Software Asset Management (SAM) Blog

In the last few days, both Acer (Packard Bell) & Fujitsu have issued voluntary recalls for thousands of batteries which present a potential fire hazard.

What’s that got to do with SAM? Well, on the surface, not a lot.

But. As anyone involved in a SAM project knows, the result of the SAM program is only as good as the inventory information that goes in. And good inventory tools don’t just audit software, they can provide a lot of hardware information too.

In the case of the battery recalls, many organizations will face a lot of manual labor to identify what machines on their network are affected. However, by identifying the manufacturer, model and BIOS date of machines, finding those affected by the battery recall becomes child’s play - significantly reducing the time and effort, and avoiding a potentially dangerous mishap.

Just another example of how an organizations’ investment in SAM can pay dividends across all areas of IT operations.

For most of us, Software Asset Management starts (and unfortunately, often ends, but that’s another story) with the aim of establishing an organization’s software license compliance status.

Part of the process of arriving at a licensing position is the creation of a full software audit from PCs, servers and other devices across the network. But many organizations miss a trick by failing to realize what a truly valuable asset the software audit actually is.

In August 2009, the SANS Institute (a well respected organization involved in IT Security training and certification) published its “Twenty Critical Controls for Effective Cyber Defense: Consensus Audit”.

The Consensus Audit Group (CAG) comprises past and current CIOs and CISOs from federal agencies in the USA, who came together to agree on a prioritized set of 20 critical security controls.

Of these prioritized controls, the FIRST TWO are:

“#1 - Inventory of Authorized and Unauthorized Devices”
And
“#2 - Inventory of Authorized and Unauthorized Software”

Specifically, the CAG states that before anything else, organizations should:

“Deploy software inventory tools throughout the organization covering each of the operating system types in use, including servers, workstations, and laptops. The software inventory system should track the version of the underlying operating system as well as the applications installed on it. Furthermore, the tool should record not only the type of software installed on each system, but also its version number and patch level.”

For any organization either already invested in SAM or about to kick-off a SAM project, this is good news, as a class-leading software inventory solution such as FrontRange Discovery can help kill two birds with one stone. That very same information that’s critical to establishing what software is on the network (and therefore requires a license) can also be used by security professionals to check for authorized and unauthorized software.

And although this is a SAM blog, let’s not forget about the hardware. The same FrontRange Discovery technology that delivers a full software audit can also keep watch of exactly what PCs and other devices are connecting to the corporate network. As the CAG states:

“The [hardware] inventory should include every system that has an IP address on the network, including, but not limited to desktops, laptops, servers, network equipment (routers, switches, firewalls, etc.), printers, Storage Area Networks, Voice-over-IP telephones, etc.”

Again, this is where the choice of Discovery technology can make a real difference. Not all Discovery solutions can accurately cover all major Operating Systems, let alone detect a wide range of IP-addressable hardware. Many can’t even detect new PCs or devices that are added to the network in between scheduled audits.

So if you’re at the stage where you’re thinking (or maybe re-thinking) about the technology you need to support your organization’s SAM initiative, perhaps it’s worth thinking outside of the SAM initiative and looking for technology that will deliver a wider benefit to the business?

This blog is primarily concerned with managing software, but it’s worth remembering that Software Asset Management (SAM) is inextricably linked with other areas of IT operations, not the least the help desk or service desk.

Why? Because as we all know, creating an accurate software inventory is a critical part of SAM. And while you’re creating the software audit, any Discovery tool worth its salt should also be delivering a complete configuration audit of all PCs, servers and workstations on the network.

For ‘pure’ SAM, this hardware information might seem like redundant information. But it can actually deliver significant savings to in your service management efforts. According to Gartner and other industry analysts, the average help desk call lasts around 14-17 minutes. Approximately 42 percent of this time is spent assessing the current location, configuration, user details and software audit of the PC in question.

By having the full PC audit information automatically available to your helpdesk user – either as a fully integrated solution (like Centennial Discovery within FrontRange HEAT or FrontRange ITSM, for example) or automatically queried from the asset repository, organizations can dramatically reduce the length of individual helpdesk calls, leading to significant ITSM improvements.

So don’t view SAM in isolation, always remember that the efforts that go into managing software more effectively can also provide significant benefits in other areas of IT operations.

While not directly related to Software Asset Management, news that HP has recalled upwards of 70,000 lithium notebook batteries will be of interest to a number of organizations who have invested in SAM technologies - specifically automated discovery.

Anybody with a sizeable investment in HP / Compaq notebooks now faces the unenviable task of having to determine exactly what machines they have in their inventory, who has hold of them and where in the organization they are. For anyone with a network of more than 500 or so PCs, that’s going to be quite a task.

Thankfully, good Discovery can dramatically ease the task at hand, by presenting IT managers with an accurate inventory of exactly what PCs are on the network. Tools like Centennial Discovery can even identify individual models, making it far easier to determine exactly which PCs on the corporate network are affected by the recall.

In 2006, Sony initiated a massive recall of batteries, which were at risk of over-heating and catching fire. Some airlines even banned notebook use during flight for safety reasons.

A list of affected HP and Compaq notebook models can be found here.