks. As a first step, compile a comprehensive inventory of all the software owned or licensed by the company. Then make that available to the relevant parties in the form of a SAM database application.

This inventory provides stakeholders with an overview of software in use, by whom, and for what purpose. Then you devise and implement a SAM plan to optimize software purchases, reduce costs, and achieve strategic goals.

Obtaining senior management support and approval is also crucial, as is establishing a multi-departmental SAM team, and acquiring the SAM software that best meets the company's needs.

Achieving Management Buy-in

A significant factor for gaining management SAM buy-in is presenting the proposal in terms that align with their priorities. Emphasizing the financial benefits of SAM and the potential liabilities of not having a SAM practice in place will frame things in terms that management can easily relate to and will ensure action is taken.

Ideally, a C-level executive should be in charge of driving your SAM project forward.

Software Is a Fixed Asset

Licensed software is a depreciable asset. In the case of computer software, most companies record software as part of their fixed Plant, Property and Equipment (PPE) assets.

Software is an integral part of business and is a fixed asset on companies’ balance sheets. Software is depreciated and managed like any other fixed asset, with its own depreciation schedule.

Managing Software-as-a-Service

Software-as-a-service (SaaS) is provided on a subscription basis. This is an annual expense and is recorded on the income statement like equipment lease payments. If cloud-based software is not proactively managed, especially the procurement of SaaS, expenses can become significant.

Software Is Licensed Not Owned

Unlike physical assets, software is licensed by the vendor and used by companies under the terms of a software license agreement.

Make the cost ramifications of non-compliance clear to management, including the impact an audit could have on the corporation's bottom line. Vendors are entitled to carry out license audits if they believe a business is not adhering to the terms of service. If a company is not adhering to the software license agreement, hefty fines can ensue.

An established SAM practice can act as a key component in maintaining compliance with the software license agreement and avoiding a costly and intrusive audit.

Avoiding Excessive Software Costs

A SAM program can be a key tool in facilitating re-use of software as well as avoiding the expense of over-licensing. It should also help address the overlicensing of SAAS software.

Excess licenses may be returned in exchange for credit (e.g. for future purchases or against license renewals) or issued to new end-users. Licenses that do not get used by designated employees can be redeployed to other departments, instead of purchasing new licenses.

These savings and cost avoidance measures are nearly impossible without a SAM program.

Emphasize the return on investment (ROI) associated with a SAM program. As with any other operation, there will be software, equipment and personnel costs associated with a SAM program. Present the potential savings that can be achieved through a SAM program alongside the estimated costs of implementing such a program.

Illustration of costs as a drawn chart curve

Creating The SAM Team

The SAM team should be composed of representatives from across the enterprise. Each of the departments listed below should assign someone to participate in the SAM team:

  • Information Technology
  • Purchasing
  • Accounting
  • Legal
  • Production Management

Each of these departments has a vested interest in managing the corporation's software assets. They can also contribute significantly to creating the SAM program and the eventual selection of the SAM tool.

Each of the participants should provide input to the following decisions:

  • Defining key requirements for, and functionality of, the SAM solution
  • Comparing the benefits and risks of cloud-based and installed SAM solutions
  • Identifying the information to be collected and reported by the SAM solution
  • Researching and selecting potential vendors
  • Establishing a SAM project budget
  • Recommending a solution provider to management
  • Negotiating license terms with the selected vendor
  • Establishing a SAM project schedule following vendor selection

The SAM team provides regular updates to management and keep employees apprised of the goals of the program. One key message is that the corporation is committed to properly manage its software assets. In addition, the responsibility for the proper use of the software and compliance with the software license agreement rests with every employee.

The team should include directives to ensure SAM compliance and SAM cost control within the employee handbook.

Choose the right tool

There is a wealth of SAM software solution providers on the market. And like any other product, each offering has its strengths and weaknesses.

