Commercial Software Licensing Information Technology Asset Management (ITAM): Software License Management (SLM) Overview

Similar documents
Commercial Software Licensing

Report via OMB s Integrated Data Collection (IDC), 10

Cracking the Code on Software License Management

DOT.Comm Oversight Committee Policy

Software Asset Management on System z

How To Manage It Asset Management On Peoplesoft.Com

The Value of ITAM To IT Service Management. Presented by Daryl Frost. Copyright Burswood Information Solutions Limited 2015

MEMORANDUM FOR THE HEADS OF DEPARTMENTS AND AGENCIES

How To Protect A Publisher From Self Audit

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

PEOPLESOFT IT ASSET MANAGEMENT

Software Asset Management (SAM) and ITIL Service Management - together driving efficiency

Software Asset Management High Risk, High Reward

FEDERAL SOFTWARE LICENSES

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

The Power to Take Control of Software Assets

Software asset management White paper. Improving IT service delivery through an integrated approach to software asset management.

IBM Tivoli Asset Management for IT

Making the Business Case for IT Asset Management

IBM Maximo Asset Management for IT

IAITAM s Certified Hardware Asset Management Professional Course Syllabus

LANDesk Data Analytics

IIA Super Conference

AssetCenter 4.4. Total Asset Visibility and Control. Control Costs. Ensure Compliance. Reduce Complexity

Asset management guidelines

How To Get A License From A Business To A Computer (For A Business)

Software License Asset Management (SLAM) Part 1

How To Improve Mainframe Software Asset Management

Topic relevant selected content from the highest rated entries, typeset, printed and shipped.

Next Generation ITAM in the Cloud: Business Intelligence and Analytics as a Service

agility made possible

License management service

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT

IT Asset Management. White Paper

IAITAM s Certified Software Asset Manager Course Syllabus

Commercial Software Licensing

Information Technology Asset Management

Software Asset Management. The challenge

Gain IT asset visibility, control and automation

The Importance of Software Management: How Rationalizing Assets Creates Real Business Benefits

BMC Remedyforce Asset Management. Frequently Asked Questions

The World of IT Financial Management

TRACK BEYOND THE RACK MANAGING IT ASSETS ACROSS THE ENTERPRISE

Software Licenses Managing the Asset and Related Risks

Software License Management: 2012 Software License Management Benchmark Survey SOLUTION WHITE PAPER

A Provance White Paper

Software License Asset Management (SLAM) Part III

Dynamic Service Desk. Unified IT Management. Solution Overview

Unlock the code IT Asset Management

Altiris Asset Management Suite 7.1 from Symantec

IT ASSET MANAGEMENT.

Why you need an Automated Asset Management Solution

The CMDB: The Brain Behind IT Business Value

ITIL Asset and Configuration. Management in the Cloud

8 Tips for Winning the IT Asset Management Challenge START

Look around any workplace and you see Information Technology (IT) assets. If you are working in an average office environment, you probably have a

Department of Veterans Affairs VA Directive 6004 CONFIGURATION, CHANGE, AND RELEASE MANAGEMENT PROGRAMS

Peregrine. AssetCenter. Product Documentation. Asset Tracking solution. Part No. DAC-441-EN38

Software Asset Management: A view from two perspectives from the audit world

Version 1.0. IT Service Management & IT Asset Management Services (ITSM & ITAM Services) Governance Process

Information Technology Asset Management: Control and Compliance

Best Practices for Implementing Software Asset Management

Simplify and Automate IT

Maximo ITSM Product Suite. Francois Marais

Simplify and Automate IT

Software License Optimization and Compliance: 10 Best Practices

Software License Compliance Review

Software Asset Management Is your company prepared for a software audit?

