The new standard for software assets

Are you paying the right price for your software or are you paying too little or too much? We talked to a firm that aims to help companies get the right answers

Microsoft's purchase on Wednesday of software asset tracking system supplier AssetMetrix indicates that interest in this sector is growing, and comes as the International Standards Organisation (ISO) gears up to ratify the first internationally recognised standard for software asset management — ISO 19770.

Software asset tracking systems help organisations to understand what software they are using, what versions are installed and so forth. This is a core issue for organisations, especially large ones.

Many companies have great difficulty in keeping track of exactly what software they are using and have even more difficulty in answering what should be fairly simple questions, such as: What software is being used in what part of my organisation? Am I paying the appropriate licence fees to the right suppliers? Am I paying too much for my software?

As the issue of compliance has come to centre stage in many IT managers' thoughts, the issue of cost has also gathered more attention. Organisations like FAST and the BSA are constantly on the lookout for companies that are not paying enough for their software. But they are less concerned about the companies that may find they are actually paying far too much, often because their assets exist in "silos" when consolidation may bring bigger discounts, or because the department buying the software may simply be unaware of cheaper alternatives, such as open source.

Liken is a UK company that is growing in this field by offering advice to companies on how to ensure that their software assets are properly accounted for and, crucially, that they are paying the right price for those assets.

The company's directors, James Rowlands and Hugh Skingley, talked to ZDNet UK about the issue of software asset management, the role of the larger suppliers and the role of organisations like FAST and the BSA. They discussed whether the new ISO standard will finally make the issue of compliance easier to deal with.

Q: Why should UK companies consider paying for your service, rather than just keeping on top of their software assets themselves?
A: Liken provides a simple, serviced-based approach to software asset management. By monitoring precisely what companies have installed, what they are entitled to and how they use what they have, we can provide sound independent advice on how to minimise licence requirements and reduce maintenance costs.

We're also independent. Because we're not interested in selling licenses you have confidence that we are there to improve your processes and help you meet your goals, including saving money if so wished.

You use a tool to do this. How accurate is the tool? Is it expensive?
Our tool is a freely distributed part of our service. It just gathers data and sends it back to us for processing — we then do our job and deliver a guaranteed level of 95 percent of all files reconciled to their applications. Our service starts from £3 per PC per year.

Users need to make sure that their software and licensing policy complies with the right standards. What standards should they follow to ensure they are compliant?
The tools are not the key to achieving a standard, they are just tools. It's what you do with them that counts. The various standards including the forthcoming ISO 19770 provide an effective benchmark against which a company can measure its level of compliance: which one is best for your organisation probably depends upon external drivers such as peer pressure or government diktats. But ultimately, knowing exactly what you have and what you are entitled to is the name of the game. We would advocate whichever standard most closely matches your organisational objectives.

The Business Software Alliance and the Federation Against Software Theft promise to ensure that companies are compliant. Do companies need to use their standards and pay for them, or is there another way they can stay compliant?
The BSA tends to focus on enforcing the rights of vendors, such as Microsoft. FAST take a different approach — both enforcing the rights of members such as Conputer Associates, Novell, and others, but at the same time issuing and auditing a standard [FSSC1:2004].

The advent of ISO 19770 will allow companies to select a standard that is independent from any enforcement body and is internationally recognised. It's important to understand though that obtaining and maintaining a standard is not a necessary part of being compliant — it is perfectly acceptable to set your own internal standards and adhere to them. We would recommend that before a company commits to a standard they look at ITIL's guidelines for best practice.

Companies such as Oracle license software on a per-processor, and now on a per-core basis. This makes licensing very complex for users. How can they make this easier? How can users ensure they are getting best value from their licences?
To be honest, there is no magic wand. If companies are going to do this themselves then they need some in-house expertise, and they also need to ask the right questions of their vendor.

There are specialists and consultants out there, but be careful to ensure that they are not a reseller — if they are, be sure to get a second opinion. Having an independent software asset management (SAM) partner that understands your needs and works with you to meet your requirements will allow you to turn the tables on your reseller and negotiate from a position of renewed strength.

Your company specialises in providing services to help companies achieve their software asset management goals. From your experience, what are the main hurdles that companies encounter during a SAM project?
There are three main areas where most organisations stumble. The first is with file reconciliation, being able to tie up which applications files belong to. Audit tools will leave a lot of unreconciled files to be sorted and this can be a very time consuming process.

Second is locating licence documentation — many organisations have not been as careful with their licence documentation as they would be with other assets, thankfully proof of purchase will be OK in most cases, though this can still be problematic and time-consuming to obtain. And finally, interpretation of the licence grant: licences can be complex to understand and interpret — most organisations to not have the time or expertise to fully understand the documents that they have in their possession.

At face value, your approach appears to be one of outsourcing software asset management. Are there extra risks to an organisation from using a hosted solution such as yourselves?
Firstly, we need to stress that overall responsibility for SAM is always maintained by the organisation. The Liken service has been designed around providing hosted solutions to the problem areas of SAM — we can undertake as much or as little of the work as is required, it's a very flexible approach.

Outsourcing implies that an entire function is being given to the external party, and this does not accurately describe what we do. We believe that effective SAM can be a source of competitive advantage for the organisation and as such should be seen as something of a core competency. Our aim is to support our clients in achieving their SAM strategy with tools, experience and resources that would not be available to them internally. If anything is "outsourced", it is the administration- and labour-intensive tasks that do not add value to the organisation in themselves.