Software Licenses And Are They Effective

Published Date: 02 Nov 2017

What methods are used in industry to manage software licenses and are they effective?

Reis de ponte, Freddy

S0910217

ABSTRACT

Organisations are increasingly using software to run their business processes and to accommodate their business strategy. As an organisation grows, so does their software needs and as the variety and quantity grows the management of software licenses becomes more complex. Organisations can purchase software licenses from many different avenues namely software vendors and directly from a software publisher. This may seem to be a great benefit for organisations as they can negotiate good deals however the variety of selection makes managing software licenses more complex as all these different vendors have their own agreement terms for the same application.

There is no "one size fits all" culture when it comes to software license agreements. Knowing this raises the question, how do organisations actually manage these licenses? This paper investigates some of the tools and methods that are used in industry today to manage software licenses and evaluates their efficiency. From the findings a maturity model was designed to help organisations understand where they are as an organisation with their software asset management and what is needed to improve.

Table of Contents

Introduction

Microsoft (2008) defines software asset management (SAM) as a "vital set of continuous business processes that provide a system for the effective management and protection of software assets within your organisation throughout all stages of their life cycle". SAM is growing as a best practice approach and this is mainly due to the economical strain the recession has inflicted on organisations today. Software equates to approximately 20% of an organisations IT budget and according to Gartner this figure is likely to rise in the coming years.

Vendors are also being affected by the recession and are proactively auditing organisations to make up for the deficit on their annual revenues. According to license dashboard (2012), organisations have a 65% chance of being audited. Therefore organisations are turning to SAM due to its promise of reduction of software expenditure as well as transparency of an organisations software portfolio. This in turn will reduce the risk of being caught out on a software audit.

This paper will review the methods used in industry to manage software licenses. These methods include models or frameworks that are in place as well as any technologies that support the management of software licenses. Due to their vast experience of SAM, a case study will be done on a specific insurance company investigating how SAM evolved through the years within their organisation. It will also review the tools and methods used to support and align their SAM project. With the use of this information a model will be produced which could potentially be used in companies like this to assist in their SAM project.

Literature Review

Software asset management

Software asset management is essentially the processes and procedures that govern the software asset lifecycle within an organisation (TechExcel, 2012). These processes and procedures guide the asset through the organisation from acquisition, management, deployment, optimisation, maintenance and eventually disposal of the software from an organisation. Implementing SAM could be very beneficial to organisations today and if implemented and adhered to correctly organisations could potentially benefit from the following advantages (TechExcel, 2012);

Reduce the cost of ownership (TCO) on IT assets with improved financial control

License compliance

Minimise security risks

Reduce IT support

Reduce vendor audits due to reputation

In 2011, the Business Software Alliance (BSA) estimated the commercial value of software theft to be around $63 Billion (www.bsa.org, 2011). This is lost revenue for vendors and publishers alike, so for this reason software audits are carried out on organisations and these have recently increased significantly. Due to these reasons achieving license compliance and reducing TCO are seen to be the main triggers for implementing SAM. There are other factors that could result in an audit. These include; publishers comparing the number of employees to the number of licenses bought as per their records, vendors who see discrepancies such as hardware being bought without software, or even complaints from disgruntled employees.

During the auditing process the organisation will incur unbudgeted expenses such as the auditor’s fees, charges associated with the auditing tools and fundamentally the cost of reconciliation if they were found to be non-compliant. However, a large number of organisations are still reluctant to incorporate SAM due to being fearful of discovering how much unlicensed software is being used. As this could then result in extra expenditure to reconcile licenses (Haggar, 2011). Konary (2012) suggests that managing software licenses can also be a very complex task due to the size of an organisations contract database, as well as the different types of licenses that must be understood and administered. Virtualisation and other industry trends such as cloud computing and bring your own device (BYOD) policies have added to the complexity of license management (Konary, 2012). Haggar (2011) agrees and adds that the responsibility of acquiring software licenses, especially in smaller organisations, tends to be with either purchasing departments or financial departments who may have little knowledge of licensing end user agreements.

