SOFTWARE LICENSING HOW GOOD IS YOUR SAM ? ARE YOU PREPARED FOR A SOFTWARE AUDIT?

crookpatedspongyΛογισμικό & κατασκευή λογ/κού

2 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

86 εμφανίσεις

SOFTWARE LICENSING

HOW
GOOD IS YOUR SAM
?

ARE
YOU PREPARED FOR A SOFTWARE AUDIT?

Michael Cooper, West Virginia University

West Virginia University


Public, land
-
grant institution, founded in 1867. Located
in Morgantown,
West Virginia


Sixteen colleges
and schools offering 185 bachelor's,
master's, doctoral, and professional degree programs


Main c
ampus: 29,500
students 21,500
undergraduate


8000
faculty/staff


Four
regional campuses


WVU Extension Offices in all 55 counties

WHAT IS SAM?

Software asset management(SAM) is a

process



managing
and optimizing the
purchase


deployment


maintenance


utilization


disposal


ITIL DEFINES SAM AS


“…
all of the infrastructure and processes
necessary for the effective management, control
and protection of the
software
assets…throughout
all stages of their lifecycle.”

GOALS OF SAM


R
educe costs


L
imit
risk related to the ownership and
use


Maximize
responsiveness and productivity


CAPABILITIES


A single interface to deploy all hardware/software
inventory and IT asset management processes


Asset data audit, tracking


Tracking of all hardware/software assets within a single
database


Asset tracking throughout the lifecycle including move,
add, change and delete activities


Service and maintenance contracts ensuring accurate
tracking of financial and service impacts of asset
changes


Software metering functionality providing accurate
monitoring of application usage


Details on discovered software applications

LEVELS OF SAM


Post graduation employment


Meaningful sense of inclusion


Sensitivity and flexibility


Fun place to work

THE FUTURE IS “CLOUD”


SaaS


Software as a Service


PaaS


Platform as a Service


IaaS


Infrastructure as a
Service

SAAS


most
hype/focus


USD
$12bn in
2011

/$22bn
by
2015


Salesforce.com
and
Office365


The
SaaS providers bill monthly


systems
and processes can cope with
monitoring SaaS
spend

PAAS


relatively
uninteresting to the
enterprise


Azure
and Cloudbees are examples of
PaaS


USD
$0.5bn in
2011 / 2015 $1.7bn


PaaS
is mainly used by SaaS companies as a
platform for their offerings and to interconnect
data.

IAAS


W
here
your focus as an enterprise SAM practitioner
needs to
be


The
phrases “Internal Cloud”, “External Cloud” and
“Hybrid Cloud” typically refer to IaaS clouds.


Moving
from physical servers to an internal, shared
services cloud of VM’s is what IaaS is all about.


Migrating
from internal VM’s to externally hosted VM’s in
Amazon AWS or Rackspace is also IaaS.


USD
$4.2bn in 2011
. / $
19.6bn by 2015


IaaS
is the game changer for enterprise/corporate IT.

RESOURCES


1. ISACA audit program ‘Software Licensing

www.isaca.org

2. COBIT 5:

a) APO10.02 Select suppliers

b) BAI03.04 Procure solution components

c
) BAI09.05 Manage licenses

3.
TechRepublic’s

Software license compliance in 6 easy steps:

http
://
www.techrepublic.com/article/get
-
it
-
done
-
software
-
license
-
compliance
-
in
-
six
-
easy
-
steps/5034304

4. Business Software
Alliance
http://www.bsa.org/country.aspx?sc_lang=en

5. Business Software Alliance: Software Audit Tools


http://www.bsa.org/country/Tools%20and%20Resources.aspx

6. Business Software Alliance: Government Guide for Software Management



http://www.bsa.org/~/media/C72B329D6F7E4B46A7467DE0151210A1.ashx

7.
eHow’s

Prepare for Software Licensing Audit:


http://www.ehow.com/how_2102721_prepare
-
software
-
licensing
-
audit.html

8. Sassafras
KeyServer



http://www.sassafras.com/auditing.html


DISCUSSION

Have you been Audited?


