SoftwareAsset Management (SAM)

(1)

Jan Corstens

Software

Asset Management (SAM)

(2)

Agenda

2

Introduction

Software Asset Management Industry Standards

SAM Technologies

Software Asset Management: The Deloitte Offering The Deloitte Managed Platform

Q&A

(3)

Who Has Been Audited?

Brainstorm

(4)

Who has a SAM organization?

Knowledge Check

(5)

Software Asset Management

(6)

Overview

Software Asset Management

6

While Software Asset Management (“SAM”) has been on the corporate agenda for well over 10 years, it has been difficult for organizations to both justify and execute SAM initiatives. But this is changing and cost reduction is a key driver.

With the rise in the number of software vendor audits and increasing complexity within IT environments, risk-focused organizations are increasingly focused on Software License Compliance and mitigation of financial, operational and reputational risks associated with the deployment of software within large complex organizations through Software Asset Management.

ITAM Objective

The International Association of IT Asset Managers defines ITAM as “maintaining life-cycle management information for IT assets throughout the organization.”

ITAM includes the “development and maintenance of policies, standards, processes, systems and measurements that enable the organization to manage IT assets with respect to risk, cost, control, governance, compliance and business performance objectives as established by the business.”

ITAM Focus Areas

1. Software Asset Management (SAM)

IT Infrastructure Library (ITIL) describes SAM as “all of the infrastructure and processes necessary for the effective management, control and protection of the software assets within an organization, throughout all stages of their lifecycle.” Included in SAM is Software Lifecycle Management.

• The goals of SAM are to reduce IT costs and limit operational, financial and legal risks related to the ownership and use of software. 2. Hardware Asset Management (HAM)

Hardware Asset Management can be described as having a deep understanding of the tangible assets within an IT environment. This Hardware Asset Lifecycle Management includes lease and depreciation management.

• The goals of HAM are to accurately anticipate business needs, reduce risk of license discrepancies, and retain business efficiency. 3. Other focus areas of ITAM include (but are not limited to):

Contract Management as it relates to physical and intangible IT assets; Finance and Cost Management; IT Policies and Procedures Management; Service LifeCycle Management (ITIL).

(7)

Main Goals

Software Asset Management

The goals of SAM are to optimize IT costs and limit operational, financial, and legal risk related to the ownership and use of software.

Over

Licensed

Out of

Compliance

$

SOFTWARE ASSET MANAGEMENT Cost Optimization

Risk – Legal & Regulatory Asset Management Risk – Software Audits Organizational Governance Security

$

7

(8)

SAM Risks and Drivers

Software Asset Management

Most companies start to think about asset management in response to an audit. There are other elements of risk faced by companies which allow SAM to be introduced in a proactive manner.

SOFTWARE ASSET MANAGEMENT Cost optimization Risk – legal and regulatory Asset management Risk – software audits Organizational governance Security

Control of software assets

§ Monitoring and tracking of software in use is difficult § No “silver bullet” technology solution

§ Diverse and complex software licensing models § Reallocation of software licenses when hardware is

moved or decommissioned

Risk of a Software License Compliance Audit

§ License Compliance Audits are on the rise – Gartner continues to predict an increase in vendor audits § Software vendors use license compliance audits to

decrease squeeze on margins § Software industry alliance “bounties”

Organizational governance

§ Getting compliant and staying that way also helps eliminate the potential damage to reputation that could arise from a legal dispute

§ Compliance with industry standards

Limit legal risk

§ Properly implementing SAM limits legal and financial exposure should problems with software licenses arise § Select industries have regulatory requirements on SAM

Security

§ Without the ability to inventory and control software installed and allowed to run on their hardware, organizations make their systems more vulnerable to security threats

§ Inventory Open Source software to understand what is in use and what could potentially introduce security risks to the organization

Cost Optimization

§ Organizations may be over-licensed and paying maintenance costs for software licenses not being used § Software is a significant component of IT spend

Over Licensed

Out of Compliance$

Optimal

Lack of Controls = Large Recurring Expenses

$

(9)

Why SAM?

Software Asset Management

• 88% of customers audited have unrealized cost savings averaging over 20% of their annual S&M spend1_.