Jason Keogh, CTO of iQuate and an industry expert on SAM, posted an online video (iQuateVideo, 2011) arguing that there are 4 types of software licenses; Simple licensing, Hardware based licensing (HBL), complex licensing and user based licensing. The different license types, as explained in Appendix 1, demonstrate that understanding the software license is not the only challenge. Constant communication would be needed to keep track of the location of the software licenses, how they are being used and who is using them. Therefore, SAM can very quickly become complex and ultimately could prevail to software piracy as Christensen and Eining stated in 1994 (Bailey and Soileau, 2011). This suggests that the person assigned to the role of SAM specialist should ideally be based in IT. This will mean that not only will they have some degree of IT knowledge, making the understanding of licenses easier, but will also be able to communicate a lot better making management of the licenses more efficient.

McLachlan (2012) suggests that as an organisation grows, so does the need for more software, so inevitably the task will become even more difficult especially in keeping track of where the licenses are located. Stringent management of software license databases and strong communication is needed to keep track of software deployment particularly when licenses are re-harvested onto other devices. For these reasons, some authors like Hitchcock and Simpson (2012) argue that this can’t be managed efficiently without the use of discovery and inventory tools.

Thompson (2011) suggests that good discovery and inventory software tools can significantly help IT strategy, financial management, network security, support analytics and compliance. This is due to the reliance of accurate information that a discovery and inventory tool can provide. These tools automatically capture data daily from all network devices including the hardware specification and the software that is installed. This all gets automatically stored in an inventory which can eliminate the cost and time required to record software manually (Thompson, 2011). Statistical analysis can then be made using the information supplied by these tools in comparing the number of installations against licenses.

However, discovery and inventory tools do vary in quality. Some may not be able to capture all devices such as physical servers and virtual machines and others struggle with the recognition of applications especially identifying software bundles (Thompson, 2011). Certain SAM tools have additional features that provide more benefits to SAM. These can include: license management tools which are databases that can be used for storage and retrieval of license information, contract management tools that are also used to store contracts and agreements with scheduling to manage renewals, and finally usage monitoring and metering tools which provide data on the usage of the applications installed on the devices (www.aid.com, 2007).

Integration between these tools can significantly improve SAM within organisations. Less time would be wasted doing manual work, such as collecting an inventory of data and analysis on software compliance, as the SAM tools would carry this out automatically. Greater emphasis can then be made on the monitoring tools so that underutilised software can be redeployed, eliminating unnecessary purchasing of new software licenses and saving the organisation money as well as better management of unauthorised software. Tools can play an important role in software asset management. However, it has been suggested that SAM tools will not be able to manage processes and workflows that are needed to fulfill strategic SAM goals (Ernst and Young, 2010).

ISO19770-1 and ITIL V3 standards

Some organisations use SAM frameworks or best practise models to implement and manage SAM processes and workflows in their organisation (Nâstase et al, 2009). There are many models available although the most commonly used models are the Information Technology Infrastructure Library’s Version 3 standard (ITIL V3) and the ISO/IEC 19770 standard.

ITIL V3’s aim is to provide a framework for the entire IT service management lifecycle. This has been broken down into 5 areas (Galup et al, 2009);

Service Strategy

Service Design

Service transition

Service operation

Continual service Improvement

Itil v3 processes

Figure 1: The ITIL V3 Standard. Source: http://www.noxglobe.com/blog/itil/itil-v3-processes/

Ian Preskett (TheStationeryOffice, 2011) argues that infrastructure decisions are usually based on the ease of implementation and the cost of the project, ignoring software licensing constraints. At service strategy, ITIL V3 highlights the need to consider software licensing at this stage. Service design is the phase when suppliers and outsourcing is considered, SAM is present in this phase as knowing how software will be supplied is crucial to ensure effective deployment plans. Software asset and configuration management (SACM) and Knowledge management are service transition processes. These are important as this is when data is collected and interpreted to produce license positions and prove license compliance. Acquisition processes are defined whilst in service operation. Finally, by understanding the status of assets, continual service improvements can be made to achieve accurately scoped and budgeted projects, with reductions to project times and increased success rates.