CA Technologies saves $23 million through greater control of global IT assets

1.Business Advisor Series

What s new in AM 9.30 Accelerating business outcomes

Enabling ITIL Best Practices Through Oracle Enterprise Manager, Session # Ana Mccollum Enterprise Management, Product Management

Understanding the difference between Configuration Management, Asset Management, Inventory Management, Service Management and the CMDB

Commercial Software Licensing

The Altiris CMDB BECAUSE YOU HAVE A BUSINESS TO RUN, NOT JUST AN OPERATING SYSTEM

IBM Tivoli Netcool network management solutions for enterprise

5 CMDB GOOD PRACTICES

Software Licensing and Pricing Best Practices. Stewart Buchanan June 3, 2009 Gartner Webinar

Dublin City University

SNOW SOFTWARE. Fredrik Spolén Country Manager Sales Director. Norway Denmark Finland

CA Oblicore Guarantee for Managed Service Providers

zoomlens January 2012 Why General Counsel should care about Software Asset Management

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

Getting a head start in Software Asset Management

White Paper November BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management

Critical Issues in IT Asset Management

Altiris Asset Management Suite 7.1 SP2 from Symantec User Guide

HP OpenView AssetCenter

The Software Experts. Training Courses and Events

Symantec Asset Management Suite 7.6 powered by Altiris technology

Altiris Asset Management Suite 7.1 from Symantec User Guide

Project Charter Updated

Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER

Ten steps to free your budget

journey to a hybrid cloud

"Service Lifecycle Management strategies for CIOs"

TOP QUESTIONS ABOUT MICROSOFT AUDITS

PREFACE TO SELECTED INFORMATION DIRECTIVES CHIEF INFORMATION OFFICER MEMORANDUM

Configuration Management Explained

Transcription:

Commercial Software Licensing Information Technology Asset Management (ITAM): Software License Management (SLM) Overview April 2016

Webinar Information Audio dial-in number: 1-866-783-7350 Participant code: 6928919# URL: https://conference.apps.mil/webconf/esiwebinar Teleconference audio will be muted for all participants. Please submit any questions or comments via the webinar chat. Questions will be addressed at the end, time permitting. 1

DoD ESI Team / Instructor Introductions Jim Cecil IT Management Consultant, DoD CIO Enterprise IT asset management, portfolio management, strategic sourcing, and program management consultant with over 20 years of experience in managing and implementing commercial and custom information technology. PMP, CISM, CISSP, CSEP, CSDP, LSSGB, ITIL-F DAWIA PM & Purchasing Level II Training Tom Crawford IT Contracting SME, Contract Support to DoD ESI 20+ years in senior executive positions and consulting roles including DoD ESI. Previously VP at SAP, PeopleSoft, Oracle, and BMC. Former CEO of Cyber-Ark. Served in the U.S. Navy after graduating from the U.S. Naval Academy. 2

Table of Contents ITAM Overview Definition Definition Commercial ITAM Tools Federal Commercial Objectives / Benefits Objectives Industry Trends DoD Federal Scope Solution Architecture Component DoD Asset Lifecycle SLM Tools Component People / Roles Risks 3

Definition Objectives-Benefits Scope Asset Lifecycle A Basic Understanding of IT Asset Management IT Asset Management Software Hardware Networks, Routers, Switches Equipment Typically, tangible items you own, lease or license and intangible items like software applications or a digital or electronic product The methods and tools used to track asset inventory, location, usage and disposition of assets in your control or on your physical premises (not cloud-based) 4

Definition Objectives-Benefits Scope Asset Lifecycle A more detailed definition of ITAM ITAM is a function, a set of processes and a role served by one or more people in an Enterprise ITIL / SACM Asset management is a systematic process that joins contractual, financial, inventory, and IT governance functions to support life cycle management and strategic decision making for the IT environment. IT Governance 5

Definition Objectives-Benefits Scope Asset Lifecycle ITAM Benefits Inventory Control Security Cost Control Customer Service Know what you have & where it is Best business practice Basic fiduciary duty Enables self audit & compliance Ensure Security & Integrity Prevent unauthorized use Ensure security patches & recommended changes are deployed Avoid unnecessary purchases Entitlement Management Strategic Vendor Management Improve Experience Better Service Desk Response Better Efficiency Faster Response Time 6