• A mature SAM program can save 3-5% of your total IT spend1_.

• Organizations may be over-licensed and paying maintenance costs for software licenses not being used1_.

• By 2017, Gartner predict that enterprises will be spending ten times more on their Software Asset Management services then they do on their SAM tools2

• Without the ability to inventory and control software, organizations make their systems more vulnerable to security threats.

• Open Source software introduce security risks to the organization.

• Properly implementing SAM limits legal and financial

exposure should problems with software licenses arise1_.

• Select industries have regulatory requirements on SAM1_.

• Software typically represents 8-10% of a total IT budget. • Common for an organization to have 50+ software vendors

and hundreds of contracts.

• Compliance with industry standards.

• Gartner 2011 Poll: 35% (2007) to 65% (2011) chance of getting audited1_.

• Seeking to increase revenue, software vendors will initiate twice as many audit requests in 2014 as in 20133

• Top software vendors auditing: IBM, Adobe, Microsoft, Oracle, SAP1_.

• “Organizations will increase their investments in Software Asset Management by 35% over the next 18 months3_”

• The interest in SAM Managed Services is being driven primarily by a severe shortage of individuals with hands-on licensing, audit and SAM implementation expertise4

• Licensing rules and metrics are constantly changing.

• Emerging technologies (virtualization, cloud, BYOD) make tracking software more challenging.

Sources:

1 Gartner, Inc. | G00230816 -Software Vendor Auditi ng Trends: What to Watc h for and How to Respond Published: 23 May 2012

2 Gartner, Inc. | GG00254975

3 Konary, Amy. "Worldwide Softw are Pricing and Licensing 2014 Top 10 Predicti ons." 2014. PDF file

4 Thomps on, Martin. "Group Test – SAM Managed Service Providers - A c ompetitive comparison of specialist SAM providers." Jan. 2014. PDF file.

(10)

Case Studies

Software Asset Management

USD 2.5M in average license cost savings 56% potential financial liability identified1 23% cost savings identified in annual software maintenance spend2 USD 225K potential financial liability identified1 USD 2M avoided through server re-configurations1 USD 5.4M in potential financial liability1_. 7000 instances of non-essential software1_. Bottling company

Process risk assessment and license baseline performed. Process gaps identified. $5.9M in potential financial liability identified.

Real estate company

Process risk assessment and license baseline performed. Process gaps identified. $225K in potential financial liability identified

In the software license assessments that Deloitte has performed, clients had unrealized cost savings averaging 23 percent of their annual maintenance spend.

Automotive manufacturing company

Process risk assessment and license baseline performed. $2M in financial liability avoided through server reconfigurations.

Educational company

Process risk assessment, license baseline, and security analysis performed. Process gaps identified. $5.4M in potential financial liability identified. Over 7,000 instances of non-essential software installed. Low (<50%) compliance with security patching compliance.

Source1: Deloitte 2013 SAM for IA Brochure1

Sourc e2: Deloitte res ults and analytics rel ated to c ost s avings /av oidance come from a datas et c ompos ed of roughly one thousand software licens e ass essments performed across 20 c ountries between 2009 and 2012. Included data was normalized, removing outliers and calculating values at software list price.

(11)

Internal Audit and SAM

(12)

IA and IT's Role for SAM

Internal Audit and SAM

How IA and IT can help

• SAM Process Risk Assessment – Benchmarking against leading industry practices

• Software License Baselines – Comparing software deployments against license entitlements

• Software Security Risk Assessment – Analysis of non-essential software and security patch deployment

• SAM Transformation Efforts - strategy, organizational structure development, process design, etc.

• SAM Tooling - Implementation and configuration assistance

Other cost optimization opportunities

• Software Procurement Optimization • Software Vendor Audit Readiness

• Software Contract Negotiation Support • Software Portfolio Rationalization

• Strategic Vendor Sourcing

(13)

Items to cover within an Internal Audit Plan

Internal Audit and SAM

(14)

Deloitte SAM Framework

(15)

Deloitte SAM Framework

Formal processes to manage the lifecycle – forecast and request; analyze and procure; installation and maintenance; monitor and track; decommission and reuse.