ITIL V3 has not been designed for SAM; it has only considered SAM within its overall framework, and works more specifically with the entire IT service management. Due to this, it has been argued that implementing ITIL V3 is complex, time consuming, costly and obtaining the permission and budget to completely change the structure and processes would be difficult in today’s economic climate (Fry, 2010). Many organisations may also already follow other frameworks for IT service management and may not want to change (Fry, 2010). Therefore a model that is more specifically tailored to SAM would be more applicable to them.

The international Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) combined to create the ISO/IEC 19770 standard which is a framework consisting of 27 processes specifically designed for SAM (Mclachlan, 2012). Alongside effective SAM, the aim of this standard is to help manage risk, meet corporate IT governance requirements, and improve the cost effectiveness and availability of business software across an organisation (Mclachlan, 2012).

Lifecycle Process Interfaces

Development

Acquisition

Release

Deploy

Incident

Problem

Retire

Change

Inventory Management

Asset identification

Software asset inventory

Software asset control (libraries)

Verification and Compliance

Asset record verification

License compliance

Compliance verification

Conformance compliance

Control Environment

Corporate governance

Roles and responsibilities

Competence

Processes and policies

Operations Management

Relationship and contract

Service level

Security

Financial

Planning and Implementation

SAM plan

Implementation

Monitor review

Continual improvement

Figure 2: Table illustrating the 27 processes of the ISO/IEC 19770 standard (ISO/IEC 19770, 2006)

The lifecycle process defines the processes needed to efficiently manage the software asset from request right through to retirement (TheStationeryOffice, 2011). Most organisations already perform some of these processes simply to acquire software, so this would suggest that implementation could be easier using this model. By following the processes set out by inventory management, verification and compliance, an organisation takes an inventory and records license data similar to ITIL V3’s knowledge management (TheStationeryOffice, 2011). Control environment, operations management, planning and implementation are similar to ITIL V3’s service strategy and design phases. These processes focus on documenting various policies relating to SAM, formulating SAM plans, optimisation and continual improvements (TheStationeryOffice, 2011).

It has been suggested however, that all 27 processes must be applied, or the organisation will experience poor implementation results (TheStationeryOffice, 2011). This suggests that the ISO/IEC 19770 can carry similar drawbacks to ITIL V3 such as the cost and the length of the project. Another factor that may affect the decision to implement this standard is that although there is a process for license compliance, it has not been designed to check if all software is properly licensed and so cannot ensure that software is properly controlled (BCS, 2007).

Research Methodology

This research project will be exploring the evolution of SAM within a workplace so will be focusing on past and present findings. The research method that will be used to explore this research will be in the form of a single case study on an organisation. Jankowicz (2005) described this research method as the most appropriate for this type of research. The research techniques used to obtain the relevant information needed for this research project will include an onsite visit which will consist of an interview with a software asset management specialist.

The interview will be conducted using the semi structured open ended approach as defined by Jankowicz (2005). This technique involves questions being asked to the interviewee with the content and sequence not defined in advance. This technique is open ended so the questions will influence the interviewee to respond in their own words and as such increase the scope of their responses. Jankowicz (2005) explained that this approach is useful to obtain large amounts of in depth data however due to it being unstructured the data will be disorganised.

Although the semi structured open ended technique was used for this research project the structured approach also defined by Jankowicz (2005) was considered. This technique is mostly used in questionnaires but can be used with face to face interviews. This technique would involve the interviewer following a document with a set number of questions which could contain steering instructions, items, alternatives and recording instructions.

Some elements of this approach will be used for this research project as a number of questions will be predefined to help focus some direction for the interview, along with steering notes to remind the interviewer of certain elements that could add value to the interview. Due to the research project being an in depth case study focusing on a specific organisation, the semi structured open ended technique would be the best approach to use for this project as the questions would take shape during the interview and be dependent on the information given by the respondent.

