Differences Between Proactive and Reactive SAM – Which to Aim For

By now it’s common knowledge that when your plan for Software Asset Management (SAM) is lacking or flawed, your company is at serious risk.

This is especially true given the growing threat of cyber-crime. It’s predicted that the cost of cyber-crime will quadruple what it was in 2015. Other IT risks include software non-compliance, which can bring shockingly stiff fines. Entities like the U.S. Army and the City of Denver have paid millions for unlicensed apps and/or underpayment of licenses. Even if you’re found compliant, just responding to a vendor audit can drain you of all your IT resources in a matter of weeks.

That’s why more companies are focusing on developing their SAM capabilities. As they grow toward a centralized, managed view of their software estates, they not only tighten up security and reduce vulnerabilities, they save money and optimize other resources as well.

Still, however, most companies still seem to take an ad hoc approach to managing their software portfolios. This includes organizations who think they are prepared just by having SAM tools and processes in place. Whether it’s through lack of resources or lack of knowledge – even among those who have taken those initial steps toward SAM – 90 percent still lack a proper level of preparedness.

Proper preparedness includes managing the full lifecycle of software assets from purchase to expiration. It also entails being able to protect your organization against future threats as well as optimizing your IT budget.

If this is you, and you’ve built a basic plan for responding to cyber threats and vendor audits, you’re in the “Reactive” stage of your SAM Maturity journey. This means you still have a long way to go.

quo;s next? How do you move from simply being able to respond to emergencies to actually getting value out of your nascent SAM plan? The key is to move from being reactive to proactive.

Awareness is key, but it’s only a start. You’re still probably spending a large chunk of your IT resources chasing after problems. That’s better than not being able to respond at all, but the issue with a problem-driven SAM plan is that when you spend all your time and money putting out fires, there’s nothing left for actual improvement. And in the cybersecurity minefield of today’s business environment that leaves your company seriously at risk, with threats and vulnerabilities mounting as your defenses become outdated.

Here are four signs that your organization is ready to move to the next level of software asset management:

1. Unexpected audits are draining you. If you’re confronted with an unexpected audit, every last resource you have may need to be dedicated to fulfilling those requirements.
2. Lack of visibility. Perhaps using a bring-your-own-device (BYOD) program is leaving your company vulnerable but you have no way of getting a handle on who has what device, not to mention the number of unapproved apps they’ve installed.
3. Software consumption issues. Meanwhile, marketing and sales departments have separate CRM programs with separate sets of data that really needs to be merged. And you have a sneaking feeling that accounting and HR are each using cloud storage vendors of their own choosing, creating overlapping assets at great cost to the company.
4. Inability to set spending thresholds. When it’s impossible to take an inventory of your complete software estate, it’s impossible to predict your needs in order to set a budget.

The chief benefit of implementing mature, proactive SAM is that you’re drastically reducing the risk of danger to your organization. By achieving a higher level of SAM Maturity, you can look forward to lower costs, tighter security, and peace of mind when it comes to future audits.

1. Lower Costs. When companies fall out of compliance, they are as much as inviting software audits from their vendors. Audits can run into the millions of dollars.
2. Tighter Security. With a tighter belt around your assets and your data, you’re taking an important step toward preventing cyber-attacks at your organization.
3. Better Control. Knowing the state of your software inventory means better control over EOS (end-of-service) applications, which can pose a major security risk as they are often targeted by cyber-criminals. Another vulnerability is software that’s no longer supported by the publisher.
4. Peace of Mind. Audits won’t be as taxing because you’ll be prepared – or you won’t have to suffer them at all. Did you know that the maturity of your SAM program is a determining factor in whether your organization gets audited by software vendors? When publishers know you’re on top of your game in managing your software, they tend to focus their auditing elsewhere.

So, the aim here is create an audit-ready software estate that’s compliant, secure, and fiscally under control. You know what you need, but how do you get there? What steps should you take to launch a proactive strategy for software asset management? An action plan that revolves around people, processes, and technology is the best way to make sure your organization is prepared for the journey ahead.

1. People. For company-wide alignment, you’ll need C-level support for your software management strategy. But that’s only the beginning. Once you’re set up with a new SAM plan, you’ll need awareness training at all levels, too. In addition, your team needs to understand complicated software licenses, entitlements, and consumption.
2. Processes. With executive buy-in and support, it’s time to get a handle on the processes that you’ll want to bring under the umbrella of the SAM tool you choose. It’s a good time to examine your software estate and identify which, if any, resources you might want to outsource. In addition, establishing a timeline for your goals puts everything into perspective and sets you on a path toward greater SAM maturity sooner rather than later. Plus, when you don’t fully assess the processes that run your organization, it’s more likely that you’ll end up choosing a SAM tool that doesn’t align with business needs.
3. Technology. SAM tools come in many shapes, sizes, and degrees of customization. Choosing one is, first, a matter of taking stock of your needs. One useful piece of technology will be a compliance audit. Even before that, it’s useful to use a SAM maturity tool that allows you to see where you currently stand in terms of managing your software estate. Once that’s established, it becomes easier to set goals, create a plan, and move forward on the road to SAM Maturity.

Having a reactive SAM program simply isn’t enough. Not only will working towards a mature, proactive SAM program reduce your risk, it will cut costs. By moving from reactive to proactive, worrying about staying secure and compliant will be a thing of the past.