Some key features for the SAM team to consider when drawing up requirements and interviewing vendors include:

  • Configurability
  • Scalability
  • Functionality
  • Extent of Software Discovery
  • Software discovery detail
  • Software Recognition Library
  • SAAS Usage Monitoring
  • Re-Use of Existing Information
  • Ability to Discover Cloud Assets
  • Reporting
  • Compliance and Audit Support

Each of these feature categories are examined below.

Configurability

No two companies have the same SAM requirements, so a SAM solution needs to be configurable. These include the appearance and content of the dashboard, the number and definition of database fields, custom report generation, standard reporting, and the solution’s integrations with other systems within the organization.

The SAM team should carefully consider the process involved in customizing the solution so that it best fits the company's needs. For more advanced solutions, this may require new reports or the inclusion of a configuration layer that speeds customization and enables administrators to make modifications after the system is installed.

Key factors include:

  • The degree to which professional services are needed for initial installation and later modifications
  • The ability of the users to create ad-hoc reports
  • The ability for systems administrators to add fields
  • The ease of importing data from existing sources

Configurability is a critical factor when it comes to usability and the degree to which the SAM solution meets the corporation's specific needs.

Scalability

Corporations' computing infrastructure and network architecture are constantly changing.

Businesses grow through acquisition and expansion. The number of end user devices expands and changes as technology advances. Business models adapt to external forces, such as adopting remote work. A SAM solution needs to easily scale across the corporation and include the number, type, and location of installed and mobile devices.

The SAM solution needs to scale well with the number of endpoint assets and software license entitlements you have.

Deployment also relates to scalability. A system that depends on installed agents will scale far less quickly than an agentless solution, but not all agentless solutions can monitor software usage. Key factors for the SAM team to consider include:

  • Support for wired and mobile devices
  • Support for remote workers and distant facilities
  • Agentless discovery software for network devices
  • Installed discovery agent software for off-network and WFH devices
  • Device count limitations
  • Dynamic expansion as the company's computing needs increase

Scalability is critical to ensure that all the firm's software can be managed as the company's needs grow.

Functionality

These factors that must be considered when selecting a SAM tool:

  • Extent of Software Discovery
  • Software discovery detail
  • Software recognition library
  • Re-use of existing information from existing tools (e.g., SCCM, Active Directory)
  • Use of licensed software in remote locations and work-from-home locations
  • Ability to discover cloud assets
  • Ease and detail of reporting

Extent of Software Discovery

To provide maximize benefits, a SAM tool must discover the widest range of software titles in use across all devices in the organization. This would include server software, desktop/laptop applications and mobile device software apps.

Failure to do so results in an inaccurate picture of the licensed software, which can lead to software license compliance issues, undetected vulnerabilities, and the use of unauthorized or unsupported software.

When selecting a SAM tool, it is critical to find out whether a vendor's standard offering includes the discovery of all software licensed by the company.

Software Discovery Detail

Simply discovering software is not enough to provide the detail needed for a fully functional SAM program.

The SAM software must discover and report on the details. These include software titles by version and release, software patches, drivers, and device location.

This level of discovery detail can become critical when upgrading or replacing equipment or operating systems. It can also help in identifying vulnerable software and locating unpatched devices.

In addition, many software titles can have multiple identifiers depending on the reseller that supplied them. Consequently, the SAM tool needs to recognize and reconcile these software titles to determine license compliance and evaluate any under/over licensing situations.

Software Recognition Library

Software vendors must continually update software recognition libraries to ensure that discovery and reporting functions are as accurate as possible.

Updates and additions should include software titles, releases, and versions. The vendor should commit to regularly adding new software to the library and to researching software that is discovered but not identified. If the SAM tool is not cloud-based, these updates should be regularly transmitted to the server hosting the SAM tool. Also, to make sure the software title recognition function works as described above, the library should index the various identifiers assigned to the same software title (e.g., MSWord, Word, Win 10 Word).