Case Study

Company Background

The research was conducted on one of the United Kingdom’s leading independent insurance intermediaries, specialising in insurance policies for motor, household and travel insurance. Recently bought out by a Fortune 500 company, the organisation has been going through a phase of transition over the past few years. The organisation used to be branch based, however they now operate most of their business processes at their head office in Cheltenham and a sales office in Burnley. Due to the growth in comparative websites, the company’s income is now predominantly generated by their website, which is maintained by their IT department, instead of in their branches as it used to be. This organisation employs approximately 1,200 employees with an annual customer base of 500,000 clients.

The IT department consists of around 100 employees and is broken down by IT service management, systems, programming and IT corporate governance. Their SAM specialist heads the IT corporate governance division which is the area that is focused on SAM. The organisation currently owns around 32,000 licenses for 240 different types of applications. These are deployed throughout their estate and include approximately 1,100 workstations, 120 laptops, and 220 physical and virtual servers. As well as the 32,000 licenses, there are around 390 software agreements which need to be maintained. Their SAM specialist is qualified by FAST Ltd, an external auditing agency and has recently passed the ITIL V3 foundation course.

2001 - 2006

The organisation did not follow any SAM processes before assigning the SAM specialist to the role. Purchase orders for software acquisition could be raised by five managers across the IT department. They did record details about major contracts however they did not record information about low level licenses. This was partly due to the fact that the license information was contained on the packaging of the software. This was then not stored correctly in a centralised location but was scattered around the IT department, either in people’s drawers or on their desks, and so was not easily accessible. However, in contrast, the organisations finance department did file purchase orders and invoices away in accordance to their standard operating procedures.

Software maintenance agreements, which required renewal, were bought for some software applications. However, there was no schedule in place to handle this process and renewal was dependant on the vendors sending out reminders. The initiation of SAM was mainly due to the Fortune 500 Company acquiring the first 20% of the organisations shares. As part of the agreement, the organisation had to provide their license position to the buyer. As there were no SAM procedures in place, the organisation was not up to date with their licenses and renewals and was therefore unprepared for this request. This resulted in enormous difficulties providing the information, particularly as the organisation at this time consisted of 135 branches across the UK as opposed to their two main offices at present.

Initially the organisation did not use any SAM frameworks for guidance and their first changes improved the acquisition process by stripping down the amount of managers allowed to raise purchase orders. All purchase orders relating to software were now only allowed to be raised by the SAM specialist. All license information was to be recorded on a Microsoft Excel spread sheet that was maintained by the SAM specialist on an on-going basis. As before finance were still involved with the process, however IT now also had their own document library where copies of the purchase orders, invoices and license certificates were stored. Service desk still carried out the deployment of software provided any requests were approved by the SAM specialist.

As the organisations license database grew, locating information became tedious and some areas of the organisation, such as finance, required some access to data. This led to setting up their license database onto their intranet site which then was run on IBM Lotus Notes. This improved searching and made the database available to other areas of the business.

Issues were also encountered in regards to the document library for the licenses. Storage area was decreasing and finding relevant documentation could take substantial time as it was a manual process. Overall, it was failing on certain factors in the security policy as it was a fire risk and no backups were being stored. Eventually, documentation for the organisations larger contracts was uploaded onto the license database but due to the enormity of the task and lack of IT infrastructure to support this, the organisation continued to use the paper based document library.

2006 - 2011

In 2006, after a vigorous selection process the organisation implemented their first SAM tool, Centennial Discovery which was developed by Centennial Software Limited. The organisation now had processes in place to ensure the control of the lifecycle of software was more efficient. However there was no transparency on their actual license count. Centennial was a discovery and inventory tool that was deployed to all IT hardware assets across the organisation such as workstations, laptops and servers, taking an inventory of all the hardware and software installed on their devices. Early on, it was clear that Centennial was better equipped for hardware queries and lacked the functionality and "intelligence" needed for SAM. Centennial did not recognise software bundles such as Microsoft Office which meant the data was inaccurate and the reporting element was difficult to use.