Definition Objectives-Benefits Scope Asset Lifecycle Core Requirements WHAT IT ASSETS DO WE HAVE? HOW MANY DO WE HAVE? HOW & WHEN DID WE RECEIVE IT? WHO IS USING EACH ASSET? Authorized users only? HOW ARE THEY USED? Is a device a server or a laptop? Is software used IAW license? Define at the unit level e.g., a single router, server or software application Assets tagged by the manufacturer or publisher are helpful Are you using the authorized quantity? WHERE ARE THEY NOW? Are they deployed or sitting on a shelf? Have changes been received, deployed and recorded accurately? Can use the Delivery Order or license as the source for data 7

Definition Objectives-Benefits Scope Asset Lifecycle Summary of Objectives and Benefits IT Asset Management (ITAM) integrates the physical, technological, contractual, and financial aspects of information technology assets. ITAM business practices have a common set of objectives and benefits: Control inventory that is purchased and used. Reduce the cost of purchasing and managing assets. Select the proper tools for managing assets. Create standards and processes for managing assets. Achieve compliance with relevant standards and regulations. Improve IT service to end users. Manage the asset life cycle from planning to disposal. 8

Definition Objectives-Benefits Scope Asset Lifecycle LEVEL 1. IT Asset Management (ITAM) 2. Software Asset Management (SAM) Hardware Asset Management (HAM) 3. Software License Management (SLM) (SAM): Policies/procedures for managing software assets in an IT environment - should include license audits, upgrades, maintenance, etc. i.e., all changes (SLM): Policies/procedures for managing Software Licenses - should include license audits, upgrades, maintenance, etc. i.e., all changes 9

Definition Objectives-Benefits Scope Asset Lifecycle Asset Management Life-Cycle View Plan Need / Requirement Buy / Acquire Receive Deploy Modify/ Change Dispose / Expire Assess IT needs and measure against currently available assets. Move available assets to point of need or buy new items as required. Receive new assets and record receipt data. Deploy assets IAW plan and record location and other data. Use change mgmt. processes to identify, create, deploy and validate changes including asset retirement. 10

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Software License Management (SLM): A mechanism for systematically ensuring compliance with system vendor and independent software vendor (ISV) software licenses for example, maximum users, maximum nodes and maximum MIPS. (Gartner IT Glossary, May 7, 2015) Processes Technology Data Standards People 11

Definition Objectives-Benefits Scope Asset Lifecycle SLM Benefits Inventory Control Security Cost Control Customer Service Know what you have & where it is Avoid over deployment Track utilization Comply with license agreements Ensure License Security & Integrity Identify obsolete versions Identify vulnerable assets Provide secure alternatives Avoid piracy Avoid Unnecessary Licenses Optimize use of entitlements Manage vendor relationships Avoid compliance costs Improve Experience Better Service Desk Response Better Efficiency Faster Response Time 12

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks WHAT LICENSES DO WE HAVE? HOW MANY LICENSES DO WE HAVE? HOW & WHEN DID WE RECEIVE THE LICENSES? WHO IS USING THE LICENSES? Authorized users only? HOW ARE THE LICENSES USED? What are the permitted uses and who are the authorized users? Is software being used IAW license quantity and terms? WHERE ARE THE LICENSES NOW? Are the licenses deployed or sitting on a shelf? Have changes been received, deployed and accurately recorded? Define at the unit level e.g., a single software application license Software tagged by the publisher is helpful Are you using the authorized quantity? Can use the Delivery Order or license as the source for data 13

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks SLM Processes Optimize Resources Costly manual processes Administrative burden Enterprise SLM strategy Document ownership Identify rights Track usage Report compliance Optimized Reduce shelfware Select right products & bundles Negotiate volume purchases Maintain only what you use Risk: Compliance costs Cost: Excess spend 14

