software asset management seminar feb2-2016 · © 2016 deloitte & touche (m.e.) –software...
TRANSCRIPT
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Agenda
2
Introduction
Software Asset Management
Industry Standards
SAM Technologies
Software Asset Management: The Deloitte Offering
The Deloitte Managed Platform
Q&A
2
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Who Has Been Audited? Brainstorm
3
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Who has a SAM organization?Knowledge Check
4
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
OverviewSoftware Asset Management
6
While Software Asset Management (“SAM”) has been on the corporate agenda for well over 10 years, it has been difficult for organizations toboth justify and execute SAM initiatives. But this is changing and cost reduction is a key driver.
With the rise in the number of software vendor audits and increasing complexity within IT environments, risk-focused organizations areincreasingly focused on Software License Compliance and mitigation of financial, operational and reputational risks associated with thedeployment of software within large complex organizations through Software Asset Management.
ITAM Objective
The International Association of IT Asset Managers defines ITAM as “maintaining life-cycle management information for IT assets throughout theorganization.”
ITAM includes the “development and maintenance of policies, standards, processes, systems and measurements that enable the organization tomanage IT assets with respect to risk, cost, control, governance, compliance and business performance objectives as established by thebusiness.”
ITAM Focus Areas
1. Software Asset Management (SAM)IT Infrastructure Library (ITIL) describes SAM as “all of the infrastructure and processes necessary for the effective management, control andprotection of the software assets within an organization, throughout all stages of their lifecycle.” Included in SAM is Software LifecycleManagement.• The goals of SAM are to reduce IT costs and limit operational, financial and legal risks related to the ownership and use of software.
2. Hardware AssetManagement (HAM)Hardware Asset Management can be described as having a deep understanding of the tangible assets within an IT environment. This HardwareAsset Lifecycle Management includes lease and depreciation management.• The goals of HAM are to accurately anticipate business needs, reduce risk of license discrepancies,and retain business efficiency.
3. Other focus areas of ITAM include (butare not limited to):Contract Management as it relates to physical and intangible IT assets; Finance and Cost Management; IT Policies and ProceduresManagement;Service LifeCycle Management (ITIL).
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Main GoalsSoftware Asset Management
The goals of SAM are to optimize IT costs and limit operational, financial, and legal risk related to the ownership and use of software.
OverLicensed
Out ofCompliance$ SOFTWARE
ASSET MANAGEMENT
CostOptimization
Risk – Legal & Regulatory
AssetManagement
Risk – SoftwareAudits
OrganizationalGovernance
Security
$
7
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
SAM Risks and DriversSoftware Asset Management
Most companies start to think about asset management in response to an audit. There are other elements of risk faced by companies whichallow SAM to be introduced in a proactive manner.
SOFTWARE ASSET
MANAGEMENT
Costoptimization
Risk – legal and
regulatory
Assetmanagement
Risk –software audits
Organizationalgovernance
Security
Control of software assets§ Monitoring and tracking of software in use is difficult§ No “silver bullet” technology solution§ Diverse and complex software licensing models§ Reallocation of software licenses when hardware is
moved or decommissionedRisk of a Software License Compliance Audit§ License Compliance Audits are on the rise – Gartner
continues to predict an increase in vendor audits§ Software vendors use license compliance audits to
decrease squeeze on margins§ Software industry alliance “bounties”
Organizational governance§ Getting compliant and staying that way also helps
eliminate the potential damage to reputation that couldarise from a legal dispute
§ Compliance with industry standardsLimit legal risk§ Properly implementing SAM limits legal and financial
exposure should problems with software licenses arise§ Select industries have regulatory requirements on SAM
Security§ Without the ability to inventory and control software installed and
allowed to run on their hardware, organizations make theirsystems more vulnerable to security threats
§ Inventory Open Source software to understand what is in use andwhat could potentially introduce security risks to the organization
Cost Optimization§ Organizations may be over-licensed and paying
maintenance costs for software licenses not being used§ Software is a significant component of IT spend
OverLicensed
Out ofCompliance
$Optimal
Lack of Controls = Large Recurring Expenses
$
8
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Why SAM?Software Asset Management
• 88% of customers audited have unrealized cost savingsaveraging over 20% of their annual S&M spend1.