Once again the organisations license database was relocated as their IBM Lotus Notes intranet site was replaced by one created with Microsoft SharePoint. This led to improvements with the functionality of the database and because there was a better infrastructure in place, the license document library was uploaded onto their license database. This improved productivity, and certain features such as workflows allowed the acquisition process to become mostly electronic.

2012 – Present

In 2012, the organisation purchased Snow license manager (SLM) which is developed by Snow software. Centennial discovery was retired due to inaccurate data, lack of support and fundamentally the lack of usage as the software did not satisfy the functional requirement needed for their SAM project. SLM is equipped with a powerful discovery client, license, agreement and user databases. SLM can monitor usage and custom information fields can also be created to align the software to the company SAM processes. The most powerful aspect of the software was that it is fully integrated which automated some processes and provided strong reporting capabilities. The organisations license database was transferred once again onto SLM using an import tool that created individual license records on SLM. SLM would then use the inventory of data to automatically calculate the license compliance. Standard reports available on SLM displayed compliant, over-licensed and under-licensed applications which saved the organisation time as there was no need to perform any cross analysis on license compliance and could focus more of their time on achieving license compliance.

All SLM databases provided the facility to either upload documentation or insert a URL. By inserting a URL the user would be navigated to the specific documentation they needed even if it was on another server. The organisation used the URL function to link the documents, as when uploading documentation SLM was experiencing similar infrastructure issues as the organisation did with IBM Lotus Notes. Performance was quite slow at times, so uploading large volumes of documentation would harm the performance of SLM even further. Alerts were created on the agreements database notifying the SAM specialist of any renewals due, automating yet another process. The organisation also used SLM facility to specify what software was allowed to be installed throughout the company, and in effect blacklisted applications that were not within the list. This allowed standardisation of applications and the organisation had more control of what was being downloaded throughout their devices.

ITIL V3 and ISO/IEC 19770 processes were considered for the software lifecycle but no frameworks were actually implemented.

.

Evaluation

The case study described the evolution of SAM within a specific organisation. The most significant factor found in this research was that the organisation did not use any SAM models, like ITIL V3 or ISO/IEC 19770, to guide them through the implementation of SAM. Some may argue that this has resulted in the organisation taking 12 years to fully understand their license position. However, the reality is that the fully integrated SAM tool, Snow License Manager, helped the organisation greatly in terms of understanding their license position. The SAM models such as ITIL V3 or ISO/IEC 19770 do not mention using tools as they tend to focus more on the processes and policies needed to ensure license management. Even without using these models this particular organisation have managed to put all of the policies and procedures in place and this was done by mainly acting on advice provided by an external auditing agency and from experience of being audited. It shows that they have so far been successful as they have recently achieved FAST Ltd.’s Gold Stage 1 certificate in license compliance which is an industry recognised SAM award involving an audit on their processes and current license position

The standards provide a framework on what should be done however they do not provide an evaluation of where the company is and what is needed for them to improve. Becker (2009) argues that maturity models are proven instruments for assessing an organisation’s position and help provide solutions for change. These models can potentially be more effective than frameworks as some organisations may already have the policies and procedures in place and need advice on what they can do to improve. Maturity models are more tailored to the organisation and decisions can be made on the feasibility of the situation and changes can be done at a speed that suits the company.

For this reason a model is going to be produced based on the maturity model already in practise, Nolan’s model.

Model for SAM based on Nolan’s model

Nolan’s model was created in 1969 and is used to describe the growth of IT (see Appendix 1 for more information). Changing the thresholds of the original model and adapting them to SAM; this model can be used to evaluate the maturity of SAM within an organisation. Organisations can use the SAM maturity model to evaluate where they are and subsequently see what is needed to move their organisation on to the next level. The thresholds are generalisations of what the organisation should be achieving at each stage. Figure 3 illustrates the model. SAM starts with initiation and progresses through to maturity.