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Plan Need / Requirement Buy / Acquire Receive Deploy Modify/ Change Dispose / Expire SLM Application Conceptual Design Asset Attributes & Status Data Repositories Standards: Asset Identification, Entitlements Reporting 15

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Common SLM Reporting Data Source/Activity: Agreement/ Contract Receiving Deployment Description License agreement data and a completed, signed copy of the agreement (License Grant). Compare License receipt with license agreement. Document and resolve discrepancies. Device and location where software is deployed. Changes/ Modifications Details regarding software updates, patches, fixes, etc. Data Product Part Number Version Publisher/OEM Vendor Agreement date Quantity Price Entitlements Order/Agreement number Date of receipt Part number Quantity etc. Date Quantity Device Location User Organization Date (due & actual) Quantity Device Location of software changes 16

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Contract Data Management Considerations Access to Contracts & EULAs is Critical Data categories Product information product name, publisher product number (if available), quantity ordered Use Rights Entitlements Authorized uses Authorized users SLAs Service Level Requirements & Performance Penalties & Fees Warranty Derivative works ownership Maintenance and Support License Types: Perpetual Term/subscription Third party licenses Open Source Cloud computing/saas Test/development Educational Enterprise licensing 17

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Examples of Tools Identity Management CMDB / Common Software Library Asset Discovery Problem Reporting Contract Management Problem Management Inventory Management License Management Change Management 18

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Sample SLM Roles ITAM Director Establish and Implement ITAM Policies & Procedures SAM Manager Manage SAM Processes SLM Manager Manage SLM Processes Procurement & Contract Management IT Inventory Financial Management Change Management Record and enforce license terms including quantity and use rights Record and track all inventory records from receipt through retirement Record & track all dollar values Implement and execute change management 19

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Challenges with Intellectual Property & Impact on SLM Unique rights for each product / license Bundled third-party licenses Software embedded in hardware devices Tracking upgrades received through maintenance or software assurance Identifying and reconciling software products (purchased vs. installed) 20

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks Distribution Channels Complex Relationships Example 1: Direct to publisher (with third-party licenses) Third Party Publishers* Publisher Customer Example 2: Through System Integrator, with Distributor as Intermediary to Publisher Publisher Distributor Integrator Customer Example 3: Through Value Added Reseller (VAR) Publisher Value Added Reseller (VAR) Customer * e.g. run-time licenses, restricted use licenses, third party software developers, open source software 21

Definition Objectives-Benefits Solution Architecture SLM Tools People / Roles Risks SLM Summary SLM focuses on ensuring alignment between the licenses required and the licenses purchases Effective SLM reduces costs from buying too many or too few licenses and provides visibility into vulnerable software on your networks SLM is data driven, and relies on automation to collect software asset data from purchasing, contracting, and IT operations processes Unique skills are required * e.g. run-time licenses, restricted use licenses, third party software developers, open source software 22

Commercial ITAM Tools Industry Trends Wide Spectrum of Commercial ITAM/SLM Tools Decision support License Management / License Optimization Tools License optimization Compliance/audit reporting Service desk automation Asset discovery Operations IT Service Automation Tools Configuration management Network operations 23

Commercial ITAM Tools Industry Trends New Technology and Business Models are Driving Changes Software as a Service Virtualization Cloud Computing Mobile Computing Shared Resources 24

Commercial ITAM Tools Industry Trends Evolving License Models Are Increasing Complexity Subscription Licensing How do we pay? Enterprise Licenses How do we count? Open Source Software Who owns the code? 25

Commercial ITAM Tools Industry Trends Rapid Changes in the Software Industry Increase SLM Burdens Agile Development: Rapid Product Releases New Product Lines Technical Advances Hardware Performance Increases Corporate Mergers & Acquisitions Start-ups Standards Dynamic SLM Ecosystem 26

SLM in Policy Finance and accounting Information technology investment management Cyber security Accountability Stewardship Security 27

