Monday, May 11, 2009

Software Asset Management - White Paper

Software Asset Management

A process that puts you in control

You may be one of many who think of Software Asset Management (“SAM”) as simply a computer program. It’s much more than that. SAM is a process that involves your company’s policies and procedures—along with a software solution that turns data into information, so you can see exactly what you have on the network. Once you identify software assets, you can manage them. This leads to controlling costs, mitigating risks—and a speedy Return On Investment (“ROI”) and dramatic reduction in IT spending. All of which ultimately supports your business goals.

Today’s Situation

Does your IT Department know what copyrighted material is installed on each computer across the enterprise? (That includes software, MP3s, and video and music files.) When was the last time you conducted an IT audit? Are you overbuying or underbuying software? Are your software licenses in compliance?
If you don’t have all the answers, you’re not alone. For 75-80% of companies, these questions are difficult to answer. Most businesses pay more attention to controlling hard assets such as company cars or desks than they do to IT—when in fact they probably spend much more on software alone.
Microsoft Canada alone and in concert with the Business Software Alliance (“BSA”) has recently been very active conducting software audits in Canada. We have been called upon by a number of companies who have been contacted by the BSA in preparation of an audit and are understandably concerned about this development. In fact over a ¼ million dollars in negotiated settlements were paid last month to the BSA in Canada for under-licensing of installed software. In addition, it is estimated that 25% to 40% of all desktops and laptops in corporate Canada have some form of pirated or illegal software installed, without the knowledge of IT management.

The SAM Process

When it comes to developing the policies and procedures part of the SAM process, there are some core elements to consider:

• Your company should have a procedure for acquiring and deploying software. (This includes treating software as an important asset.)

• Employ the same high record keeping standards as with other assets.

• Institute a software code of ethics—for example: Do you allow the downloading of freeware?

• It is also wise to have employee end-user agreements.

You will also need an overall Software Asset Management Program or plan.

• Organize a Software Management Team with a member from every department—sales, human resources, legal, IT, etc.—to develop the plan.

• Determine the frequency of your audits.

• Review your plan annually to see if it reflects the reality of the environment.

• Utilize a software auditing tool to quickly deliver a complete and accurate software inventory.

What’s in it for you?

Are there any real benefits to your company from the process we call Software Asset Management? There are four areas where you come out ahead.

• Control software costs. With an accurate inventory, you eliminate overbuying software, and overpaying license fees (sometimes for software that is no longer on your system). Plus, you can recycle unused licenses, instead of automatically buying a new license for each new employee.

Also, by identifying where software installations live in the enterprise, you enable
charge backs. When individual departments are charged for their software, they
tend to make sure it’s necessary.

• Mitigate Risk. It’s now easier than ever to put your company at legal risk with copyrighted, digital material. Odds are there are illegal software suites, shareware (that’s not really shareware), MP3s, audio, and video on your network, even as you read this sentence. This material is not only unauthorized but it wastes precious storage space. Regular audits and centralized software purchasing help your IT Department to spot any potential dangers.

Should your company be unfortunate enough to loose an entire office of computers, an inventory of assets is the first step in your disaster recovery plan.
Discovering before hand what you have in terms of software supports full, fast,
and compliant continuation of your business.

• Ensure Compliancy. Recent federal regulations have created a whole new playing field when it comes to compliance.

1. The Canadian Securities Administrators published, on August 15, 2008, National Instrument 52-109 whereby a company’s CEO and CFO warrant that they have evaluated their company’s disclosure controls and IT procedures as being free of material weakness and free of fraud.

2. Canadian companies interlisted on an US exchange must adhere to Section 404 of the Sarbanes-Oxley Act whereby adequate software compliance controls and procedures are in place.

3. Federal Canadian copyright laws provide for severe financial and operational penalties for using pirated or illegal software.

• Make Informed Decisions. Platform upgrades are often chaotic and time consuming—for example, a plan for migrating from Windows 2000 to Windows XP over the weekend can be disrupted by the discovery that 16-bit programs won’t run on Windows XP. Knowing exactly what software you have is the first step towards predicting the impact of deploying new technology—and in the end, making intelligent IT purchases.

In other words, there are many new ways your company could get into trouble—which can be eliminated with a good software asset management program in place.

Manage the exceptions

Once you have a software inventory, you can compare it to your licenses, which gives you three very valuable pieces of information:

1. What is owned/authorized and installed.

2. What is installed but not owned/authorized—where your company is at risk for copyright and compliance violations, or unauthorized material takes up valuable server space.

3. What is owned/authorized but not installed—the software that your company pays for but doesn’t use.

In addition, once a baseline audit has been created, you can audit your network’s computers’ software by exception.

The step-by-step GASP approach

GASP offers a suite of software inventory tools that make it easy to create a complete and accurate list of copyrighted digital material on your network. Before you can manage it, you need to know where and what it is.

STEP 1. Gather audit data using any of three different methods.