I

N

I

T

I

A

T

I

O

N

C

O

N

T

A

G

I

O

N

C O N T R O L

I

N

T

E

G

R

A

T

I

O

N

D A T A

A D M I N I S T R A T I O N

M A T U R I T Y

Figure 3: SAM Maturity model based on Nolan’s Model

The table below contains examples of what the thresholds could be at each stage of the maturity model. These were selected from evaluating the evolution of SAM as described in the case study as well as using some processes that are defined in the ITIL V3 standard and ISO/IEC 19770.

Stage

Thresholds

Initiation

Software is first used in an organisation

License is purchased or a personal copy is used

Knowledge of software licensing is poor so chances are proof of purchase is not kept

No policies and standards have been set up.

Contagion

Software starts to spread to other functional areas of the organisation

Licenses become more complex to understand

Managed by finance

No version control

No understanding who has what software and on what machine

Software agreements expire

Control

SAM specialist assigned to role

SAM plan set up for controlling software

Software policies written/reviewed and rewritten, examples below;

Software lifecycle (for EG Acquisition, deployment retirement and change)

Security

License and agreement databases are set up keeping track of purchase orders, invoices, contracts and registered users.

Software acquisition process centralised

Old licenses/agreements proof of purchase located and recorded.

Discovery tool may be implemented at this stage (dependant on size of the organisation)

Relationship and contract management

List of approved software set up

Integration

Inventory and license databases integrated

Scheduling renewals of software agreements

Existing procedures and policies may be reviewed and changed again at this stage.

Reporting available

Data Administration

SAM plan set up for achieving compliance

On-going work towards achieving software compliance across all applications.

Black list of applications and procedures in place for removal

Over licensed applications

Self-auditing in place

Maturity

All processes and policies are constantly reviewed to comply with new regulations and changes to operations.

User awareness campaigns increased

Continually monitoring and improving SAM

Example 1 – Evaluation of SAM using SAM maturity Model (2001 - 2006)

To illustrate how this maturity model could be used, the following figures show what the organisations progression could look like at various stages as discussed in the case study:

I

N

I

T

I

A

T

I

O

N

C

O

N

T

A

G

I

O

N

C O N T R O L

I

N

T

E

G

R

A

T

I

O

N

D A T A

A D M I N I S T R A T I O N

M A T U R I T Y

Figure 4: SAM Maturity model displaying the organisations initial position as per the case study (section "2001-2006")

The organisation did not have any control of their licenses, as there were no policies and procedures recording licenses or ensuring software was maintained. For these reasons, the organisation is displayed above in figure 4 within the contagion phase.

Example 2 – Evaluation of organisation’s SAM using SAM maturity Model (2006 - 2012)

I

N

I

T

I

A

T

I

O

N

C

O

N

T

A

G

I

O

N

C O N T R O L

I

N

T

E

G

R

A

T

I

O

N

D A T A

A D M I N I S T R A T I O N

M A T U R I T Y

Figure 5: SAM Maturity model displaying the organisations position after implementing SAM as per the case study (section "2006-2011")

The organisation appointed a SAM specialist, set up license databases and agreements databases. Discovery tool was implemented with little success, however due to the policies that were in place this indicated that there was now control of SAM at the organisation.

Example 3 – Evaluation of organisation’s SAM using SAM maturity Model (2012 - Present)

I

N

I

T

I

A

T

I

O

N

C

O

N

T

A

G

I

O

N

C O N T R O L

I

N

T

E

G

R

A

T

I

O

N

D A T A

A D M I N I S T R A T I O N

M A T U R I T Y

Figure 6: SAM Maturity model displaying the organisations present position as per the case study (section "2012 - Present")

Purchasing Snow license manager (SLM) aided this organisations progression onto the next phase. This was due to SLM’s fully integrated databases allowing automation of several processes, freeing up time to concentrate license compliance and optimisation. SLM is still fairly new to the organisation so they fall within the integration phase; however the processes are now part of their culture so this indicates that the organisation should be moving through to data administration in the coming years.