AUDIT PROCESS






So
ft
w
a
r
e L
i
c
en
s
e

R
e
vi
e
w

P
r
o
c
e
s
s


T
h
e

Ad
o
b
e

s
o
ftwa
r
e

lic
e
n
s
e

r
ev
i
e
w

p
r
o
c
e
ss

is

c
om
p
r
i
s
e
d

o
f

t
h
e

f
o
l
l
o
wi
n
g

sta
nd
ard

p
r
o
c
e
du
r
e
s,

i
n
cl
ud
i
n
g
bu
t

n
o
t

l
i
m
i
t
e
d
t
o
:


1
.

W
e
st

V
ir
g
i
n
ia

U
n
i
ve
r
sit
y

s

c
om
p
l
et
i
o
n

o
f

t
h
e

at
t
a
c
h
ed

A
d
ob
e

E
n
v
i
r
o
n
me
n
t

W
o
r
k
s
h
eet
,
w
h
ich

will

h
e
lp

d
ete
r
m
i
n
e

t
h
e

sc
o
p
e

o
f

t
h
e

r
e
v
iew.
P
lea
s
e

b
e

p
re
p
ared

t
o

d
i
sc
u
ss

t
h
e
s
e
w
o
r
k
s
h
e
e
ts

in

d
e
tail

at

o
u
r i
n
itial

c
o
n
f
e
r
e
n
c
e

call,

to

b
e

s
e
t

wit
h
in

fi
v
e

bu
si
n
ess
d
a
y
s

o
f

t
h
e
d
ate

o
f t
h
is

l
et
t
er.


2
.

Sub
m
issi
o
n

o
f

an

A
c
t
i
ve

D
ir
ect
o
r
y

ha
r
d
w
a
r
e

r
e
po
r
t

e
x
p
o
r
t
e
d

v
ia

t
h
e

Wi
ndo
ws

b
as
e
d

C
SVD
E
c
o
m
m
a
n
d

t
oo
l

(
s
e
e

a
t
tac
h
e
d

i
n
str
u
cti
o
n
s).

T
h
is

t
oo
l
n
ee
d
s

to

b
e

r
u
n

o
n

e
ach

d
o
m
ain

wit
h
in
yo
u
r

o
r
g
a
n
i
z
ati
o
n

(if

m
o
re

t
h
an

o
n
e
).

T
h
is

r
e
p
o
rt(s)

i
s

du
e

to

A
d
o
b
e

wit
h
in

15

d
a
y
s

o
f

t
h
e
d
ate

o
f t
h
is

l
et
t
er.


3
.

Sub
m
i
ssi
o
n

o
f

t
w
o

in
s
t
a
l
la
t
i
o
n

d
a
ta

r
e
po
r
ts

f
r
o
m

y
o
u
r

s
p
e
cified

S
o
f
t
ware

A
s
s
e
t
M
a
n
a
g
e
me
n
t

(
S
A
M
)

t
o
o
l
o
r

Ad
o
b
e

scan t
o
o
l
(
if
n
ee
d
e
d
)

f
o
r all r
e
g
i
o
n
s

d
e
e
me
d w
i
t
h
in sc
o
p
e
,
as

a
g
r
ee
d

up
o
n

du
ri
n
g

t
h
e

ph
o
n
e

c
o
n
f
e
r
e
n
c
e
.

T
h
e
s
e

r
e
p
o
rts

are

du
e

t
o

Ado
b
e

wit
h
in

30

d
a
y
s

o
f t
h
e

d
ate

o
f

t
h
is l
e
t
t
e
r a
n
d will i
n
clu
d
e

t
h
e

f
o
l
l
o
wi
ng:




D
es
k
t
o
p

d
ata
-

f
o
r all

w
o
rk
s
tati
o
n
s

in
y
o
u
r

o
r
g
a
n
i
z
ati
o
n



S
e
r
ve
r

d
ata
-

s
upp
l
e
m
e
n
t
e
d
b
y

t
h
e

Ad
o
b
e

E
n
v
i
r
o
nm
e
n
t

W
o
rks
h
e
et


4
.

