How to wisely choose a Software Asset Management tool?

After the publication of my last article about the proper selection of the SAM tool in Polish, I received many requests to prepare it in English.

Based on over 15 years of experience in IT and SAM market observations during recent 4 years, I’ve decided to write a more detailed article on how to properly select SAM tool (though it may be used when selecting any IT tool).

On the one hand, the selection process seems easy, but on the other hand, it brings many problems and makes clients fall into a trap of their own choices.

I took part in many projects concerning various types of tools (ITSM, SAM, IDM, etc.) being on both sides – as a client and as a supplier. Each party has its goals. A supplier wants to sell and win a new client, whilst a client wants to address their complaints and challenges (usually ??).

From the supplier’s point of view, the matter seems pretty “easy” – they want to make a potential client interested in their product, show its advantages, but not focus on disadvantages (every tool has some). Finally, they want to successfully finalize the transaction.

From the client’s point of view, the matter seems quite “easy” too:

• they have certain problems to solve
• they focus on the goal considering the set of criteria
• they carry out research
• they evaluate
• they select
• they buy

Unfortunately, life shows that it is not that easy and obvious. That is why I decided to analyze this topic.

In an ideal world, in which only content-related matters are decisive, an organization should consider a few essential elements:

• Why does it decide to buy the system at all (SAM system by default, but it relates to every solution)?
• What are the challenges and their negative consequences?
• What should be important for us when selecting a solution, so it responds to challenges?
• What criteria should be met by the solution?
• How can we verify and test this function?
• How can we make sure we are not fooled by declarations? (especially in the public sector)
• What criteria should be met by a supplier (manufacturer and/or supplier)?

?

Item 1 – Why do we decide to buy the system at all?

It seems obvious… but not always. Every client should ask this question before starting the purchase procedure. It saves time and allows for focusing on the goal – WHY DO WE DO IT?

In the case of SAM tools these can be the triggers, amongst others:

• we are afraid of the audit by the manufacturer! There has been no audit in our company for a long time!
• We do not know what is used in our environment (equipment, software, licenses…)?
• I am not sure which software I have.
• Do I know everything about the entire environment (no “Shadow IT”)?
• Focusing on optimization of our environment.
• Do I know the answer to questions – How much? What? Who? How? – uses?
• and many others.

A very wise person once told me:

“Remember, if you are not able to calculate something, it means you are not able to manage it!”

And I agree with it.

It is worth answering such a question. It will allow us to put the goals into order, which should never be lost in the labyrinth of functions, options, or possibilities provided to us by tools.

?

Item 2 – What are current problems in our organization and what are their negative consequences?

The first chapter allowed us to realize why we need to address the SAM area in our organization. It is a good step, but now we need to make certain visualization and think where taking no action can lead us.

Question - Do I know everything about the entire environment?

Problem – No, we don’t! Do we have 1000 or 1500 virtual machines on VMware? Which software do we use in the server environment – is it only MS SQL database, or maybe Oracle as well?

Negative consequences – In the case of an audit, we may be surprised with something we had no idea about!!! It may lead to high financial penalties!! It may unexpectedly burden our budget !! It is a real threat.

And so on… There are many of these kinds of connections. It is just one example.

?

Item 3 – What should be most important to us when selecting the solution to respond to our challenges?

We know we face challenges.

We are aware of their consequences.

Well, it’s a start.

So, what should we do to avoid them, mitigate them, or eliminate them?

Having a tool will be helpful. Tracking and managing environments with over 500 machines, thus responding to the questions: what? where? how? how many times? how much time? by whom? is impossible.

OK, we know we need a tool… and here’s where the fun starts.

• What is available on the market?
• What will meet my expectations best way and respond to challenges?
• What functions should it have?
• Which tool should I choose?

Questions, questions, questions…

So, what should be most important for us when evaluating a tool? Here comes another task. We must determine what is most important considering our organization:

• SAP? Oracle? Microsoft?
• safety? communication?
• using already existing tools?
• proper detection and recognition of applications?
• SaaS subscription management?
• SAP Indirect Access?
• etc.

One thing that MUSTN’T be ignored is the experience of others since thousands of companies worldwide face the same challenges. Many of them have already made such exercises and made the decision. Maybe it is worth getting inspired by them.

What to do then?

• Search for information on the internet. That’s for sure! IATAM and Gartner are obligatory!

Once we identify tools available on the market, we can always get in touch with the manufacturer and request a tool presentation. it is a simple and interesting step as it allows us to see the way the manufacturer approaches our market.

• Is the manufacturer represented in our country?
• How difficult is it to contact the manufacturer? If this is difficult, it says a lot about the way a given market is seen by the manufacturer. Since the manufacturer does not want to present us with anything or have the opportunity to sell something, let’s just imagine what the support notification would look like.
• Are there any partners who offer implementation of such a solution? How many of them are there? Will I have some to choose from, or am I at the mercy of one supplier? How can the competitiveness of offers be ensured this way?