• A mature SAM program can save 3-5% of your total ITspend1.
• Organizations may be over-licensed and payingmaintenance costs for software licenses not being used1.
• By 2017, Gartner predict that enterprises will be spendingten times more on their Software Asset Managementservices then they do on their SAM tools2
• Without the ability to inventory and control software,organizations make their systems more vulnerable tosecurity threats.
• Open Source software introduce security risks to theorganization.
• Properly implementing SAM limits legal and financialexposure should problems with software licenses arise1.
• Select industries have regulatory requirements on SAM1.
• Software typically represents 8-10% of a total IT budget.• Common for an organization to have 50+ software vendors
and hundreds of contracts.• Compliance with industry standards.
• Gartner 2011 Poll: 35% (2007) to 65% (2011) chance ofgetting audited1.
• Seeking to increase revenue, software vendors will initiatetwice as many audit requests in 2014 as in 20133
• Top software vendors auditing: IBM, Adobe, Microsoft,Oracle, SAP1.
• “Organizations will increase their investments in SoftwareAsset Management by 35% over the next 18 months3”
• The interest in SAM Managed Services is being drivenprimarily by a severe shortage of individuals with hands-onlicensing, audit and SAM implementation expertise4
• Licensing rules and metrics are constantly changing.
• Emerging technologies (virtualization, cloud, BYOD) maketracking software more challenging.
Sources:1 Gartner, Inc. | G00230816 -Software Vendor Auditi ng Trends: What to Watch for and How
to Respond Published: 23 May 20122 Gartner, Inc. | GG002549753 Konary, Amy. "Worldwide Softw are Pricing and Licensing 2014 Top 10 Predicti ons." 2014.
PDF file4 Thompson, Martin. "Group Test – SAM Managed Service Providers - A competitive
comparison of specialist SAM providers." Jan. 2014. PDF file.9
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Case StudiesSoftware Asset Management
USD 2.5M in average license cost savings
56% potential financial liability
identified1
23% cost savings identified in annual
software maintenance
spend2
USD 225K potential financial liability identified1
USD 2M avoided through server re-
configurations1
USD 5.4M in potential financial liability1.
7000 instances of non-essential software1.
Bottling company
Process risk assessment and licensebaseline performed. Process gaps identified.$5.9M in potential financial liability identified.
Real estate company
Process risk assessment and license baselineperformed. Process gaps identified. $225K inpotential financial liability identified
In the software license assessments that Deloitte hasperformed, clients had unrealized cost savingsaveraging 23 percent of their annual maintenancespend.
Automotive manufacturing company
Process risk assessment and licensebaseline performed. $2M in financial liabilityavoided through server reconfigurations.
Educational company
Process risk assessment, license baseline, andsecurity analysis performed. Process gapsidentified. $5.4M in potential financial liabilityidentified. Over 7,000 instances of non-essentialsoftware installed. Low (<50%) compliance withsecurity patching compliance.
Source1: Deloitte 2013 SAM for IA Brochure1
Source2: Deloitte results and analytics rel ated to cost savings /avoidance come from a dataset composed ofroughly one thousand software license assessments performed across 20 countries between 2009 and2012. Included data was normalized, removing outliers and calculating values at software list price.
10
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
IA and IT's Role for SAMInternal Audit and SAM
How IA and IT can help
• SAM Process Risk Assessment – Benchmarking against leading industry practices• Software License Baselines – Comparing software deployments against license
entitlements• Software Security Risk Assessment – Analysis of non-essential software and security
patch deployment• SAM Transformation Efforts - strategy, organizational structure development, process
design, etc.• SAM Tooling - Implementation and configuration assistance
Other cost optimization opportunities
• Software Procurement Optimization• Software Vendor Audit Readiness• Software Contract Negotiation Support• Software Portfolio Rationalization• Strategic Vendor Sourcing
12
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Items to cover within an Internal Audit PlanInternal Audit and SAM
13
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Deloitte SAM Framework
Formal processes to manage the lifecycle –forecast and request; analyze and procure;installation and maintenance; monitor andtrack; decommission and reuse.
