For a long time, the perception has been that the technology CIOs have managed has been physical hardware. Servers, SANs, desktops, laptops, switches, access points - all of these devices can be easily seen, quantified and valued. Explaining the cost of hardware to other C-Level executives and boards has been easy because hardware is tangible.
Software is a different proposition. Back when I started my career in IT, the CIO showed me a CD for the forecasting module of our ERP solution and told me that he was holding $100,000 in his hand. The physical media and the value seemed incongruous. However, that software represented thousands of hours and years of experience of the developers. Any asset with that value needs to be effectively managed.
Clayton Noble is the Co-Chair of the Business Software Alliance. His main responsibility is with enforcement and policy for the software companies that are members of BSA. The BSA has a second co-chair who is responsible for education about piracy.
Piracy does cost software developers money. However, many are becoming more savvy when it comes to combatting the steady leak of money. There's a significant effort in place so that pirated code is removed from online sharing sites quickly. There are also efforts made to prevent illegally distributed programs ever being uploaded. Vendors are also getting smarter about how they sell their software so that purchasing is becoming easier than pirating.
In Noble's view, the big issue for CIOs is the importance of Software Asset Management. "It's important because each of the members of the BSA and other companies rely on he organisations customers to remain compliant. By and large, software is licensed on a trust model where the code is handed over. We rely on organisations to retain control over the deployment of software. SAM is a key issue for organisations".
The BSA supplies tools to assist companies with SAM as well as tips and procedures.
The consequences for not maintaining compliance with software licensing can be quite substantial according to Noble with companies becoming potential liable for copyright infringement. However, that potential issue is only one of the substantial risks that businesses can face.
The BSA recommend a four-step approach to SAM. To start, the BSA suggests that appropriate policies and procedures are put in place. To assist with getting started, the BSA offers some sample documentation. This can cover situations where staff load personal software onto company assets. If that software isn't legal then the owner of the asset can be held responsible for the software under the Copyright Act.
Once the appropriate documentation is in place, an initial audit should be carried out. As well as detecting potential non-compliance, this audit can deliver a tangible benefit. "Often, companies don't know what licenses they've bight and end up double-purchasing and end up with a lot of shelf-ware that they're unaware of" according to Noble.
"A lot of BSA members offer free services where they'll pay for software asset management consultants to go in and asset the customer to determine what they've deployed and what they've licensed so they can get a snapshot of where they;re at so they can plan better and determine what licensing model is most cost effective and efficient" Noble said.
With the audit complete, the CIO is able to then understand what software they have that is legally licensed and what items there are for action. Illegally loaded software can be either removed or licenses can be purchased and a register of software, license keys and license numbers can be created and maintained.
The final step in the process is to move SAM form a project to a process and establish a schedule for regular software audits to ensure that non-compliance doesn't recur and that the business has the right software available for staff to do their jobs.
Software is an asset that is of value to a company and needs to e managed with the same diligence as other, more tangible, assets. There are positive benefits with extraneous licenses not being purchased and the risk management benefit of avoiding non-compliance with the copyright law.