Software Asset Management and inventory with ISO 19770-2 SWID tags – maximizing benefits

In my last blog, I stated that while the tags are an official standard, the industry adoption rate for these tags is low.  This suggests they are not useful.

 

Actually, that is not the case.  The current situation means that you cannot assume that a single method will identify all of the software installations in your organization.  This hasn’t changed since I blogged about it 3 years ago in my “The complex world of software inventory” post.

The question is – have things improved because of the ISO 19770-2 tags? – In my opinion - YES!!!

 

Why?

 

First of all, vendors are starting to adopt this standard. This is a slow process, but progress is being made.

 

Secondly, many inventory tools are able to collect the SWID tag information today.

 

Thirdly, many installer programs (Windows Installer ones at least) are able to generate ISO 19770-2 tags out of the box (and if they cannot, any developer should be able to write a tool to generate them in a few minutes, and if that is not an option, check TagVault.org to see how you can obtain a tag generating tool).

 

But, how do I take advantage of the tags when my software comes from vendors that don’t provide them and from internal R&D that does not provide them either?

 

In three words “STANDARD, ENFORCED PROCESS”.  No process, no way to get better.

 

1.     Make sure you have a process for deploying software within your organization.  This is a must, not because of the tags, but because any change carries with it risks – you need to be aware of all changes.  If you have the process already in place, then modify it so the team responsible for distribution of all software creates tags (or updates existing ones) before the software is distributed.  This way, over time, you will be getting more results out of the tags and require use of other, complex methods less and less.  Given that probably every piece of software will have to be patched at least once a year, the tags should be widely deployed in your organization in 12 months or less.  And then, it is simply a matter of maintaining the process.  Yes, this requires some effort, but I believe benefits will exceed the costs.

 

And don’t think that benefits are only related to software asset management – they aren’t – just think about your helpdesk; in order to troubleshoot many issues, you must have accurate inventory and having the tags will help provide that information in a standard and consistent way.  Security will also be interested in having a way to identify officially sanctioned software installations.

 

2.       Make sure your internal R&D organization generates tags for every new software or software update they release.  Just because your distribution team will create them doesn’t mean they should – if the original software has the tag built in, the workload on the distribution team will be reduced and will allow them to focus on validation of information, reducing the number of errors in the overall system.

 

I recall talking to a large organization a few years ago about a task they were facing – having to inventory 8,000 mainly home grown applications in 12 months.  This means they had to, on average, add 32 applications to their recognition engine per day – I told them that was a monumental task – and suggested they use the still not finalized SWID tag.  Unfortunately I did not get feedback about what happened with that project, but I believe ISO 19770-2 tags provided the only truly viable way of meeting their goals.

 

In summary, just because everything is not provided out of the box, doesn’t mean you cannot benefit from this standard.  You should talk to your internal R&D and software distribution teams about this and get their buy-in.  They will resist, especially if you tell them it will make software asset management easier.  Talk to them in THEIR terms – about being able to easier identify where defective software is present, simplifying verification of distribution, better change control, fewer escalations, etc.  If you talk to them, they will tell you what matters to them.

 

It is time to talk to your teams – good luck!

 

And, feel free to share your stories about ISO 19770-2 tags – are you using them?  Is my blog giving you an idea how to get them adopted?  Just post the comment to this blog, or connect with me on LinkedIn.

Comments
Earl_C | ‎06-25-2013 12:00 PM

Great article and great ideas.

 

Two questions

 

First:

As part of our SAM management effort, I've been tasked with 'selling' the company on using ISO tags for internally developed applications. We have teams that develop the applications and a team that packages the applications for deployment. Which is the better team to start having these conversions with, developers or packagers?

 

Second:

We are currently using AM9.32 and DDMI 9.32 - When will the ISO tags that are discovered by DDMI or Universal Discovery have a corresponding mapped field in AM?

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation