The Data Dilemma: Building a Strong Software Asset Management Process

September 1, 2024, 5:06 am
Kaspersky Lab APAC
Kaspersky Lab APAC
CybersecurityDataHomeInternetITLabLearnSecurityServiceSoftware
Location: Russia, Moscow
Employees: 1001-5000
Founded date: 1997
In the world of technology, data is the lifeblood. Without it, organizations flounder. This is especially true for Software Asset Management (SAM). At its core, SAM is about understanding what software you have, how it’s used, and ensuring compliance with licensing agreements. But many organizations struggle at the starting line. They lack quality data. This article explores how to gather and validate data on software assets, paving the way for a robust SAM process.

Imagine a ship setting sail without a map. That’s what it’s like for companies without quality data. They drift aimlessly, unable to navigate the complexities of software management. The first step in any SAM journey is identifying data sources. Where do you find the information you need?

Start with inventory data. This includes details about devices and the software installed on them. Think of it as a treasure hunt. Your treasure? Information from various systems.

1. **IT Infrastructure Management Systems**: Tools like Microsoft SCCM help deploy software across devices. They provide a wealth of data about what’s installed and where.

2. **Security Systems**: Antivirus solutions like Kaspersky or SIEM systems often have inventory capabilities. They can automatically track devices and software installations.

3. **Monitoring Systems**: Tools such as Naumen Network Manager not only log events but also track technical specifications and installed software.

4. **Discovery Solutions**: Specialized tools like Lansweeper or GLPI can automatically inventory devices and software. They are the scouts of your data-gathering mission.

Once you’ve identified your sources, it’s time to collect data. But not all data is created equal. You need to ensure that your chosen systems gather the right information. For devices, this includes processor names, frequencies, and operating systems. For software, you need vendor names, product versions, and installation dates.

However, one system often doesn’t cover everything. It’s like trying to catch fish with a single net. You may need to aggregate data from multiple systems. For instance, use MS SCCM for Windows devices and Naumen for Linux.

Next, let’s talk about commercial data—information about purchased licenses. This is crucial for understanding compliance. Your sources here include:

- **Accounting or Contract Management Systems**: ERP systems like SAP or Oracle hold valuable data about software purchases.

- **Original Purchase Documents**: Scanned copies of contracts provide insights into what licenses were bought and under what terms.

When selecting a source for commercial data, ensure it contains detailed specifications. You need to know exactly what software was purchased and in what quantities.

Now, onto the collection phase. If you’ve chosen an antivirus system as your primary data source, check its coverage. Aim for at least 95% of devices. Why not 100%? Achieving complete coverage is nearly impossible. Some devices may have just been deployed or are offline. A 5% margin of error is acceptable.

Automate your inventory process. Daily updates ensure your data remains current. Remember, raw inventory data can be messy. Different vendors may list the same software under various names. Normalization is key. This process standardizes data, making it usable for SAM.

Don’t forget about the “noise” in your data. Language packs, drivers, and patches can clutter your records. Up to 45% of your inventory data might be irrelevant. Filtering this out before analysis is essential.

This is where specialized SAM systems shine. Tools like Naumen SAM automate normalization and filtering, saving time and reducing manual labor.

Next, you need to inventory your commercial data on licenses. This is where the rubber meets the road. You must find all contracts related to software licenses. Analyze each one for details on what was purchased, in what volume, and under what conditions.

This task can be daunting. Large organizations may have hundreds of contracts. Moreover, software names in contracts can vary, complicating the normalization process. If your contracts are stored in a structured format, it simplifies the task.

The ultimate goal is to create a unified database. This database should contain normalized data on installed software and commercial data on purchased licenses. With this information, you can generate compliance reports and identify risks.

In conclusion, building an effective SAM process requires a solid foundation of data collection and validation. Start by identifying your data sources—both inventory and commercial. Automate your inventory process to ensure up-to-date information. Normalize and filter your data to eliminate noise. Finally, create a comprehensive database that combines software usage and licensing information.

By following these steps, organizations can elevate their SAM maturity. They move from a reactive stance to a proactive approach, optimizing software usage and ensuring compliance. In the world of software management, quality data is not just an asset; it’s the compass guiding your ship through turbulent waters.