Tools and technology tostreamline processes andimprove data accuracy andtimeliness
Strategy and policies to define the SAM program vision and objectives and outline activities and initiatives necessary to achieve the vision and
goals
SAM roles, responsibilities, and reporting requirements to execute and monitor the
SAM process as well as communication and training
to educate stakeholders and promote organizational
alignment
E. Lifecycle Process
Software Asset Management
Lifecycle
1.0 Forecast &
Request
5.0 De-commission
& Reuse2.0 Analyze & Procure
4.0 Monitor & Track
3.0 Install & Maintain
B. People
SAM Organization
Governance & Performance
Metric
Communication & Awareness
D. Technology
Software Asset Repository
Software Discovery
Software Metering &
Usage
A. Strategy & Policies
Vision & Objectives
Policies & Procedures
C. Data
Data Model & Standards Data Validation
15
Data standards to meet performance metrics and reporting requirements
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
4.3 Maintain software license inventory
4.5 Track software compliance issue
remediation
3.3 Manage software license financial
treatments
4.1 Maintain software catalog1.1 Collect and
aggregate forecast data
1.2 Collect and aggregate software acquisition requests
4.2 Maintain software contract inventory
2.4 Review acquisition requests and procure
software licenses
3.1 Install software
3.2 Respond to and resolve software license inquiries
5.1 Review software/ hardware decomm
requests
5.2 Review personnel change impacts
2.1 Review and assess new / incremental software demand
2.3 Validate license availability for
installation requests5.3 Uninstall software
2.2 Perform a product rationalization analysis
SAM Lifecycle1.0 Forecast and
Request 3.0 Install and
Maintain4.0 Monitor and
Track5.0 Decommission
and Reuse2.0 Analyze and
Procure
4.4 Assess, analyze and report software
compliance
SAM Lifecycle ProcessesDeloitte SAM Lifecycle
16
The Lifecycle Process pillar of the Software Asset Management Framework can be broken down into various activities
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Tool IntroductionSoftware Asset Management
18
A wide variety of tools exists in the market today, as a result multiple definitions exist:
“A tool that provides insight in the licenses owned versus licenses consumed”
“A tool that collects and/or consolidates information about software that is installed and/or executed on servers and workstations”
“A tool that helpsorganizations withtheir SAM efforts”
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Most Popular ToolsSoftware Asset Management
19
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Tool FunctionalitySoftware Asset Management
20
SAM tool functionalities can be placed in 4 broad categories:
ContractManagement
& procurement
IT Systems management
License reconciliation
Discovery
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Tool BenefitsSoftware Asset Management
21
A dedicated SAM tool offers a wide range of benefits:
• Optimization of software spend: a SAM tool will strengthen the client’s position during contract negotiationswith the software vendor
• Cost allocation: by providing a complete view into the software estate, costs can be assigned to costcenters based on objective criteria
• Security: A SAM tool will provide insight into installed applications, system administrators have a directoverview of version levels and unwanted software
• Audit risk mitigation: the information provided by a SAM tool can be used to continuously minimize thesoftware license compliance risk. This will increase audit readiness and the effort required to provide datarequested by the auditor.
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Tool DrawbacksSoftware Asset Management
22
Common drawbacks for SAM tools:
• SAM tools need a SAM framework: after all, it’s only data!
• Some specific T&C's are or cannot be covered by tools
• Manual input required
• Complexity of product bundles, OEM software is not always handled well
• Specific skillset required to interpret tool data
• Implementation risk: tool coverage & configuration
• Undiscovered software: not all tools perform equally well in software discovery
• Possible to avoid detection
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Tools Assessment FactorsSoftware Asset Management
23
When considering the implementation of a SAM tool, it’s important to consider the following criteria:
• Is the tool compatible with the IT landscape (Linux, Unix, Windows, z/OS...)
• Will the tool cover your most important product vendors
• What would be the optimal technical setup (agentless, accessible via internet, Cloud based...)
• Is compatibility with existing tools necessary (e.g. ILMT required for IBM)
• What the cost of the tool compared to the software spend
• Will the tool help achieve your primary SAM goals, is it compatible with your SAM framework?
• Others?
