Can Software Asset Management Become Easier?

We are now living in 2010, computers are everywhere....so why is it so hard to track license compliance?  After all, we can all see the applications in Add/Remove programs…


I have been managing HP DDMI (Discovery and Dependency Mapping Inventory -our asset and inventory discovery software) for a couple of years now.  Before I took on managing this product, I knew it had hardware and software inventory capabilities and I was impressed with its software recognition capabilities. Then, as the world entered the global recession at the end of 2008, I started hearing a lot of complaints about gaps in DDMI’s software inventory.  I was a little surprised…I mean I knew we had some limitations, but I thought most of them were because we were not providing all of the results we were capturing and that we could improve the level of automation.


But, as it turns out (hindsight being 20/20) the issue is much bigger than I thought.  Is DDMI behind the competition?  Are we in danger of becoming irrelevant in the market place?  The answers I found comforted and shocked me at the same time!


First of all, I began to realize how incredibly complex the world of Software Asset Management really is.  Having gained CSAM certification from IAITAM, I validated that realization. I also learned about the many daily challenges of an IT Asset Management professional.  I realized there is a big difference between reporting what is installed and being able to track licenses.  There are also differences between tracking desktop software and server software, Windows software and Linux/UNIX software.


My conclusion?  There is no way to be able to automatically track license compliance across the board today.  You may be able to do it for specific titles, or perhaps vendors.  But there is no way to do it across the board!!!


Is there hope for the future? Yes!  It is a faint hope, but there is a light at the end of the tunnel (hopefully it is sunlight and not a train lightJ).  We now have a first global standard that promises to improve the current situation - ISO 19770.  ISO 19770-1 provides information about best practices for performing effective Asset Management.  ISO 19770-2 provides a description of a standard asset tag that will identify installed software.  That means, you will be able to read the tag information rather than relying on software recognition or other complex and potentially inaccurate and incomplete methods of identifying software.  Then, if and when ISO 19770-3 is approved, you will be able to use the same method to collect license entitlement information.


Yes, it will take time for vendors to adopt these standards.  This is where each of you come in – vendors listen to their customers.  So, here is my call to action to all of youstart asking for ISO 19770-2 compliance on every RFI and RFP from today on!  It doesn’t matter what the software is – if you buy it, you have to track it, so ISO 19770-2 compliance should be mandatory for all vendors.


Then, once you get the ball rolling, it will be easier to require ISO 19770-3 compliance.  And that will provide you with the license entitlement information – making software license compliance easier.


And don’t worry – you will not put me out of work and you will not lose your jobs either.  As much as I would like to be an optimist, I don’t think for a second that every vendor will fully or correctly implement these standards.  But if we can only solve 80% of the problem, or even 50% of the problem - that will help you deal with the other issues.


What issues?  There will be lots – have you looked at the licensing terms lately?


Stay tuned....more to come... a topic for another one of my posts...COMING SOON!

Comments
SteveKlos | ‎03-05-2010 08:55 PM

I'll admit right up front that I'm biased, but I completely agree with Daniel's posting!  

SAM is very difficult to do right.  The 19770-0 standard specifies 70 different processes/activities that should be implemented in an organization to ensure license compliance.

Various tools exist (including many from HP) that have features that can help with these processes, but each tool works differently and must have additional policies and processes developed around it to operate effectively.

The ISO/IEC 19770-2:2009 standard on software identification tags is intended to provide a common language and structure across applications, publishers, computing environments and yes, tool vendors.  

Requiring software ID tags in RFI and RFP documents is a good start, however, the ISO/IEC 19770-2:2009 mandatory elements are just a start and were defined to allow software publishers to easily take up the standard.  As Daniel indicated, just implementing to standard tags, not all vendors will implement it correctly or fully.  In addition, the standard has a number of data elements that are specified as "variable" in nature and left to the market to define.  Without guidance, each vendor will likely utilize their own proprietary set of values for these fields.  If that occurs, the SAM practitioner has more useful information than they had previously, but they still have to spend significant resources to map and track different values between the various vendors.

TagVault.org was developed as a non-profit program of IEEE-ISTO as the registration and certification authority for SWID tags based on the ISO/IEC 19770-2:2009 standard.  If software purchasers specify that they require certified SWID tags, that means that every tag they receive and use from  installed software will meet all requirements specified at the certification level defined.  That means that the SAM practitioner can now start to rely on consistency in reporting - especially in cases where organizations are distributed and/or where M&A activity may be occurring.

The US Air Force has already distributed an RFP that specifies a requirement for 19770-2 software identification tags.  The GSA is working to define a set of certification requirements that make sense for Government purchases.  These efforts will, without question, promote the need for SWID tags - and as the purchasing organizations become more knowledgeable about the value of certified tags, I fully expect this trend to become a tidal wave since it helps take steps towards making software asset management and, in particular, license entitlement reconciliation much more of a transparent activity where both the seller and purchaser or the software know exactly what's being measured and how tracking should be done.

As certified tags become available, one of the next standards being developed at the moment (ISO/IEC 19770-3) that focuses on software entitlement tags will be able to snap into the overall process and provide even more value immediately!

Push your software vendors.  I've already started to hear back from software vendors that they are being asked about tags and when their software will have certified tags.  For language on how to require tag information in your RFI and RFP documents, take a look at the article on the TagVault.org website.

Yes, this posting includes a pitch for TagVault.org, but I'd like to see companies like HP spending their resources on making tools like DDMI easier, faster and more capable for their customers to more effectively and efficiently manage their software assets rather than spending time and resources on arcane details of how to ID software (which, in my view, the software publisher should include specific and structured ID information anyway).  I would also like to see ISO/IEC 19770-2:2009 SWID tags being implemented properly so the industry addresses more than 80% of the identification problem!

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.