How to Mitigate Business Risk Using SAM and SLM Tools

Superstorm Sandy, the Fukushima Daiichi nuclear plant near-meltdown and ongoing regional natural disasters such as Typhoon Haiyan all wreak havoc with the capability of many affected companies - thousands, if not more - to continue business operations.

We define business risk as any event or activity that threatens the capability of a company to concentrate on its primary goal of generating revenue. There's also business risk from unexpected or unbudgeted costs to a company owing to improper management or monitoring of the software running in an enterprise. Do you recognize that there may be significant business risks to your company lurking in your IT operations, even as you take the time to read this article?

Business risk is what organizations continually work to mitigate via disaster recovery or business continuity plans - and rightfully so. But a company may also be exposed to elevated business risks owing to two frequently overlooked issues: Software asset management (SAM) and software license management (SLM). Let's take a look at the how your organization can mitigate business risk using SAM and SLM.

Managing Software Assets: Know What Users Have Installed

Managing software assets is often treated as an afterthought in many enterprise IT organizations. Mismanagement of software assets is often thought of as a low-priority, "victimless" action - that is, a task that doesn't directly impact your company or its business. No one calls and complains if you haven't run a software inventory scan in the last week or month or year.

Yet improperly managing software assets exposes the company to considerable business risk simply because of the likelihood that your users may run unapproved software on the company computers they use to perform their jobs. Unapproved software installed or running in an enterprise can produce numerous detrimental effects:

  • Exposing the company to copyright lawsuits and fines if software isn't properly licensed
  • Increasing the hardware budget for upgrades arising from contention for disk space, processor and/or RAM resources
  • Increasing support costs and the general complexity of the computing environment
  • Introducing security exposures thanks to unapproved software that may conflict with approved software or contain viruses
  • Causing corporate compliance issues or outright financial liabilities from use of unauthorized software

A comprehensive, automated SAM tool can mitigate all of these potential risks. SAM tools perform regular, automated scans of all corporate computing resources, looking for approved and unapproved software installations. The output of a SAM tool includes a listing and inventory count of all instances of approved corporate software, as well as any instances of unapproved software.

Unapproved or unauthorized software must be removed as soon as possible upon detection by the SAM tool. To minimize business risk, your IT staff must follow up with all users who have installed unapproved software on company computers. A SAM tool may also feature an automated uninstall feature that can remove unauthorized software without any requiring intervention from your support staff or the user.

Analysis: Why Don't Risk Management Programs Work?Tips: 5 Ways to Create a Collaborative Risk Management Program

You can use the output of a SAM inventory to set a baseline for the quantity of each specific piece of software installed in your company. You can use this baseline, along with ongoing incremental expansion or retraction of installed software instances, to plan and predict future software requirements.

You can leverage your SAM tool to provide software compliance reports to executive management and your corporate or IT compliance officer. SAM tools also show you which versions of software are installed in your company - vital information when planning future software upgrades.

Many companies include a "no unauthorized software" warning as part of each user's network login script. Many companies also include a prohibition in employee handbooks and employment contracts against installing unauthorized software on corporate computers.

These warning statements can give your company the basis for removing unauthorized software from corporate computers, but you should discuss that issue with your corporate counsel before removing unauthorized software from user's computers. You may also leverage SAM uninstall capabilities to remove authorized software that's a version not supported by the company.

Why does software license management present such a big business risk to your company? The Business Software Alliance - the software industry's biggest licensing cop - estimates that piracy cost software companies more than $60 billion in 2012 alone. That's a ton of money that software companies would rather see in their coffers than lost to software pirates.

Analysis: Pirated Software a Shortcut to Malware - and Worse

As a result, penalties for software piracy are fairly stiff. Here's where SLM can provide peace of mind and mitigation of business risk. Your company can avoid costly court battles and fines by properly and consistently monitoring and managing software licenses.

SLM tools provide a benefit similar to SAM for companies by documenting and tracking software license counts. As such, SLM is a natural companion to SAM tools; both are frequently bundled as an integrated solution. We strongly recommend that your SAM and SLM tools be integrated into a single, seamless tool to ensure that they communicate well with each other. Agent-based SAM and SLM tools should need only a single agent on each computer for both of these management tasks.

Most large IT organizations use enterprise licensing agreements for popular software. Knowing actual software license usage is critical to negotiating current and future software licensing agreements. SLM operates in much the same way as SAM tools by running regular, automated scans of all corporate computers to extract licensing info for each piece of software installed. This installation count can be compared to corporate licensing agreements to make sure they stay within your legal licensing limits.

Tips: How IT Departments Can Prepare for a Software License AuditMore: How to Choose the Best License for Your Open Source Software Project

Any time an SLM tool discovers unlicensed software installed on a user's computer, whether authorized or unauthorized, you must quickly resolve licensing issues as soon as they're discovered. SLM tools may have an intrinsic uninstall capability, or you may use your SAM tool to automagically uninstall unlicensed software without requiring user intervention or the involvement of support staff.

SAM, SLM Key to Mitigating Business Risk

A comprehensive SAM and SLM management strategy is key to minimizing business risks owing to software inventory and licensing issues. If you don't have SAM and SLM tools in place, getting software management tools deployed and operational should be your first priority.

If you already have SAM and SLM tools, this is a great time to conduct a functional review of your software assets and licensing efforts. You can also volunteer for a compliance audit of your company software management capabilities, just to make sure that everything is copasetic.

Keep your head out of the sand and actively manage your software installation and licenses in order to keep risk to a minimum. Sooner or later, the business risk associated with software management will have a detrimental financial effect on your company if you don't have a SAM and SLM risk mitigation strategy in place.

Earl Follis has worked as a technical trainer, technical evangelist and network administrator. He's also the co-author of numerous books, and his primary areas of technical interest include networking, operating systems, cloud computing and unified monitoring. Ed Tittel is a freelance writer and consultant who specializes in Web markup languages, information security and Windows OSes. Together, Minnick and Tittel are the authors of the forthcoming book Beginning Programming with HTML5 and CSS3 For Dummiesas well as numerous other books.

Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.

Read more about consumer in CIO's Consumer Drilldown.

This story, "How to Mitigate Business Risk Using SAM and SLM Tools" was originally published by CIO .

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies