Following on from this – what can be done to plug the gaps? What are the tactical steps a business can take to stop software compliance leaks and start gaining control?
1. Centralise Purchasing
2. Educate End Users About Software Management
3. Manage Software Changes
Build processes or checklists around inputs and outputs to your software estate (Install, Move, Add, Change, new starter, leaver, etc)
Consider preventing unauthorised changes via lock down or white listing applications
Reduce unauthorized changes by monitoring new installs by end users and reprimanding / advising / escalating / educating accordingly
Build a software request process for end users that checks entitlement before purchasing new applications and seeks manager approval
4. Maintain Accurate Licensing Records
Store digital records as well as paper receipts, proof of purchase or license details
Keep a database of installations versus entitlement
Restrict and manage the distribution of software media
Validate that licensing terms and conditions are being adhered to by training someone internally, seeking third party guidance or by seeking written validation from the vendor that you are licensed correctly.
5. Manage Virtual Environments
For virtualised software make sure you know what you are entitled to use, what the worst case scenario might be if usage peaks and how you will monitor ongoing usage.
For virtualised machines make sure you know what you entitled to use, how your license position will change if the environment changes and you plan to ongoing usage.
6. Only purchase software from a reputable business partner.
What other basic steps should be taken to prevent software compliance headaches?
The ongoing legal battle between VMware (under Broadcom ownership) and Siemens is yet another example of why ITAM goes far beyond license compliance and SAM. What might, at first glance, appear to be a licensing dispute, ...
During one of the keynotes at the FinOps X conference in San Diego, JR Storment, Executive Director of the FinOps Foundation, interviewed a senior executive from Salesforce. They discussed the idea of combining the roles of ...
I recently reported on the FinOps Foundation’s inclusion of SaaS and Datacenter in its expanded Cloud+ scope. At that time, I highlighted concerns about getting the myriad SaaS companies to supply FOCUS-compliant billing data. A couple ...
Podcast
No time to read? Want to stay up to date on the move? Subscribe to the ITAM Review podcast.
Marks & Spencer (M&S), the iconic UK retailer, recently became the latest high-profile victim of a devastating cyberattack. Fellow retailers The Co-Op and Harrods were also attacked. Recent reports suggest the rapid action at the Co-Op ...
During our Wisdom Unplugged USA event in New York in March 2025, we engaged ITAM professionals with three targeted polling questions to uncover their current thinking on Artificial Intelligence—what concerns them, where they see opportunity, and ...
In the world of ITAM, the regulatory spotlight continues to intensify, especially for financial institutions facing increasing scrutiny from regulatory bodies due to the growing importance of IT in operational resilience, service delivery, and risk management. ...
Executive Summary For ITAM teams, sustainability is a core responsibility and opportunity. Managing hardware, software, and cloud resources now comes with the ability to track, reduce, and report carbon emissions. Understanding emission scopes—from direct operational emissions ...