BSA/Anglepoint “Is SAM still necessary if a company moves to the cloud? The answer is an unequivocal yes”
In 2011 we conducted some research into ‘ITAM in the Cloud’ with Victoria Barber from Gartner. At the time, ITAM Review readers were telling us:
a) For the most part Cloud contracts had not quite hit their desk and scope of remit…
b) …But they were expected it to do so soon
Two years on and the growth of Cloud continues to permeate the enterprise in all it’s different forms and a key concern for those of us in the industry is how will this change the role of SAM?
My view is that to think cloud means the end of SAM is to misunderstand what SAM is all about in the first place.
The territory is changing but the core principles remain the same.
Rather than a threat, the disruptive force of Cloud presents a great opportunity for those working day-to-day SAM to broaden their skills, value and strategic importance by helping their businesses navigate these new technologies.
Why SAM is more important than ever
The BSA have published a paper entitled: Navigating the cloud: Why Software Asset Management is more important than ever.
“Is SAM still necessary if a company moves to the cloud? The answer is an unequivocal yes. Although cloud services are different than traditionally distributed software in important respects — the need to effectively manage the lifecycle of software assets is equally compelling in a cloud environment.”
The document reads like a scrapbook of SAM concepts rather than a definitive piece of best practice guidance, but nonetheless it’s good to see BSA shining a light on some of the issues and the document provides some good nuggets:
Key Actions Points / Where to Start:
“SAM should be embedded in the Cloud Management Process
SAM functions should review their existing agreements and how their terms apply in cloud environments
SAM functions should initiate organization-wide policies governing the cloud to address, among other issues, the process for provisioning and releasing cloud services, required approvals and notifications, required controls, and the required terms and conditions to be included in cloud arrangements; and
SAM functions should gain visibility to and review all current cloud arrangements that the organization has (IaaS, PaaS, or SaaS), review the actual contracts, and understand what software assets are being used in the cloud and what potential licensing and other SAM related risks may exist.”
Shadow IT
That last fourth point might keep us busy for another decade.
With any person in the business equipped with a budget or a credit card able to buy and implement SaaS solutions by themselves without IT – a key challenge will be
a) finding out exactly what services people have bought and
b) what is it? (whose infrastructure does it touch, what technology / IP does it utilise, who can access it etc).
As a function, we need to address the growth of Shadow IT by bringing value add to the table, not bellyaching about governance. The SAM market began with inventory and auto-discovery. Management of Cloud requires the same. Watching a browser proxy to see what your users are up to and what cloud services they are buying isn’t going to cut it.
The paper also attempts to summarize some of the key considerations for Software Asset Managers:
SaaS Contract Risks:
IP Infringement – SaaS provider may infringe on terms of third party IP, unwittingly put end user of SaaS provider at risk.
Client side software components – ‘authorised users’ might be breached if any client side components (plug-ins, applets, agents etc) are not managed effectively
Unauthorized use – breaching geographical constraints, shared logins, incorrect logins (e.g. Admin accounts rather than regular accounts) providing logins to third parties, generating value from the SaaS system and sharing with others who don’t have access.
‘Shelfware’
Economies of Scale / Total cost of ownership forecasts – static costs may not add any marginal value when scaling services
SaaS subcontracting e.g. Impact of Amazon infrastructure outage on SaaS provider
IaaS Contract Risks:
Transferring existing software license to the cloud
Unauthorized use – limits of Geography, third party usage, limit by device or platform
Measuring hardware -related licensing metrics in the cloud
Software vendor audits – audit provision for third party IaaS providers
License reclaim if Cloud agreement is terminated
All of these issues point towards fewer configuration/IT led work and more contracts, business relationship management and vendor management.
I would welcome your feedback on this paper – and in particular would love to hear what resources we could build on The ITAM Review to dig deeper into some of these issues and share your experiences in this area.
The ongoing legal battle between VMware (under Broadcom ownership) and Siemens is yet another example of why ITAM goes far beyond license compliance and SAM. What might, at first glance, appear to be a licensing dispute, ...
During one of the keynotes at the FinOps X conference in San Diego, JR Storment, Executive Director of the FinOps Foundation, interviewed a senior executive from Salesforce. They discussed the idea of combining the roles of ...
I recently reported on the FinOps Foundation’s inclusion of SaaS and Datacenter in its expanded Cloud+ scope. At that time, I highlighted concerns about getting the myriad SaaS companies to supply FOCUS-compliant billing data. A couple ...
Podcast
No time to read? Want to stay up to date on the move? Subscribe to the ITAM Review podcast.
Marks & Spencer (M&S), the iconic UK retailer, recently became the latest high-profile victim of a devastating cyberattack. Fellow retailers The Co-Op and Harrods were also attacked. Recent reports suggest the rapid action at the Co-Op ...
During our Wisdom Unplugged USA event in New York in March 2025, we engaged ITAM professionals with three targeted polling questions to uncover their current thinking on Artificial Intelligence—what concerns them, where they see opportunity, and ...
In the world of ITAM, the regulatory spotlight continues to intensify, especially for financial institutions facing increasing scrutiny from regulatory bodies due to the growing importance of IT in operational resilience, service delivery, and risk management. ...
Executive Summary For ITAM teams, sustainability is a core responsibility and opportunity. Managing hardware, software, and cloud resources now comes with the ability to track, reduce, and report carbon emissions. Understanding emission scopes—from direct operational emissions ...