GASP Audit captures information about installed software, MP3s, audio, video, and other files—and it’s able to identify almost 98% of previously unidentifiable applications. It also makes tracking easy by assigning a unique identifier to each system.
GASP Net facilitates GASP Audit in a large network environment. As GASP Net audits workstations, you are able to control what users see and don’t see. In addition, it periodically schedules audits and has minimal impact on network traffic.
GASP eAudit can collect data from any computer on a remote or local TCP/IP address (Internet, Intranet, LAN or WAN). In other words, if a system is online, GASP eAudit can do its job. In addition, it works discreetly without touching sensitive network login scripts or complicated network environments.

STEP 2. Import and process gathered data with GASP Report. These modules track owned licenses and provide authorized software profiles, all organized into easy-to-read detail and summary reports.

STEP 3. View audit data and print reports. You are able to see a list of all the copyrighted material on your system. Once GASP accurately identifies applications, it provides for simple entry of what software your own, and compares that information to installed software.

The GASP Software Identification Database (SID) contains information for more programs than any other product on the market. The SID combined with our proprietary identification algorithm and a robust auto-identification function lets us accurately identify applications—including almost 98% of those previously unidentifiable.

STEP 4. Manage the exceptions. Once GASP shows the variances—in one simple, quick report—you see where your company is exposed. With this big picture, you know which of the smaller pieces of data need to be managed.

GASP products

GASP offers two suites that combine the tools and technology to inventory all copyrighted materials on your system.

• GASP Standard—up to 500 seats. It includes the following tools:

GASP Audit

GASP eAudit

GASP Net

GASP Report

• GASP Enterprise—from 500 to 100,000+ seats, and includes the following tools:

GASP Audit

GASP eAudit

GASP Net

GASP Report

The GASP Advantage

Easy to use. Both GASP suites install quickly and come with a user-friendly help file.

Accurate. GASP identifies software based on the large SID and our internal signature function.

Flexible and complete. GASP audits for all copyrighted software, social networking, MP3s, video, and audio.

Functional. Export data from GASP into almost any format you want.


GASP—at the core of SAM and ROI

Although GASP is only one element in the process of Software Asset Management, it is a crucial one. Accurate IT inventory lets you control software costs, mitigate risks, ensure compliancy, and ultimately, make informed decisions. When it comes to projects like software upgrades, roll outs, and platform migrations, the right decisions—based on fact rather than guesswork—can reduce IT costs, ensure a fast ROI, and support your business objectives.


Success Vignettes

A major telephone company in Norway saved $2,000,000 on the renewal of Oracle licenses after using GASP.

Because it used GASP, a major oil company saved $45,000 in royalty fees for a program that was no longer installed.

A San Francisco financial investment firm budgeted for a period of three weeks to audit their 1500 computers—GASP finished the project in two days, saving the company time and money.

A company kept running out of space on its server, and couldn’t figure out what was wrong—a GASP audit discovered 21,000 MP3 files on the server that had been downloaded by an employee.

A major Canadian media company saved $275,000 on software licenses purchased, but never utilized, discovered by GASP.

A company’s network was besieged by viruses and malware, GASP discovered illegal copies of installed software; the result being that new security patches were not available or installed.

A Canadian school board suspected of having pirated software installed on their network was contacted by a software manufacturer who requested to perform an audit. Upon learning that GASP had audited their network, the software manufacturer deferred the request.

Monday, May 4, 2009

Four Canadian resellers get nabbed for software piracy

Microsoft Canada (Nasdaq: MSFT)announces four new legal actions against Canadian resellers allegedly selling unlicensed copies of Microsoft products as part of its channel monitoring program.
The lawsuits allege the businesses were illegally installing unlicensed software on the hard disks of computers or distributing counterfeit software to customers in the local market.
These four lawsuits are as a result of Microsoft Canada's channel monitoring program. The program is intended to reduce
the spread of counterfeit software by using tactics such as mystery shoppers, mediation meetings and ongoing monitoring.
The software alleged to have been hard disk loaded in these matters includes Windows XP Home, Windows XP Professional and Office Professional Edition 2003. Hard disk loading occurs when unlicensed software is installed on a computer and the necessary components (i.e. CD-ROM and Certificate of Authenticity) are not provided to the end user.
Christopher Tortorice, Corporate Counsel, Anti-Piracy, for Microsoft Canada, said these legal actions are part of an ongoing effort to foster a fair business environment and demonstrate Microsoft's unwavering commitment to protect its channel partners and unsuspecting businesses and consumers from the potential risks associated with counterfeit and unlicensed software.
“These lawsuits are meant to send a message to people who distribute unauthorized products and to educate consumers about the risks of purchasing pirated software. We are committed to supporting the genuine channel and will continue to identify and investigate organizations that manufacture and sell illegal software,” he said.
In Canada software piracy poses a major threat to both businesses and consumers, potentially exposing them to security breaches and putting their business data and reputations at risk. As well, honest channel partners lose revenue as they try to compete with unscrupulous retailers selling unlicensed product, he added.
According to the
Business Software Alliance, software piracy cost the Canadian economy an estimated $1.07 billion in 2007 alone.
“Piracy is an ongoing threat to the channel,” notes Ahmar Akhtar, product manager,
Canada Computers. “We are pleased to see Microsoft taking a stand against dishonest resellers. The channel monitoring program and resulting actions play a key role in creating a fair marketplace for honest resellers in Canada.”