Conclusion

This research project looked into software asset management (SAM) and the methods being used to manage SAM through models such as ISO/IEC 19770 and ITIL V3, as well as the use of SAM technologies. This research was based mainly at one organisation and looking at how SAM evolved within this company. It was found that the organisation did not use any SAM models although some of their policies and procedures did align with a number of the suggestions provided by the model. The organisation did not want to change their IT service management procedures and were looking at specifically improving their license management. Through the experience of audits and advice from external auditing agencies the organisation managed to apply the policies and procedures that best fit their needs. SAM tools were used and due to the mixed results encountered it was found that choosing the right tool can significantly improve license management.

It was argued that the ITIL V3 and ISO/IEC 19770 SAM models fit their purpose in terms of being frameworks that organisations could use for guidance. However, they do not provide clarity of where the company is and what is needed for them to improve.

A maturity model was created which could be used to assess an organisations current position as well as providing suggestions on what could be done to improve this. It contains a detailed account of what the organisation should do to progress efficiently and competently and could easily be tailored to fit the needs of each specific company. It is an easy to use model and could vastly improve an organisations chance of effective software asset management and therefore ensuring compliance in license management.

References

Bailey, C D. Soileau, J S. (2011) Q-analytics: An ethics case on unlicensed software usage,

Journal of accounting education Volume 29, Issue 1,

[Online] Available at: http://www.sciencedirect.com/science/article/pii/S0748575111000510

[Accessed 31/10/2012]

Becker J. Knackstedt R. Pöppelbuß J. 2009. Developing Maturity Models for IT Management – A Procedure Model and its Application, Business & Information Systems Engineering, Volume 3, [Online] Available at: http://download.springer.com/static/pdf/945/art%253A10.1007%252Fs12599-009-0044-5.pdf?auth66=1364592320_a2f9bb78d7ca8cd7cc56ddec0a609d19&ext=.pdf

[Accessed: 05/02/2013]

Business Software Alliance, 2011. Ninth Annual BSA Global Software 2011 Piracy Study

[Online] Available at: http://portal.bsa.org/globalpiracy2011/

[Accessed 31/10/2012]

Christensen, A., & Eining, M. M. (1994). Instructional case: Software piracy—Who does it impact? Issues in Accounting Education, 9

Ernst and Young, 2010. Effective Software Asset Management, [Online] Available at: http://www.ey.com/Publication/vwLUAssets/Effective-Software-Asset-Management-December-010/$FILE/Insights_on_GRC_Effective_software_management_AU0714.pdf

[Accessed: 05/02/2013]

Fry M. 2010. ITIL Lite: A Road Map to Full or Partial ITIL Implementation, Volume 3, The stationery Office

Galup S. D. Dattero R. Quan J. J.Conger S. 2009 An overview of IT service management, Communications of the ACM - Security in the Browser, Volume 52, issue 5, ACM, [Online] Available at: http://dx.doi.org/10.1145/1506409.1506439

[Accessed: 05/02/2013]

Haggar A. 2011. Adopting a pragmatic approach to software license compliance, Systems management, volume 3, [Online] Available at: http://i.dell.com/sites/content/business/solutions/power/en/Documents/ps3q11-20110270-kace.pdf [Accessed: 05/02/2013]

Hitchcock A. Simpson P. 2012. Software lifecycle management: Bringing a comprehensive approach to software assets, [Online] Available at: http://www.edtechmagazine.com/higher/sites/edtechmagazine.com.higher/files/cdw-lifecyclemanagement.pdf

[Accessed: 05/02/2013]

iQuateVideo. 2011. SAM Market Overview [Online Video]. 03/05/2011. Available from: http://youtu.be/RsOjU-atxqc [Accessed: 05/02/2013]

ISO. IEC. 2006. ISO/IEC 19770-1 Information technology - Software asset management, [Online] Available at: http://www.govchina.org/Soft/UploadSoft/201101/2011012610165378.pdf

Bcs.org - 2007 http://www.bcs.org/content/conWebDoc/12856

[Accessed: 05/02/2013]

Jankowicz A D. 2002. Business Research Projects, 4th Edition, Thomson Learning.

