SAM is the business practice of managing and optimizing enterprise software within an organization. SAM provides the governance framework that covers the request, purchase, deployment, maintenance, use, harvesting, and disposal of software. Why should anyone including the CEO or CFO care about SAM? Three words: money, efficiency, security.
Software takes up 20-35% of the typical IT budget and enterprise software purchasing and upgrades are on the rise. With enterprise application software alone, Gartner research forecasts a worldwide growth to more than $201 billion in 2019. With organizations typically over- or under-license by approximately 30%, an effective SAM program could mean significant savings in the first year and a continual 10 to 15% reduction in the total cost of ownership (TCO) year-after-year. This could mean millions in savings in the first 5 years.
Software licensing is increasingly complex. Even as vendors promise to work on simplifying their licensing models, the sheer enormity of managing software licensing can be overwhelming. In all likelihood, your organization has and works with several software vendors, which intensifies and complicates the entire process. At the heart of any SAM program is the ability to truly understand and interpret a software vendor's contract(s) - specifically the terms & conditions and the licensing models and changes.
The first and foremost fact that any organization should understand is that purchasing software from a software vendor does not mean you own the software. It means you are purchasing the rights to use the software within a certain set of conditions - as stated in the contract.
A successfully implemented SAM program will result in:
- Reduced audit exposure and financial risk to the enterprise
- Reduced security risk from unauthorized software within the environment
- Minimized cybersecurity risk
- Improved budgeting process and financial controls
- Increased operational efficiency
As part of ITAM, SAM encompasses the infrastructure and processes necessary to effectively manage, control, and track software assets through all stages of their lifecycle. SAM plays a significant part in this, with software accounting for an ever-increasing percentage of overall IT budgets. Successful SAM programs reduce a variety of enterprise risks, improve the budgeting process and financial controls, increase operational efficiency and save significant amounts of money every month, and every year if proactively managed and supported.
According to industry analysts such as Gartner, the average company is over-licensed on around 30% of their inventory and typically at least 30% under-licensed in other areas. And while this may sound nicely balanced, rest assured the software vendors and licensing watchdogs won't agree! Every year, organizations waste millions in purchasing additional licenses that they didn't need - whether it be because they fail to re-deploy existing applications, don't take advantage of bulk/enterprise licenses, or fail to go through the proper procurement channels.
Everyone talks about the benefits of SAM, but it's rare that we actually hear about quantifiable results. There are plenty of reasons for this including a lack of standard measurement, incomplete strategy, poor planning or execution, or the lack of tools to measure results. There are plenty of reasons but having a real return on investment with measurable results will show executives and give them reason to understand and support SAM as an ongoing initiative.
I hear this one a lot. But the fact is, no C-suite worth its salt would say no to a program that delivers so key benefits. If you can't sell your C-suite on the necessity of a SAM program, you either didn't do your homework sufficiently, or didn't zero in on the benefits that would get their attention. What would get the undivided attention of senior management? Let's review some points here:
- First year savings of up to 45% and ongoing annual savings of 15-30%
- 98% risk reduction from non-compliance with regulations such as SOX and PCI-DSS.
- 98% risk reduction from software licensing non-compliance, which could cost thousands of dollars, or millions, depending on the size of your enterprise.
- Operational efficiencies that help the organization become more competitive, profitable, productive, customer-focused and prepared for growth.
Let's address some of the benefits of a successful SAM program with some real results:
With a proactive and dynamic SAM program, you are 98% prepared to face an audit and answer any questions the vendor may have. SAM is the insurance and assurance needed to ensure that you and the enterprise won't come up short on licenses or any other little issue.
Case and point: in 2010, a Fortune 500 financial services company was being audited by Adobe. The initial cost of license true-up was US$3.6 million, which would have blown away the remaining annual software budget set aside for much-needed HR and payroll software upgrades and enhancements. Through a comprehensive SAM best practices methodology and our organization's proprietary predictive analytics, the potential $3.6 million vendor audit fine was negotiated down by more than 75% to a little more than $800,000. In the case of the financial services company being audited by Adobe, three SAM areas were optimized to reduce spending:
- Leverage enterprise agreements
- License optimization (no more and no fewer licenses owned than required to meet contractual obligations)
- Reduced maintenance expenses
With SAM tracking usage, users, how, when, where, and what is being used, it increases security assurance and reduces or eliminates unauthorized usage and prevents the resulting damage that can occur. User and IT service management reduces work inefficiencies by 50% when unauthorized software access and downloads are eliminated. The limitation of unauthorized or even illegal access to software proactively prevents security gaps. By limiting access, software deployment can be easily tracked and identified. The savings in operations and support costs taking a significant downturn allows the organization to focus on more important business goals.
SAM has data IT Security can leverage around software installations, versions & editions, ownership, location, entitlements, assets & CIs. IT Security has standards and data that SAM can incorporate in their process on software black lists, software white lists, and user last login.
By working together and collaborating, these two groups will be able to protect your organizations infrastructure from security threats.
Having all this data intelligence will allow your organization to respond rapidly to identified security vulnerabilities. Software that have ceased to receive product updates and security patches from vendors. SAM will enable your company to quickly discover how many devices and applications are in the environment, along with their location, if they are under maintenance/support that are vulnerable. This information allows IT to proactively carry out more timely security patches and identify security threats sooner.
A holistic ITAM and SAM program will enable your organization to address the following key cybersecurity initiatives:
- Securely manage software assets and promote cybersecurity best practices
- Provide full transparency of IT assets across the enterprise to ensure a secure IT infrastructure that provides an effective defense against cyber attacks
- Protect the organization from data loss, employee downtime, and negative reputation resulting from data breaches
Case and point: What you want to avoid; in 2017, a credit reporting agency had a massive data security breach that could have been prevented, by applying a patch. Attackers entered its system through a web-application vulnerability that had a patch available two months prior to the breach. 143 million people's personal and financial data was exposed, and not to mention the bad press for the company; calling into question the organization's competence as a data steward.
This all could have been avoided if the security team had leveraged the information from the ITAM/SAM team proactively. They would have been able to receive a report that listed installed software assets in their IT environment and monitored for vulnerabilities. For this case looking for the Apache Struts 2 open source component used in one of their applications. They would have been able to quickly, and correctly mitigate and remediate the finding.
As much work as SAM programs may take during the strategic planning and implementation process, the fact is that this enables any organization to control its IT finance function down to the penny. A successful inventory of your software assets combined with the usage information will help you budget for future growth, M&A activity, and give you better control of software purchases.
An energy services provider that supplies over 600,000 residents in the Midwest with natural gas and electric wished to assess its current asset management practices and develop a more effective means of tracking them. During the d...