Software Asset Management is a very complex and difficult process for many companies, and without tools to support these efforts, maintaining compliance is a major challenge. Unfortunately, SAM tool buyers tend to be oversold on unrealistic expectations about how comprehensive the tool is, and how easy it is to use. This document will shed light on those expectations and where SAM tools fail to protect their users from costly software audit findings.
The SAM tool limitations that are addressed in this report includes:
1. Remote Server Access
When you use remote server access software to provide applications to end users remotely, your SAM tool will only count one single installation of the software. However, when remote server access is used, applications can be utilized by any number of users that may have access to that server and potentially run that software. This section details the compliance gap that this scenario causes within your IT environment and recommended manual workarounds to fix this issue.
2. Software Environment Designation
Software publishers offer customers lower priced licenses for non-production, disaster recovery, or failover environments. However, when SAM tools scan software environments, they assume that any device where licensed software is found is being used for production purposes if not configured otherwise. This would require a more expensive license. As a result, customers can fall victim to buying additional production entitlements to cover the gap the tool is reporting. We detail the best practices in labeling environment designation within your SAM tool to prevent inaccurate deployment reporting in relation to software environment designation.
3. Unmeasurable Software Licensing Metrics
Software publishers commonly create new, complicated, and custom licensing metrics that SAM tools may not be able to accurately count. This section details different vendor examples, such as Microsoft's Client Access Licenses (CALs), as "unmeasurable" licensing product metrics and what workarounds need to be taken to account for these licenses to maintain optimal software compliance.
4. Microsoft's Active Directory
There are an abundance of solutions on the market that interact with or have the purpose of aiding the management of Microsoft's Active Directory product. Typically, these products are priced based on the number of Active Directory members in your IT environment. A SAM tool may be configured to import information from Microsoft's Active Directory, though it’s generally configured to only pull active devices and users, whereas certain software publishers like Quest Software may require all user accounts to be licensed (including disabled and inactive). Publishers like Quest Software can be very aggressive in their auditing techniques and target this scenario as an "easy" non-compliance finding. We detail the best approach in configuring your SAM tool to pull the necessary information to avoid compliance fees with software publishers that may license their products based on Microsoft's Active Directory information.
5. Activated Software Features
SAM tools are great for counting the number of licenses and where they may exist, but they struggle in identifying which features of a product are activated. Some software publishers like Oracle sell licenses with certain restrictions at a lower price than full-use licenses. However, it's common for software publishers to put little to no limitations in place for the customer to “turn on” additional features of such licensing that exceeds the restrictions specified in the contract. The SAM tool will only count if a license is active, not what features are activated. This section details how this occurrence can result in hefty software audit fees and ways that organizations can implement processes to control the activation of "non-authorized" features.
6. Personal or Pirated Software Keys
Most organizations work hard to communicate that only company-bought licenses are permissible for use, but there remains some risk that a user brings a “pirated” license into the environment. SAM tools cannot distinguish if a license key is “valid” or if it was personally brought into the organization by an individual. However, software publishers will be hyper-sensitive about any “invalid” keys and will pull them for review in an audit because it could be a sign that an organization is illegally duplicating or pirating their software. This section details the importance of identifying invalid or pirated licensing, and ways to eliminate them from your software environment before the software publishers exposes them in a software audit.
7. Cloud Portal User Assignment
Many publishers are switching to cloud-based software subscriptions, where access can only be assigned through a log-in into a publisher’s web portal. In some cases, a SAM tool may have a connector to access these portals and be able to pull that data back in, but this is rare and often error-prone. Many organizations will assume that the data pulled by the SAM tool is correct, when in reality it may be far from accurate. We detail how this information can be tracked accurately and what steps your SAM team needs to take to maintain software compliance in the cloud.
When used correctly, Software Asset Management tools are powerful and helpful, but none offers a one-stop solution to compliance. Organizations that continually monitor their license positions and run self audits of their environment will find the most success in reducing noncompliance instances.