Once we see the presentations, it is worth taking a step back and thinking again about our challenges and problems. It is best to make a list to do so. I recommend the MoSCoW method. It involves the determination of the importance of individual functions from the point of view of business goals. The abbreviation is from the words: Must, Should, Could, and Won’t, e.g.:

MUST

• As precise as possible & complete detection of application in my infrastructure- Must
• Identification of proper version and edition of software – Must
• Maximally large database of patterns to detect applications – Must
• Connector to SCCM, VMware, Hyper-V, Citrix – Must
• Automatic detection of application bundles – Must

SHOULD

• Connector to MobileIron – Should
• Extended Coverage handling for Microsoft MS SQL – Should
• End of Life for detected applications – Should

COULD

• Connector to Zoom – Could
• Connector to Workday – Could
• Report at which machines the antivirus software is installed – Could
• Dates of the End of Premier support for Oracle – Could

WON’T

• Flash drive detection – Won’t
• Connector to GoToWebinar – Won’t

etc.

This will deal us with the issue regarding – What criteria should be met by the solution?

Let’s remember that in SAM support for the management of licenses is most important. Properly carried out balance or data for optimization are the main business goals of such a solution.

Ok, we are in half of the way. Now, we need to ask ourselves a question about how to check if the tools we are offered meet the requirements. Here, POC (Proof of Concept) or POV (Proof of Value) procedures will be helpful.

POC is technical verification, which in addition to confirming the function helps us respond to a few interesting questions:

• How long is the installation?
• How complicated is it to carry out the configuration of connectors to third-party systems?
• Does the system work in the way we were promised to?
• How fast will I be able to use data collected in the system?

etc.

On the other hand, POV in addition to technical review, is the search for actual business cases for the tool, including:

• areas for environment optimization
• identification of audit risks
• identification of the level of lack of awareness on the infrastructure we have, etc.

These matters can be then translated into actual values and arguments in the process of obtaining funds for the purchase of the system. We all know that the best way to get to a person who decides on expenditures is to have concrete arguments, best if expressed in monetary value. It is worth searching for them!

POC/POV procedures carried out on our infrastructure will respond to the question – How to verify and test the functions? It works in a similar way to many situations in our life, e.g. if we want to buy a car, we go for a test drive. Why should it be different in this case?

Ok, we are getting closer. We know already who does what. Now, depending on whether we are a private or public company, the steps will be different.

First of all, we need to prepare an appropriate document of requirements – a description of the order (in a public organization), or simply a specification of requirements. Additionally, in the case of private organizations, we may simply decide to buy a given solution. Here, a question is asked again about the number of companies on the market which can implement the given technology. It is worth asking this question beforehand.

Once our requirements are well defined (functional and non-functional ones), we need to think about subject requirements. They should ALWAYS correlate to the size and complexity of our organization. If someone has implemented a solution offered in 10 companies with 1000 machines each, it does not mean that they will successfully deal with the implementation in an organization with 5,000 or 15,000 machines. The scale is different, the complexity level is different, and the range of problems is different. It is also important to verify what the reference refers to. SAM area, and thus its support system, is quite a complex field. We should check if someone offers a reference for the implementation of a solution we are offered with.

The second elements are requirements for implementation specialists. It seems simple, but:

• will they be able to communicate with us in our language? Communication problems are one of the most common reasons for the failure of projects.
• Do they have experience in the field that is SAM? Granting licenses is a complicated matter, and without appropriate qualifications, the realization of such a project is not possible and the effects can be serious.

An interesting idea is also to supplement the execution of the procedure with teleconferences/meetings with other clients, which have already selected SAM solution. They have executed precisely the same process so maybe it is worth listening to them. It will allow us to verify the references.

Item 4 – How not to be fooled by declarations (mainly for the?public sector)

Response to this question appears mainly in public institutions because in the private sector once we checked and know what we want to buy, we can simply do it. However, in the public sector, it is a little bit different, as public procurement law makes us buy what may not meet our expectations and it may only turn out not to meet them a few months after implementation.

However, we need to do due diligence to minimize the negative impact of improper choice. There are several possibilities, e.g.:

• Proper determination of criteria for evaluation of offers – not only the price but also e.g., additional functions, implementation time, Gartner assessment, etc.,
• A sample or POC of the system with the verification of function prior to entering into a contract,
• The presentation which verifies if the required functions are offered by the tool as for the day of filing the offer (if the system is equipped with a connector to Citrix it can be easily checked after all),
• A meeting verifying the size of the database of patterns detecting applications, etc.

As shown above, a lot can be done prior to selecting SAM tool. If we choose the wrong solution, we will stay with it at the end of the day. After reading all the above recommendations, it may seem that the work will take years. But no, if you look into mature SAM solutions, the procedure can be carried out quickly and with quite a low workload.

I would like to encourage you to take a moment to think about it. Software Asset Management (SAM), which is a tool to manage licenses and software is, in my opinion, one of the most important areas to which every manager / Director, CIO / CFO should respond. It brings numerous actual benefits and allows us to avoid hidden risks which arise from hybrid IT environments. Each of us will be facing them sooner or later, no matter the size or complexity of an organization. It is better to be prepared.

So, LET’S BE SAM!!!

S - Smart, A - Aware, M – Mature

Have a great day and contact me via LinkedIn.