Konary A. 2012. Managing Microsoft: Software Asset Management perspective, Software Licensing Provisions: Vendor Needs and strategies, Volume 1, [Online] Available at: http://idcdocserv.com/235108 [Accessed: 05/02/2013]

License Dashboard. (2012) Why software vendors audit customers (& what to do when you receive an audit request)

[Online] Available at: http://www.licensedashboard.com/white-paper-request.html

[Accessed 31/10/2012]

McLachlan P E. 2012. The ABCs of SAM (Software Asset Management),

[Online] Available at: http://www.ciosummitna.com/media/whitepapers/2012/Animus_ABCsofSoftwareAssetManagement.pdf [Accessed: 05/02/2013]

Microsoft Corporation. 2008. Sam Benefits Overview, [Online] Available at: http://download.microsoft.com/download/3/5/b/35b409f2-ff35-4a97-9439-fe8230421168/Benefits_of_SAM.pdf

[Accessed 31/10/2012]

Nâstase P. Nâstase F. Ionescu C. 2009. Challenges generated by the implementation of the

IT standards Cobit 4.1, ITIL V3 AND ISO/IEC 27002 in enterprises, [Online] Available at: http://www.ecocyb.ase.ro/articles%203.2009/Pavel%20Nastase.pdf

[Accessed: 05/02/2013]

TechExcel. 2012. A guide to Software Asset Management

[Online] Available at: http://techexcel.com/resources/whitepapers/SAMwhite_paper-original.pdf

[Accessed 17/01/2013]

TheStationeryOffice. 2011. Software Asset Management. [Online Video]. 27/04/2011. Available from: http://youtu.be/9LrCLdlphuE. [Accessed: 05/02/2013].

Thompson M. 2011. Inventory Software Review, [Online] Available at:

http://www.itassetmanagement.net/wp-content/uploads/2012/01/InventoryDiscoveryNov11Final.pdf

[Accessed: 05/02/2013]

www.aid.com, 2007. Solution Brief: Selection, Implementation, and Optimization of

Software Asset Management Tools, [Online] Available at: http://aid.com/services/SoftAid_SAM_Tools.pdf

[Accessed: 05/02/2013]

Appendix 1

License types as explained by iQuateVideo

Simple licensing represents the vast majority of software, typically consisting of desktop related software such as Microsoft Office, Adobe Photoshop or Symantec Anti-Virus. This type of license would be based on a count per installation for example; there are 20 installations of Adobe Photoshop therefore 20 licenses would be needed regardless of what type of machine it has been installed on (iQuateVideo, 2011).

Hardware based licensing (HBL) focuses on the device the software is installed on and is slightly more complex. HBL can be based on the power rating of the CPU, the edition of the software and the number of instances installed per physical server. HBL becomes even more complex with virtualisation and partitioning as sub capacity licensing or multi use rights within different versions need to be considered (iQuateVideo, 2011).

As HBL, complex software licenses require the number of installations the software is found on the server and edition based information. However configuration information also needs to be considered as these elements can increase the cost of the license considerably. Oracle database software is a good example of this as there are different editions such as enterprise and standard and if configured with options like OLAP, data mining and partitioning can increase the cost of the license (iQuateVideo, 2011).

Finally, there is user based licensing (UBL) to consider. UBL is typically not based on the hardware or the software that is installed on but more on user credentials such as the roles, responsibilities, access and number of users that can be set up on the software. Enterprise resource planning software (ERP) like Siebel CRM and SAP are examples of UBL (iQuateVideo, 2011). There are also some occasions when the software licenses are based on concurrent users for example; 30 user licenses are bought so only 30 users can be logged on at one time, this means it doesn’t matter on the number of installs or the number of users that are given permission to access the software however it triggers on the amount of users using the product at one time.