Software Licensing How good is your SAM ? are you prepared for a Software Audit?

SOFTWARE LICENSINGHOW GOOD IS YOUR SAM ?

ARE YOU PREPARED FOR A SOFTWARE AUDIT?

Michael Cooper, West Virginia University

West Virginia University• Public, land-grant institution, founded in 1867.

Located in Morgantown, West Virginia • Sixteen colleges and schools offering 185

bachelor's, master's, doctoral, and professional degree programs

• Main campus: 29,500 students 21,500 undergraduate

• 8000 faculty/staff • Four regional campuses• WVU Extension Offices in all 55 counties

POLL

Recently received Compliance Audit notice

Ongoing Compliance Audit

Completed Compliance Audit

Never been audited

WHAT IS SAM?Software asset management(SAM) is a process

• managing and optimizing the purchase • deployment • maintenance • utilization • disposal

ITIL DEFINES SAM AS

“…all of the infrastructure and processes necessary for the effective management,

control and protection of the software assets…throughout all stages of their

lifecycle.”

GOALS OF SAM

• Reduce costs

• Limit risk related to the ownership and

use

• Maximize responsiveness and

productivity

CAPABILITIES• A single interface to deploy all hardware/software

inventory and IT asset management processes • Asset data audit, tracking • Tracking of all hardware/software assets within a

single database • Asset tracking throughout the lifecycle including

move, add, change and delete activities • Service and maintenance contracts ensuring accurate

tracking of financial and service impacts of asset changes

• Software metering functionality providing accurate monitoring of application usage

• Details on discovered software applications

LEVELS OF SAM• Post graduation employment• Meaningful sense of inclusion• Sensitivity and flexibility• Fun place to work

THE FUTURE IS “CLOUD”

• SaaS – Software as a Service

• PaaS – Platform as a Service

• IaaS – Infrastructure as a Service

SAAS• most hype/focus • USD $12bn in 2011 /$22bn by 2015. • Salesforce.com and Office365. • The SaaS providers bill monthly • systems and processes can cope with

monitoring SaaS spend

PAAS• relatively uninteresting to the

enterprise. • Azure and Cloudbees are examples of

PaaS.• USD $0.5bn in 2011 / 2015 $1.7bn, • PaaS is mainly used by SaaS companies

as a platform for their offerings and to interconnect data.

IAAS Where your focus as an enterprise SAM practitioner

needs to be. The phrases “Internal Cloud”, “External Cloud” and

“Hybrid Cloud” typically refer to IaaS clouds. Moving from physical servers to an internal, shared

services cloud of VM’s is what IaaS is all about. Migrating from internal VM’s to externally hosted

VM’s in Amazon AWS or Rackspace is also IaaS. USD $4.2bn in 2011. / $19.6bn by 2015 – IaaS is the game changer for enterprise/corporate

IT.

TAKE ON TOO MUCH

• Prioritize the events and vendors

• Go for quick wins!!

• CRAWL, WALK, RUN

• 80% software spend = 20% supplier

portfolio

JUST A TOOL WON’T DO IT!!

• People

• Processes

• Tools

• = Savings and compliance

DEFINE SUCCESS

• Define metrics and dashboards

• Measure

• Not just back office function

• = Savings and compliance

RESOURCES1. ISACA audit program ‘Software Licensing’ www.isaca.org

2. COBIT 5:

a) APO10.02 Select suppliers

b) BAI03.04 Procure solution components

c) BAI09.05 Manage licenses

3. TechRepublic’s Software license compliance in 6 easy steps:

http://www.techrepublic.com/article/get-it-done-software-license-compliance-in-six-easy-steps/5034304

4. Business Software Alliance http://www.bsa.org/country.aspx?sc_lang=en

5. Business Software Alliance: Software Audit Tools

http://www.bsa.org/country/Tools%20and%20Resources.aspx

6. Business Software Alliance: Government Guide for Software Management

http://www.bsa.org/~/media/C72B329D6F7E4B46A7467DE0151210A1.ashx

7. eHow’s Prepare for Software Licensing Audit:

http://www.ehow.com/how_2102721_prepare-software-licensing-audit.html

8. Sassafras KeyServer

http://www.sassafras.com/auditing.html

CAN YOU ANSWER THESE QUESTIONS?

How does your institution track software?How many resources are deployed for SAM?Have you used Engagement Services such as SoftAID or CDW?How are your resellers helping you with SAM?Does your Internal Audit office understand the risks?Are all your Software agreements reviewed by General Counsel?

POLL

Audited byMicrosoftAdobeOracleNovellOther

DISCUSSION

ADOBE CHANGES - CONCURRENCYAfter your CLP expires, you no longer can use concurrent licenses in non-classroom/library installations.

This impacts those who are using concurrent licenses to deliver Adobe products to staff and faculty in their administrative offices or laptop computers.

Concurrent licenses can be used to install the product on a single user PC.

ADOBE MAINTENANCE

As of Jan 1, 2013 not available on:

Design Standard Design and Web Premium Production PremiumMaster Collection Photoshop CS6Photoshop CS6 Extended Illustrator CS6InDesign CS6 Flash Pro CS6Dreamweaver CS6 Fireworks CS6Premiere Pro CS6 After Effects CS6Audition CS6 SpeedGrade CS6Prelude CS6 InCopy CS6

ADOBE OPTIONS

Individual products – perpetual license

Enterprise Term Licensing Agreement

Creative Cloud - Future

DISCUSSION

AUDIT PROCESS

Software License Review Process

The Adobe software license review process is comprised of the following standard procedures, including but not limited to:

1. West Virginia University’s completion of the attached Adobe Environment Worksheet,

which will help determine the scope of the review. Please be prepared to discuss these worksheets in detail at our initial conference call, to be set within five business days of the date of this letter.

2. Submission of an Active Directory hardware report exported via the Windows based CSVDE

command tool (see attached instructions). This tool needs to be run on each domain within your organization (if more than one). This report(s) is due to Adobe within 15 days of the date of this letter.

3. Submission of two installation data reports from your specified Software Asset

Management (SAM) tool or Adobe scan tool (if needed) for all regions deemed within scope, as agreed upon during the phone conference. These reports are due to Adobe within 30 days of the date of this letter and will include the following:

• Desktop data - for all workstations in your organization • Server data - supplemented by the Adobe Environment Worksheet

4. Submission of all additional purchase data, including data from your resellers, for all related

entity names, for all regions, for all available historic dates, within 30 days of the date of this letter. To ensure completeness, please include the most data possible and go back in time as far as the reports allow.

5. Upon complete submission of the above deliverables, Adobe will compare your software

deployment with your license purchases and the terms of the associated EULAs. Adobe will submit to you a findings report including complete license reconciliation for your records.

6. If the above analysis shows a deficit in licensing, we will ask that you work with your Adobe

Account Manager and/or your reseller of choice to resolve any compliance findings by purchasing the deficient licenses immediately and no later than 14 days from the notification of findings by Adobe.

Please prepare to make all supporting records available upon request. These steps will help to ensure an efficient review process as well as proper licensing for your organization. We have also enclosed a document containing frequently asked questions for your review.