Tools and technology to streamline processes and improve data accuracy and timeliness

Strategy and policies to define the SAM program vision and objectives and outline activities and initiatives necessary to achieve the vision and goals

SAM roles, responsibilities, and reporting requirements to execute and monitor the SAM process as well as communication and training to educate stakeholders and promote organizational alignment E. Lifecycle Process Software Asset Management Lifecycle 1.0 Forecast & Request 5.0 De-commission & Reuse 2.0 Analyze & Procure 4.0 Monitor & Track 3.0 Install & Maintain B. People SAM Organization Governance & Performance Metric Communication & Awareness D. Technology Software Asset Repository Software Discovery Software Metering & Usage A. Strategy & Policies

Vision &

Objectives ProceduresPolicies &

C. Data Data Model &

Standards Data Validation

15 Data standards to meet performance metrics and

(16)

© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar 4.3 Maintain software license inventory 4.5 Track software compliance issue remediation 3.3 Manage software license financial treatments 4.1 Maintain software catalog 1.1 Collect and aggregate forecast data

1.2 Collect and aggregate software acquisition requests 4.2 Maintain software contract inventory 2.4 Review acquisition requests and procure

software licenses 3.1 Install software 3.2 Respond to and resolve software license inquiries 5.1 Review software/ hardware decomm requests 5.2 Review personnel change impacts 2.1 Review and assess

new / incremental software demand 2.3 Validate license availability for installation requests 5.3 Uninstall software 2.2 Perform a product rationalization analysis

SAM Lifecycle

1.0 Forecast and Request 3.0 Install and Maintain 4.0 Monitor and Track 5.0 Decommission and Reuse 2.0 Analyze and Procure

4.4 Assess, analyze and report software

compliance

SAM Lifecycle Processes

Deloitte SAM Lifecycle

16

(17)

Software Asset Management Technologies

(18)

Tool Introduction

Software Asset Management

18

A wide variety of tools exists in the market today, as a result multiple definitions exist:

“A tool that provides insight in the licenses owned versus

licenses consumed”

“A tool that collects and/or consolidates information about

software that is installed and/or executed on

servers and workstations”

“A tool that helps organizations with their SAM efforts”

(19)

Most Popular Tools

Software Asset Management

(20)

Tool Functionality

Software Asset Management

20

SAM tool functionalities can be placed in 4 broad categories:

Contract

Management

& procurement

IT Systems

management

_{reconciliation}

License

(21)

Tool Benefits

Software Asset Management

21

A dedicated SAM tool offers a wide range of benefits:

• Optimization of software spend: a SAM tool will strengthen the client’s position during contract negotiations with the software vendor

• Cost allocation: by providing a complete view into the software estate, costs can be assigned to cost centers based on objective criteria

• Security: A SAM tool will provide insight into installed applications, system administrators have a direct overview of version levels and unwanted software

• Audit risk mitigation: the information provided by a SAM tool can be used to continuously minimize the software license compliance risk. This will increase audit readiness and the effort required to provide data requested by the auditor.

(22)

Tool Drawbacks

Software Asset Management

22

Common drawbacks for SAM tools:

• SAM tools need a SAM framework: after all, it’s only data! • Some specific T&C's are or cannot be covered by tools • Manual input required

• Complexity of product bundles, OEM software is not always handled well • Specific skillset required to interpret tool data

• Implementation risk: tool coverage & configuration

• Undiscovered software: not all tools perform equally well in software discovery • Possible to avoid detection

(23)

Tools Assessment Factors

Software Asset Management

23

When considering the implementation of a SAM tool, it’s important to consider the following criteria: • Is the tool compatible with the IT landscape (Linux, Unix, Windows, z/OS...)

• Will the tool cover your most important product vendors

• What would be the optimal technical setup (agentless, accessible via internet, Cloud based...) • Is compatibility with existing tools necessary (e.g. ILMT required for IBM)

• What the cost of the tool compared to the software spend

• Will the tool help achieve your primary SAM goals, is it compatible with your SAM framework? • Others?