Federal DoD 1. 2. 3. 4. 5. 6. Federal Government Policy & Guidance Federal Policy & Guidance Reference GAO-14-413 Federal Software Licenses: Better Management Needed to Achieve Significant Savings Government-Wide Executive Order 13103 Computer Software Piracy (December 1998) Executive Order 13589 Promoting Efficient Spending (November 2011) NIST Information Security Continuous Monitoring (SP 800-137) Federal IT Acquisition Reform Act (FITARA) / FY15 NDAA Clinger-Cohen Act (1996) / USC Title 40 CIO Act / USC Title 10 DoD CIO Description May 2014 report that recommends adoption of leading practices for software license management across the Federal government Prevent and combat computer software piracy by U.S. Government Agencies. Establish procedures to ensure that the agency has present on its computers and uses only computer software not in violation of applicable copyright laws, including: (1) installed software inventories of the software on its computers; (2) authorization software inventories; and (3) adequate recordkeeping systems. Sec. 4. IT Devices. Assess current device inventories and usage ensure that they are not paying for unused or underutilized IT equipment, installed software, or services consider agency-wide IT solutions for desktop services, email, and collaboration tools. SP 800-137: (Asset Management) Maintain inventory of software and hardware within the organization. (License Management) Track license compliance, monitor usage status, and manage the software asset life cycle. Includes provisions that require the federal government to: inventory all IT and develop a federal strategic sourcing initiative for the use of government-wide software user license agreements. FITARA was included NDAA FY15. Designed to improve the way the federal government acquires, uses and disposes IT. Title 10 defines additional responsibilities for DoD & MILDEP CIOs. 28

Federal DoD 1. 2. 3. Policy Reference FY14 NDAA Section 935 & FY13 NDAA Section 937 Information Security Continuous Monitoring: JTF-GNO CTO 07-12 Deployment of Host Based Security System (HBSS), etc. DON Software Acquisition Training Requirements Description DoD Software License Inventory Reporting Plan and DoD Selected Software License Inventory data call Cyber Security Analytic Cloud (CSAC), Continuous Monitoring and Risk Scoring (CMRS), Host Based Security System (HBSS), Assured Compliance Assessment Solution (ACAS), etc. DASN AP memorandum requiring specialized software licensing training for all applicable DON contracting personnel. Related: DON IG: The Navy s Management of Software Licenses Needs Improvement (August 7, 2013) 4. DoD ESI / DFARS 207.84 Enterprise software agreements 5. Financial Improvement and Audit Readiness (FIAR) Recent DoD Policy & Guidance Accounting for Internal Use Software 29

SLM Methodology and Best Practices Int al Assn of IT Asset Managers (IAITAM) ITAM Professional Association Business Software Alliance (BSA) Pioneers compliance programs for legal software use Int l Business Software Management Assn (IBSMA) Nonprofit assn of bsns-focused software mgmt (SAM) professionals GSA IT Acquisition Gateway Software Corridor (hallways.cap.gsa.gov/itsoftware) Software Management Standards ISO/IEC 19770 IT Asset Management TagVault.org Neutral not-for-profit certification authority for software tagging NIST Common Platform Enumerator (CPE) Structured naming scheme for information technology systems, software, and packages Distributed Management Task Force (DMTF) Industry standards org. to simplify manageability of network-accessible technologies IT Management Frameworks IT Infr. Libr. Service Asset Config. Mgmt (ITIL SACM) Maintains asset information across the entire life cycle Control Objectives for Information & Related Technology (COBIT) NIST SP 800-137 NIST SP 800-53 Continuous Monitoring & Security Controls ISO/IEC 20000 IT Service Management 30

IT Governance IT Governance (ITG) defined by Gartner IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT demand governance (ITDG what IT should work on) is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits. ITDG is a business investment decision-making and oversight process, and it is a business management responsibility. IT supply-side governance (ITSG how IT should do what it does) is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and it is primarily a CIO responsibility. 31

Questions? Please submit your questions via the webinar chat. Briefing slides will be posted to www.esi.mil for download. Visit www.esi.mil For additional IT acquisition resources and training information 32

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information