AI is now being used to improve the accuracy of software recognition, however such an approach carries risk of inaccuracies and should be used with caution.

SAAS Usage Monitoring

Software as a service is generally accessed through a browser, but tracking corporate users browser activity raises worrying data protection issues.

Take a close look at how each tool implements this need. There are ways to track "only" the SAAS sites we need to track.

Browser plug-ins are one option but users often use multiple browsers, and indeed sometimes SAAS sites hit conflicts with browser add-ons, and the only way for the user to continue their work is to use a different browser or even to log in through a mobile device.

Integration with each SAAS product's API is one approach, but when you have a hundred SAAS products, can you really maintain 100 integrations, potentially each needing development resources to create, and maintenance of regularly expiring API keys?

Tracking DNS resolutions and using a software usage monitor to track the title of each browser window is another approach, but this can be intrusive unless it only tracks the specific SAAS sites which are recognised in your SAM tool's software recognition database.

Re-Use of Existing Information

Most companies already have some form of electronic records that track software license purchases, what software is installed on various machines, and the software titles in use within the organization.

Software vendors provide tools to identify and inventory their products being used by licensees (e.g., Microsoft SCCM and Active Directory). This is valuable information to the organization and should be integrated into, or used by, the SAM tool. Ideally, the SAM solution will augment the vendor-provided tools to provide a thorough and complete SAM resource.

Ability to Discover Cloud Assets

Almost all companies nowadays operate a cloud infrastructure. This means not just direct SaaS offerings, but also cloud servers, cloud databases and other cloud infrastructure will often form part of the organization's IT asset portfolio. So, the ability to discover what software is installed on these servers is extremely important.

Licensing becomes even more complicated when companies work with (or within) virtual environments. Server virtualization rights often permit the installation of a software solution or operating system on both a physical host as well as several virtual machines (VMs).

Given the dynamic nature of this type of environment and the complexity of the licensing requirements, maintaining server virtualization rights can become challenging, if not impossible, without an appropriate SAM solution in place.

Reporting

Accurate, flexible, and easy-to-use reporting is key for a successful SAM program. In addition to standard, vendor-supplied reports, the user should be able to configure reports based on selected fields and save them or run them on an ad hoc basis.

The user interface should be easy to use and not require any database programming skills. Reports should also include the use of processes to identify systems missing key software products (e.g. security software), software not listed on purchasing records (e.g. software purchased or installed by an employee) or important patches.

The system should also provide a dashboard reporting system with up to date information on areas of particular interest.

Reporting charts on a laptop

Compliance and Audit Support

One of the key benefits of a SAM program is determining a company’s level of compliance with its software license agreements. This gives the company the ability to make any necessary adjustments and to maintain full compliance at all times. Compliance is simply using the same number of software titles as were paid for and using them in accordance with the terms of the software license agreement. A good SAM tool will:

  • Compare the number of discovered software titles
  • Normalize the different versions and identifiers
  • Aggregate them into a total count of that title 
  • Compare that number to the purchased license quantity
  • Assign licenses to devices
  • Report any over and under licensed software

If the numbers of discovered titles and purchased titles match, the firm is in compliance with the software license agreement.

If the purchased quantities are greater than the number of titles discovered, the company is over licensed and can put any future purchases of those titles on hold.

If the opposite is true, the company is out of compliance and must take steps to acquire additional licenses.

Thus, software license compliance is a continuing process where the firm identifies compliance issues on an ongoing basis and is prepared for an audit request from any software vendor on demand.

Software companies conduct regular compliance audits. These can be costly, disruptive and time consuming for the company in question.

Software vendors can be aggressive in conducting audits and often treat them as a revenue generating exercise: If a company is out of compliance, it must purchase additional licenses on top of paying damages.