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Tool ConclusionSoftware Asset Management
24
Many different SAM tools exist, all with their own strengths and weaknesses:
• There is no ‘silver bullet’
• Any SAM tool can be fit for purpose, as long as it fits your SAM goals
• No tool can replace license expertise and SAM processes
• Manual input and user scrutiny will always be required
• SAM is just the beginning: actions need to be taken on the output of the tool
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Delivery modelsThe Deloitte SAM Offering
26
Type of Team Structure Pros Cons
Fully Insourced SAM Team • Highest degree of management control over discrete processes
• Clear reporting lines / authority to affect change. • Internal team may know the business landscape
and drivers better
• Difficult to identify and retain necessary SAM specific expertise in house
• Can be challenging to scale (up or down) to meet the needs of the business.
• Requirement to build vendor specific software discovery and licensing knowledge base
Fully Outsourced SAM Team • Turn-key operation• Tap into a global knowledge base of processes,
procedures, methodologies and playbooks to accelerate SAM efforts
• Ease in scaling up or down the team• Velocity - Faster set up / maturity• More expertise delivered
• Highly dependent on outsourcer to achieve business value
• Lower authority to affect change; potential resistance from BUs
Hybrid SAM Team • Focus the internal team on the core SAMbusiness while delegating time-consuming tasks externally
• Most flexibility in scaling up or down the team internally and externally
• Not as turn key as outsourced• Access to some, but not all, global knowledge
bases• Clear lines of responsibility needed
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Deloitte Service OfferingThe Deloitte SAM Offering
27
SAM process risk assessments
SAM policy, procedures, and
roles development
Strategy & organizational
structure development
SAM program assessment, design and
implementation
Software License Optimization
Software Vendor Rationalization
SAM training
SAM point solutions
SAM tools installation and configuration
Contract Administration
System Implementation
SAM tools
Software Asset Management
SAM transformation
Contract Administration
SAM Managed Services
SAM Managed Services
Continuous SAM compliance
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar
Deloitte Managed PlatformSoftware Asset Management
28
Inventorydata
• Hardwareinformation• Softwareinstallations
• SoftwareUsage• Users
• Virtualization
Businessdata
• Entitlementandpurchasehistory• Ownershipandorganisational
structure• AssetinformationandConfiguration
Item(CMDB)• Contractmanagement
• Helpdesk
Output data
• Compliancereports• Decisionsupport
• Statistics• Riskanalysis
Deployment
• ActiveDirectory• Install software
• Uninstall software
Deployment
Advancedconfiguration
PowerShell scripts
Custom compare value
Database XMLimport
3rd partysystemsIntegration via:
ERP
Document Management
System
Helpdesk/Service Desk
CMDB
API/SDK Import/export
E-mail RSS
Inventorydatasources
Collection and delivery of customer data
3rd party inventory
Cloud / Virtual
SaaS
XenApp ThinApp
Vmware ESX
App-V
Hyper-V
D.Platform
D.Platform SW Recognition
© 2016 Deloitte & Touche (M.E.) – Software Asset Management Seminar 29
Global CRC Partner Deloitte BEESL & Alliance Lead EMEA+32 2 800 24 [email protected]
Jan Corstens
Senior ManagerDeloitte ME+971 555 [email protected]
Huzaifa Hussain
CRC PartnerDeloitte [email protected]
Tariq Ajmal
Senior ManagerDeloitte [email protected]
Aditi Babla
IIA UAE Technology Subgroup– Deputy Chairman Presenter on Software AssetManagement
IIA UAE Technology Subgroup– CRC SME IIA UAE Technology Subgroup
Contacts
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL andeach of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/aboutfor a more detailed description of DTTL and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in morethan 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex businesschallenges. Deloitte’s more than 200,000 professionals are committed to becoming the standard of excellence.
About Deloitte & Touche (M.E.)
Deloitte & Touche (M.E.) is a member firm of Deloitte Touche Tohmatsu Limited (DTTL) and is the first Arab professional services firm established in the Middle East region with uninterruptedpresence since 1926.
Deloitte is among the region’s leading professional services firms, providing audit, tax, consulting, and financial advisory services through 26 offices in 15 countries with more than 3,000partners, directors and staff. It is a Tier 1 Tax advisor in the GCC region since 2010 (according to the International Tax Review World Tax Rankings). It has received numerous awards in thelast few years which include Best Employer in the Middle East, best consulting firm, and the Middle East Training & Development Excellence Award by the Institute of Chartered Accountantsin England and Wales (ICAEW).
© 2016 Deloitte & Touche (M.E.). All rights reserved.31