(24)

Tool Conclusion

Software Asset Management

24

Many different SAM tools exist, all with their own strengths and weaknesses: • There is no ‘silver bullet’

• Any SAM tool can be fit for purpose, as long as it fits your SAM goals • No tool can replace license expertise and SAM processes

• Manual input and user scrutiny will always be required

(25)

The Deloitte SAM Offering

(26)

Delivery models

The Deloitte SAM Offering

26

Type of Team Structure Pros Cons

Fully Insourced SAM Team • Highest degree of management control over

discrete processes

• Clear reporting lines / authority to affect change. • Internal team may know the business landscape

and drivers better

• Difficult to identify and retain necessary SAM specific expertise in house

• Can be challenging to scale (up or down) to meet the needs of the business.

• Requirement to build vendor specific software discovery and licensing knowledge base

Fully Outsourced SAM Team • Turn-key operation

• Tap into a global knowledge base of processes, procedures, methodologies and playbooks to accelerate SAM efforts

• Ease in scaling up or down the team • Velocity - Faster set up / maturity • More expertise delivered

• Highly dependent on outsourcer to achieve business value

• Lower authority to affect change; potential resistance from BUs

Hybrid SAM Team • Focus the internal team on the core SAM

business while delegating time-consuming tasks externally

• Most flexibility in scaling up or down the team internally and externally

• Not as turn key as outsourced

• Access to some, but not all, global knowledge bases

(27)

Deloitte Service Offering

The Deloitte SAM Offering

27 SAM process risk

assessments SAM policy, procedures, and roles development Strategy & organizational structure development SAM program assessment, design and

implementation Software License Optimization Software Vendor Rationalization SAM training

SAM point solutions

SAM tools installation and configuration Contract Administration System Implementation SAM tools

Software Asset Management

SAM transformation

Contract Administration

SAM Managed Services

SAM Managed Services

Continuous SAM compliance

(28)

Deloitte Managed Platform

Software Asset Management

28 Inventory data • Hardware information • Software installations • Software Usage • Users • Virtualization Business data • Entitlement and purchase history • Ownership and organisational structure • Asset information and Configuration Item (CMDB) • Contract management • Helpdesk Output data • Compliance reports • Decision support • Statistics • Risk analysis Deployment • Active Directory • Install software • Uninstall software Deployment Advanced configuration PowerShell

scripts Custom compare value Database XML import 3rd_{party systems} Integration via: ERP Document Management System Helpdesk/ Service Desk CMDB API/SDK Import/ export E-mail RSS Inventory data sources

Collection and delivery of customer data 3rd party inventory Cloud / Virtual SaaS XenApp ThinApp Vmware ESX App-V Hyper-V D.Platform D.Platform SW Recognition

(29)

Global CRC Partner Deloitte BE

ESL & Alliance Lead EMEA +32 2 800 24 39 [email protected] Jan Corstens Senior Manager Deloitte ME +971 555 386054 [email protected] Huzaifa Hussain CRC Partner Deloitte ME +971506522859 [email protected] Tariq Ajmal Senior Manager Deloitte ME +971555386054 [email protected] Aditi Babla

IIA UAE Technology Subgroup – Deputy Chairman Presenter on Software Asset Management

IIA UAE Technology Subgroup – CRC SME IIA UAE Technology Subgroup

Contacts

(30)

(31)

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a more detailed description of DTTL and its member firms.

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte’s more than 200,000 professionals are committed to becoming the standard of excellence.

About Deloitte & Touche (M.E.)

Deloitte & Touche (M.E.) is a member firm of Deloitte Touche Tohmatsu Limited (DTTL) and is the first Arab professional services firm established in the Middle East region with uninterrupted presence since 1926.

Deloitte is among the region’s leading professional services firms, providing audit, tax, consulting, and financial advisory services through 26 offices in 15 countries with more than 3,000 partners, directors and staff. It is a Tier 1 Tax advisor in the GCC region since 2010 (according to the International Tax Review World Tax Rankings). It has received numerous awards in the last few years which include Best Employer in the Middle East, best consulting firm, and the Middle East Training & Development Excellence Award by the Institute of Chartered Accountants in England and Wales (ICAEW).