A SAM program can mitigate the impact and cost of an audit. Ideally, the accuracy of the reports generated by the chosen SAM solution is certified by one of the major software auditing agencies (e.g., SIIA, BSA). That being the case, the company can run the requested reports, submit those reports to the software vendor, and the issue will be quickly resolved.

If the selected SAM tool is not certified – or if the company is unsure of how to generate the requested information – the SAM vendor should be ready to provide the services needed to generate those reports. As part of those services, the vendor should explain its methodology to the auditor to substantiate the accuracy of the information provided by the SAM solution.

If no SAM tool is in place, the targeted company should research a SAM vendor or contact its large account reseller (LAR), who will provide SAM as a service. Such a service would normally be provided via the cloud; no on-site installation would be required.

SAM, as a service, should rely on an agentless system. This makes introducing the SAM program easier and minimizes any disruption to the target company's operations.

SAM and the Cloud

Cloud computing has changed the entire landscape of corporate computing. It has not, however, eliminated the need for firms to manage, measure and monitor their cloud-based software assets.

Software-as-a-Service (SaaS) assets must be counted and reconciled just as on-premises assets must be managed. Measuring and accounting for cloud assets is becoming even more critical as major software providers are moving to cloud-based products.

Microsoft Windows, Office 365 and Adobe's entire suite of products are prime examples. This makes it all the more important that firms use a single resource to analyze their software asset information.

Most companies use multiple cloud providers in the form of both SaaS products and cloud servers. Managing all those assets involves discovery and API integration, plus numerous reporting, and tracking resources.

The chosen SAM tool should manage both cloud-based and on-premises software assets, bringing them into the same database. This provides a unified view of software assets in a single solution. Such an approach provides several benefits:

  • Cloud assets and "behind-the-firewall" assets are incorporated into a single ITAM database and can be analyzed, measured, and reconciled using one application
  • Information required for software license compliance, overall software license count, under/over license counts, and cost/risk assessments are easily obtained
  • Cost analysis and avoidance can be accessed using a comprehensive dashboard with standard and custom reports
  • As virtual machines can switch from cloud to local processing, the pathway that the virtual machine has visited should be visible

Firms typically use multiple cloud providers, so the SAM solution should be able to compare assets across providers and identify any duplication incidents and compatibility issues.

Also, using a single SAM solution will deliver cost-savings and improved efficiencies. Knowing what cloud services are being paid for is key to cost containment. Without an ongoing centralized inventory of cloud resources, firms can continue to pay for a server they stopped using several months ago. Comparing cloud performance to value is crucial for maintaining cost efficiencies, but difficult to do without the information collected in a single database.

Managing all the enterprise's software assets in one coordinated, continuously updated resource will lead to cost efficiencies, improved controls, and better risk management.

Electronics board with a cloud outlined

Performance Indicators

Simply acquiring and installing a SAM tool doesn’t mean the job is done. The organization needs to establish agreed performance indicators to measure the progress and success of the SAM program. Typically, performance indicators measure six components of activity:

  • Input - the inputs required of an activity to produce an output
  • Output - the outcome or results of an activity or group of activities
  • Activity - the transformation produced by an activity
  • Mechanism - what enables an activity to work
  • Control - an object or system that controls the activity's production through compliance
  • Time - a temporal element of the activity

No two organizations will have the same performance indicators. However, some common SAM project activities that are measured include:

  • Installation timeframe
  • Time to generate useful information from the system
  • Number of discovered software titles
  • Number of matched software titles
  • Degree of software license compliance
  • Active use of the information generated by the solution
  • ROI generated by the SAM program

Whatever metrics are agreed, management should be kept appraised of the progress of the program as well as any resulting financial benefits.

SAM – A Critical Function

Graphic showing different industrial use cases for a software asset management toolset

There is little debate on the value that a fully functional SAM program brings to an organization. Proper planning, careful SAM tool selection and a methodical implementation will yield ongoing operational and financial benefits to the organization.

Further Reading

© xAssets 2024 All rights reserved.