Sub
m
issi
o
n
o
f all

ad
di
t
i
ona
l

pu
r
c
h
a
s
e
d
a
ta
,

i
n
cl
u
d
i
n
g
d
ata fr
o
m

yo
u
r r
e
s
e
llers,

f
o
r all r
e
lat
e
d
e
n
tity

n
a
m
es,

f
o
r all

r
e
g
i
o
n
s,

f
o
r all

a
v
aila
b
le

h
is
t
o
ric

d
at
es
,

wit
h
in
30

d
a
y
s

o
f

t
h
e

d
ate

o
f t
h
is
letter.

T
o

e
n
s
u
re

c
o
m
p
l
et
e
n
ess,

p
lea
s
e

i
n
cl
ud
e

t
h
e

m
o
st

d
ata

p
o
ssi
b
le

a
n
d

g
o

b
ack

in

ti
m
e
as

far as

t
h
e

r
e
p
o
r
t
s

al
l
o
w.


5
.

U
p
o
n c
o
m
p
l
e
t
e

s
ub
m
i
ssi
o
n
o
f t
h
e

a
bo
v
e

d
e
li
v
e
r
a
b
les,

Ad
o
b
e

will
c
o
m
p
a
r
e

yo
u
r
s
o
f
t
ware
d
e
p
l
o
y
me
n
t with

yo
u
r

lic
e
n
se

pu
rc
h
as
e
s

a
n
d

t
h
e

ter
m
s

o
f

t
h
e

as
s
o
cia
t
e
d

EU
L
A
s.

Ad
o
b
e

will
s
ub
m
it

t
o

yo
u

a

f
in
d
i
ng
s

r
e
po
r
t

i
n
cl
ud
i
n
g c
o
m
p
l
e
t
e

li
c
e
n
se

r
e
c
o
n
ci
li
a
ti
o
n
f
o
r

y
o
u
r r
e
c
o
r
d
s.


6
.

If

t
h
e

a
b
o
v
e

a
n
a
l
y
sis

s
h
o
ws

a

d
e
ficit

in

l
i
c
e
n
si
ng
,

we

will

ask

t
h
a
t

y
o
u

w
o
rk with

y
o
u
r

Ad
o
b
e
A
cc
o
un
t

M
a
n
a
g
e
r

a
nd
/
o
r

yo
u
r

r
e
s
e
ller
o
f

c
h
o
i
c
e

to

r
e
s
o
l
v
e

a
n
y

c
o
m
p
lia
n
ce

f
i
nd
i
ng
s

b
y
pu
r
c
h
a
si
n
g

t
h
e

d
e
f
i
c
i
e
n
t

l
i
ce
n
s
es

i
m
me
d
ia
t
e
ly

a
n
d

n
o

la
t
e
r

t
h
an

14


d
a
y
s


fr
o
m

t
h
e
n
o
tificat
i
o
n

o
f fi
nd
i
ng
s

b
y

Ad
o
b
e
.


P
lea
s
e

p
r
e
p
a
r
e

t
o

m
a
ke

all

s
upp
o
r
t
i
n
g

r
e
c
o
r
d
s

a
v
aila
b
l
e

up
o
n

r
e
qu
e
st. T
h
e
s
e

s
t
e
p
s

will

h
e
lp

t
o

e
n
s
u
re

an
e
fficie
n
t

r
ev
i
e
w

p
r
o
c
e
ss

a
s

w
e
ll

as

p
r
o
p
e
r

li
c
e
n
si
n
g

f
o
r

y
o
u
r

o
r
g
a
n
i
z
at
i
o
n
.

We

h
a
v
e

a
l
so

e
n
c
l
o
s
e
d a
d
o
c
um
e
n
t

c
o
n
tai
n
i
n
g fr
e
q
u
e
n
tly

a
s
k
e
d
qu
e
sti
o
n
s

f
o
r

y
o
u
r r
e
v
i
e
w.

DISCUSSION

How
does your institution
track
software?

DISCUSSION

How many resources are deployed for
SAM?

DISCUSSION

What are your “Lessons learned”
regarding SAM?

DISCUSSION

Is your Institution using cloud services?


Which ones?


Are you satisfied?


DISCUSSION

Is SAM in your future?

DISCUSSION

Have you used Engagement Services
such as SoftAID or CDW?

DISCUSSION

How are your resellers helping you with
SAM?

DISCUSSION

Does your Internal Audit office
understand the risks?

DISCUSSION

Are all your Software agreements
reviewed by General Counsel?