On this page you will learn about:

- The four types of SAM solution provider

- What to avoid

- What to ask for

Who are you talking to?
There are many SAM solution providers in the market.

To help you to understand how the market is structured we have broken it down into five groups.

Level 1 - Audit tool vendors

SAM is most commonly approached through the installation of an audit tool. 

The SAM market is dominated by the message from the tool vendors who play on the fact that most organisations are having difficulty in defining what software is on their network.

The standard argument is that if you don’t know what is out there, then there is a huge risk of non-compliance, so purchase a tool to define what is on your network, then all you have to do is purchase licences to cover whatever is found.

Before you set off down this path, read SAM Tools:
  • An audit tool will only tell you about installed software (much of your software licensing will be user based) - see Licence requirement
  • If your software estate is a little chaotic (Managing chaos) then an audit tool will only confuse you more.
  • You still have to manually match licences to the software installation counts for the vast majority of your installations (the tool will not do it for you whatever they say) - Reconciliation
  • For networks of 500+ machines, it can take months to deploy a tool properly.
  • A tool will only tell you the result of your problems, not where you actually need to improve your controls.

So the danger is that you purchase a tool expecting it to be simple to install and deploy.  You then expect it to produce results from which you can manage your software licences, when the reality is always less satisfying.

Unless your software environment is already very well controlled and standardised, then forget this idea completely.

So what should you do?

Level 2 - Audit tool resellers
There are then solution providers who offer to sell, install, deploy and interpet the results from the tool for you.

The output they focus on is a definition of your organisation's licence compliance position.

The standard argument here is that once you have defined your compliance position, all risks will have been mitigated and you will now reap all the benefits of SAM.

We would challenge that argument in every way.

Firstly, all they can possibly be doing is defining a moment in time.  As soon as they leave you will be left with an inadequate tool, no process and a compliance position that is no longer true.

Secondly, it is a myth that a compliance position allows you to mitigate risks and reap the benefits of SAM. 

Without putting the basic controls and processes in place, you are entering a cul-de-sac that you will have to fight your way out of every time you need information - Control SAM costs

A licence position should always be seen as an output of the SAM process, not as the key objective.

Level 3 - Licence optimisation services
There are also solution providers who focus on optimising your licence position or situation.

These guys bring in their own tools and expertise to deliver specific results, usually focussed on one publisher's products.

In principle this is what SAM should be all about, getting to the point that licences can be optimised in the best way possible.

The problem, as we argue in Licence optimisation, is that unless you have the basic controls in place, optimisation is hard to achieve and impossible to maintain.

Level 4 - SAM Process development
Which is why most Level 4 solution providers will talk about SAM processes in conjunction with the tools.

The common problem here is that the providers can lack experience in delivering processes that work.

Some solution providers in this group do actually have the knowledge to deliver such a solution but many are simply repeating what they have read in the ITIL ‘Best Practice for Software Asset Management’ and ISO 19770-1 template.

There may well be lots of good intentions but be very wary of what they are threatening to deliver.

Some simple rules to follow in terms of deciding whether such a solution will be of benefit to you:
  • Do you understand what is being offered?
  • Are there clear objectives and deliverables, or is it just talk?
  • What will it actually give you in tangible improvements?  Hold them to their promises.
  • Are you just doing this because it seems like a good idea or do you know what you want to achieve?
  • Why can't you do this yourself - How to do SAM

Level 5 - A proper solution

Finally you have very few solution providers who can do all of the above and then actually work with your organisation to develop a proper solution.

These solution providers don't try to sell your organisation a tool from the word go.  Of course at some point tools will be a necessary part of the solution, but if it is what they lead with then show them the door.

Solution providers that know what they are talking about have a proven track record with customers who are prepared to talk about the solution's success after it has been delivered.

And don't be taken in by years of experience in the SAM market.  If they cannot show you proof of actual delivery with living people prepared to back it up, then don't go there.

Often these guys are able to look at your organisation as a whole and build the SAM process into what already exists in terms of service management, help desk, CMDB etc, i.e. in the ways that ITIL suggest the service management piece holds together.

We would suggest that you expect SAM to become part of existing processes.  There is no need to start again, it is very much an integration or development of what already exists to allow licence management to take place in the way it should.

Of course the biggest problem that nearly everyone in all of these groups has is A conflict of interest...