Navigating the cloud: Why SAM is more important than ever

Best practice

Navigating the cloud: Why SAM is more important than ever

In 2011 we conducted some research into ‘ITAM in the Cloud’ with Victoria Barber from Gartner. At the time, ITAM Review readers were telling us:

• a)   For the most part Cloud contracts had not quite hit their desk and scope of remit…
• b)   …But they were expected it to do so soon

Two years on and the growth of Cloud continues to permeate the enterprise in all it’s different forms and a key concern for those of us in the industry is how will this change the role of SAM?

My view is that to think cloud means the end of SAM is to misunderstand what SAM is all about in the first place.

The territory is changing but the core principles remain the same.

Rather than a threat, the disruptive force of Cloud presents a great opportunity for those working day-to-day SAM to broaden their skills, value and strategic importance by helping their businesses navigate these new technologies.

Why SAM is more important than ever

The BSA have published a paper entitled: Navigating the cloud: Why Software Asset Management is more important than ever.

“Is SAM still necessary if a company moves to the cloud? The answer is an unequivocal yes. Although cloud services are different than traditionally distributed software in important respects — the need to effectively manage the lifecycle of software assets is equally compelling in a cloud environment.”

The document reads like a scrapbook of SAM concepts rather than a definitive piece of best practice guidance, but nonetheless it’s good to see BSA shining a light on some of the issues and the document provides some good nuggets:

Key Actions Points / Where to Start:

1. “SAM should be embedded in the Cloud Management Process
2. SAM functions should review their existing agreements and how their terms apply in cloud environments
3. SAM functions should initiate organization-wide policies governing the cloud to address, among other issues, the process for provisioning and releasing cloud services, required approvals and notifications, required controls, and the required terms and conditions to be included in cloud arrangements; and
4. SAM functions should gain visibility to and review all current cloud arrangements that the organization has (IaaS, PaaS, or SaaS), review the actual contracts, and understand what software assets are being used in the cloud and what potential licensing and other SAM related risks may exist.”

Shadow IT

That last fourth point might keep us busy for another decade.

With any person in the business equipped with a budget or a credit card able to buy and implement SaaS solutions by themselves without IT – a key challenge will be

• a) finding out exactly what services people have bought and
• b) what is it? (whose infrastructure does it touch, what technology / IP does it utilise, who can access it etc).

As a function, we need to address the growth of Shadow IT by bringing value add to the table, not bellyaching about governance. The SAM market began with inventory and auto-discovery. Management of Cloud requires the same. Watching a browser proxy to see what your users are up to and what cloud services they are buying isn’t going to cut it.

The paper also attempts to summarize some of the key considerations for Software Asset Managers:

SaaS Contract Risks:

• IP Infringement – SaaS provider may infringe on terms of third party IP, unwittingly put end user of SaaS provider at risk.
• Client side software components – ‘authorised users’ might be breached if any client side components (plug-ins, applets, agents etc) are not managed effectively
• Unauthorized use – breaching geographical constraints, shared logins, incorrect logins (e.g. Admin accounts rather than regular accounts) providing logins to third parties, generating value from the SaaS system and sharing with others who don’t have access.
• ‘Shelfware’
• Economies of Scale / Total cost of ownership forecasts – static costs may not add any marginal value when scaling services
• SaaS subcontracting e.g. Impact of Amazon infrastructure outage on SaaS provider

IaaS Contract Risks:

• Transferring existing software license to the cloud
• Unauthorized use – limits of Geography, third party usage, limit by device or platform
• Measuring hardware -related licensing metrics in the cloud
• Software vendor audits – audit provision for third party IaaS providers
• License reclaim if Cloud agreement is terminated

All of these issues point towards fewer configuration/IT led work and more contracts, business relationship management and vendor management.

You can grab a copy here: https://portal.bsa.org/samcloud/bsasamcloud.pdf

I would welcome your feedback on this paper – and in particular would love to hear what resources we could build on The ITAM Review to dig deeper into some of these issues and share your experiences in this area.

Can’t find what you’re looking for?