Many companies think that cloud computing is the solution to all their IT struggles, from cost reduction to eliminating the risks of non-compliance. And it’s easy to understand why – they would simply provision the computing resources or assign the licenses to users and be charged accordingly. They couldn’t be more far from the truth.
Not only that the cloud doesn’t eliminate the need of Software Asset Management (SAM), but it makes it more relevant than ever. And SAM practitioners have learned to adapt and operate in the new context.
The cloud is still software and the hardware infrastructure that software runs on still exists. Only the responsibility to maintain and fix the infrastructure – both hardware and software, is shifted from the end-user to the cloud service provider. There is still software that needs to be effectively licensed and the procurement of it needs to be centrally managed. That’s why SAM is still relevant and dismissing it would be costly for organizations of all sizes.
In on-premise environments SAM’s objective was to manage the lifecycle of the software assets, to optimize license deployment and spend, avoid and reduce costs, eliminate the risk of being under or over licensed, to name a few. And unfortunately, many organizations do not have an ongoing SAM practice or only pay for SAM services, offered by specialized companies, when faced with an audit from publishers or in critical times when they need to reduce their costs drastically.
SAM for cloud environments focuses on cost-management, software-portfolio and compliance issues, either in place or in addition to managing the software assets (there are very few organizations that function solely in cloud). The processes and ISO 19770 standards are still relevant. One could even say that SAM evolves due to cloud because it goes beyond software. SAM, as a process, must adapt to the rapid pace of change in cloud environments where services are provisioned, configured, reconfigured, and released in a matter of minutes.
Total cost of ownership (TCO) is calculated differently when provisioning cloud. Organizations that have a history of on-premise software must consider the cost of cloud migration and additional software licensing costs resulting from moving to the cloud.
Organizations from certain industries have governing rules or other business requirements related to their data privacy and information security and must respect compliance policies. Ensuring data is protected is a common priority of all organizations, but some organizations must provide certifications or other assurances that the data is in fact protected.
Implementing cloud environments may significantly challenge the ability to maintain regulatory compliance without a SAM practice.
The various cloud approaches – Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), have different impacts on SAM and the organizations will find that they need to carefully and proactively consider the impact their cloud strategy has on their SAM programs, in general and specifically on their software licensing.
An organization that moved to the Cloud must adapt its SAM practice to address the new and varied challenges presented by the cloud architecture as you will see further in the article.
Software as a Service (SaaS) and SAM
While SAM is considered by many to be irrelevant in the case of SaaS - you can’t accidentally find yourself under-licensed when using SaaS since the software is only granted to you if you’ve paid for it, right? SaaS is actually posing various licensing challenges. True, it is difficult (but not impossible!) to be non-compliant with SaaS, but this is only one side of the coin.
Proper procurement practices are vital in case of SaaS. Just think about the ease of purchasing cloud services – one click. Without the proper management and control of software procurement that a SAM practice offers, you can find yourself in a situation where different departments or subsidiaries bought the same SaaS product and you suddenly have two problems – a bigger bill and extra unused services. Software procurement needs to be centrally managed to avoid software duplication or paying for services that you do not need. In addition, a SAM offers a single pane of glass to review software spend at a company level.
Commercial off-the-shelf software (software paid for but not used) does not disappear in SaaS situations. A mismanaged SaaS environment with ineffective SAM approach could lead to a financial impact through overpaying for services not used or needed.
The way SaaS is used is another aspect of SAM. Unauthorized use of SaaS accounts – either from prohibited geographies, sharing user accounts, allowing systems to pose as users, or providing access to non-employees (such as contractors, vendors, or customers) where such access is prohibited, poses real compliance risks.
Infrastructure and Platform as a Service and SAM
Looking at IaaS and PaaS pose other licensing challenges to SAM. These cloud models are based on virtualization which itself is a complex and hard to manage solution, even in on-premise scenarios. In addition, not all software agreements allow virtualization or if they do, it carries significant costs implications, such as the need to license all physical processors in the underlying hardware, instead of licensing the virtual ones allocated to the specific virtual machine, on which the software is installed.
Some software publishers have different policies depending on whether the cloud service used is theirs or a third-party’s, or whether approved tracking tools are implemented. Organizations should review their software license agreements and check with their software publishers to understand the specific rules that apply to them, as many of these agreements were written before anyone thought about virtualization.
Another SAM challenge related to virtualization is the de-provisioning practice. Virtual machines can be created quickly and easily to serve ad-hoc needs such as workload spikes of business units, or test and development needs for R&D groups. However, once the business need is over, the virtual machines should be properly decommissioned, otherwise they will continue to consume licenses and resources. SAM programs can implement controls around timely de-provisioning of virtual machines no longer in need.
Then, the transfer of on-premise licenses to the cloud may be prohibited or restricted. For example, Oracle allows end-users to move their licenses to cloud offered by Microsoft and Amazon (authorized cloud computing environments) and of course, Oracle cloud. You can read more about this in a whitepaper that I wrote, available here.
Because organizations can scale virtual resources more quickly in the cloud than on-premise, they also face significantly greater compliance risks. While previously a new server deployment could take few days and allowed enough time to also identify and allocate the corresponding software, in the cloud one can commission and decommission servers or change the configuration of the machines in few mouse clicks. Because of this, SAM needs to be more rapid and flexible than ever.
The impact of these complexities introduced by cloud architecture fundamentally changes SAM programs and organizations should not ignore this.
To stay on top in a market so competitive, organizations need to change and adapt fast. They need to continuously optimize their costs and improve the efficiency and productivity of their businesses. The new way of working is in the cloud. Organizations cannot optimize what they don’t know, so whether the objective is to virtualize on-premise and move to a private cloud, or move to the public cloud (IaaS, PaaS, or SaaS), they need to know what hardware and software they have, where they have it, how it’s configured and used, their users and how they are licensed and the total costs associated with such assets.
The only way an organization can understand the actual return on investment needed to make cloud computing a benefit is through a complete and accurate asset information. And for this, a SAM practice is a core competency that every well-run business should have.
We, at Crayon, understand very well all the above-mentioned challenges and having in mind the best interest of our customers, we created a dedicated SAM practice for cloud, that is adapted to the particularities of these relative new environments. Cloud Economics is a recurring holistic service to provide customers with insight and control of their Cloud deployment and support them in all stages of the software lifecycle from budgeting, contract renewals, change in infrastructure, mergers and acquisitions, standardization, policies and processes.
The Cloud Economics deliverables consist of Power BI reports that are embedded in a web-based platform. These reports provide insight into the customers’ cloud consumption versus budget and commitments, as well as offering intelligence around the optimal savings customers can benefit from, by considering and then adopting more suitable payment plans, utilizing existing licenses and possibly changing agreements.
If you are considering moving to the cloud or you find yourself in need for a SAM solution to manage your cloud assets and not only, reach out to us. We are more than happy to have a friendly chat about what we can do for you.