Software Licensing How good is your SAM ? are you prepared for a
advertisement
SOFTWARE LICENSING HOW GOOD IS YOUR SAM ? ARE YOU PREPARED FOR A SOFTWARE AUDIT? Michael Cooper, West Virginia University West Virginia University • Public, land-grant institution, founded in 1867. Located in Morgantown, West Virginia • Sixteen colleges and schools offering 185 bachelor's, master's, doctoral, and professional degree programs • Main campus: 29,500 students 21,500 undergraduate • 8000 faculty/staff • Four regional campuses • WVU Extension Offices in all 55 counties WHAT IS SAM? Software asset management(SAM) is a process • • • • • managing and optimizing the purchase deployment maintenance utilization disposal ITIL DEFINES SAM AS “…all of the infrastructure and processes necessary for the effective management, control and protection of the software assets…throughout all stages of their lifecycle.” GOALS OF SAM • Reduce costs • Limit risk related to the ownership and use • Maximize responsiveness and productivity CAPABILITIES • • • • • • • A single interface to deploy all hardware/software inventory and IT asset management processes Asset data audit, tracking Tracking of all hardware/software assets within a single database Asset tracking throughout the lifecycle including move, add, change and delete activities Service and maintenance contracts ensuring accurate tracking of financial and service impacts of asset changes Software metering functionality providing accurate monitoring of application usage Details on discovered software applications LEVELS OF SAM • • • • Post graduation employment Meaningful sense of inclusion Sensitivity and flexibility Fun place to work THE FUTURE IS “CLOUD” • SaaS – Software as a Service • PaaS – Platform as a Service • IaaS – Infrastructure as a Service SAAS • • • • • most hype/focus USD $12bn in 2011 /$22bn by 2015 Salesforce.com and Office365 The SaaS providers bill monthly systems and processes can cope with monitoring SaaS spend PAAS • • • • relatively uninteresting to the enterprise Azure and Cloudbees are examples of PaaS USD $0.5bn in 2011 / 2015 $1.7bn PaaS is mainly used by SaaS companies as a platform for their offerings and to interconnect data. IAAS • • • • • • Where your focus as an enterprise SAM practitioner needs to be The phrases “Internal Cloud”, “External Cloud” and “Hybrid Cloud” typically refer to IaaS clouds. Moving from physical servers to an internal, shared services cloud of VM’s is what IaaS is all about. Migrating from internal VM’s to externally hosted VM’s in Amazon AWS or Rackspace is also IaaS. USD $4.2bn in 2011. / $19.6bn by 2015 IaaS is the game changer for enterprise/corporate IT. RESOURCES 1. ISACA audit program ‘Software Licensing’ 2. COBIT 5: 3. www.isaca.org a) APO10.02 Select suppliers b) BAI03.04 Procure solution components c) BAI09.05 Manage licenses TechRepublic’s Software license compliance in 6 easy steps: http://www.techrepublic.com/article/get-it-done-software-license-compliance-in-six-easy-steps/5034304 4. Business Software Alliance http://www.bsa.org/country.aspx?sc_lang=en 5. Business Software Alliance: Software Audit Tools http://www.bsa.org/country/Tools%20and%20Resources.aspx 6. Business Software Alliance: Government Guide for Software Management http://www.bsa.org/~/media/C72B329D6F7E4B46A7467DE0151210A1.ashx 7. eHow’s Prepare for Software Licensing Audit: http://www.ehow.com/how_2102721_prepare-software-licensing-audit.html 8. Sassafras KeyServer http://www.sassafras.com/auditing.html DISCUSSION Have you been Audited? AUDIT PROCESS Software License Review Process The Adobe software license review process is comprised of the following standard procedures, including but not limited to: 1. West Virginia University’s completion of the attached Adobe Environment Worksheet, which will help determine the scope of the review. Please be prepared to discuss these worksheets in detail at our initial conference call, to be set within five business days of the date of this letter. 2. Submission of an Active Directory hardware report exported via the Windows based CSVDE command tool (see attached instructions). This tool needs to be run on each domain within your organization (if more than one). This report(s) is due to Adobe within 15 days of the date of this letter. 3. Submission of two installation data reports from your specified Software Asset Management (SAM) tool or Adobe scan tool (if needed) for all regions deemed within scope, as agreed upon during the phone conference. These reports are due to Adobe within 30 days of the date of this letter and will include the following: • • Desktop data - for all workstations in your organization Server data - supplemented by the Adobe Environment Worksheet 4. Submission of all additional purchase data, including data from your resellers, for all related entity names, for all regions, for all available historic dates, within 30 days of the date of this letter. To ensure completeness, please include the most data possible and go back in time as far as the reports allow. 5. Upon complete submission of the above deliverables, Adobe will compare your software deployment with your license purchases and the terms of the associated EULAs. Adobe will submit to you a findings report including complete license reconciliation for your records. 6. If the above analysis shows a deficit in licensing, we will ask that you work with your Adobe Account Manager and/or your reseller of choice to resolve any compliance findings by purchasing the deficient licenses immediately and no later than 14 days from the notification of findings by Adobe. Please prepare to make all supporting records available upon request. These steps will help to ensure an efficient review process as well as proper licensing for your organization. We have also enclosed a document containing frequently asked questions for your review. DISCUSSION How does your institution track software? DISCUSSION How many resources are deployed for SAM? DISCUSSION What are your “Lessons learned” regarding SAM? DISCUSSION Is your Institution using cloud services? Which ones? Are you satisfied? DISCUSSION Is SAM in your future? DISCUSSION Have you used Engagement Services such as SoftAID or CDW? DISCUSSION How are your resellers helping you with SAM? DISCUSSION Does your Internal Audit office understand the risks? DISCUSSION Are all your Software agreements reviewed by General Counsel?
