With software use prolific and vendors focused on compliance, organisations could be facing significant financial ramifications if they aren’t accurately licensed for the software that they use. To mitigate risks, it is vital to have a clear strategy for Software Asset Management.
Managing software licences in today’s rapidly evolving information technology (IT) landscape can be a complex task – and one that cuts across many functional areas of an organisation.
A company can be using thousands of software applications from various vendors, deployed across devices, networks and users. And while many think they have their Software Asset Management (SAM) under control, in reality they can have significant compliance risk exposure. In fact, an organisation may be spending 22 percent of its IT budget on software (Gartner), but struggle to know what software it owns, or whether it has the right number of licences for its people and ‘bots’.
Vendors have a right to ensure organisations are compliant, so not having a clear picture of licences and usage can have serious financial ramifications. In fact, in recent years, we have seen multiple examples of software vendors taking organisations to court for software licensing disputes. Some of these have exceeded $100 million in ‘technical findings’. Over the past 12 months in Australia alone, organisations have paid in excess of $100 million in settlements with various software vendors.
In addition to compliance and financial risks, without good SAM a company can be exposed to unnecessary costs, potential cyber risks, and can miss opportunities to leverage SAM to support key business decisions in technology adoptions such as AI, cognitive intelligence, IoT and Blockchain, facilitating a stronger link between technology, business and operational functions.
Here we look deeper at the challenges contributing to this risk environment, how good SAM can help to mitigate these risks, and how KPMG’s Software Asset Management as-a-Service (SAMaaS) model can make SAM much easier and more effective for organisations.
There are a number of forces adding to how complex today’s software environment is, and how compliance and financial risks are heightened.
These factors increase the need for a ‘source of truth’ about software assets, and a culture of best practice around maintaining that information base.
In an ideal world, an organisation would have complete visibility over its software usage across all of its environments, including data centres, virtualisation platforms, cloud subscriptions, and end-user computing devices – at all times. It would be in control of compliance, costs, and cyber security risks, rather than relying on external sources to help rectify issues after they happen.
With our SAMaaS approach we can help organisations bring this to life in a way that is ‘business as usual’.
Our SAMaaS is hosted in the cloud (or can be hosted on premise) and powered by a market leading SAM tool, coupled with our vast risk management, assurance, technology and data capabilities. It offers access to a broad range of subject matter experts throughout the KPMG global network (i.e. Cyber, Privacy, Asset Management, etc.). Our approach has three core modules:
Data is the core of successful SAM. Data management involves our professionals examining all software in use and related licences to produce a ‘baseline’ software licence position, followed by monthly updates. This provides insight into how many licences an organisation is entitled to, and how many licences it is currently using, thereby exposing any non-compliance and enabling the organisation to manage the attendant risk. As the data matures and becomes more trustworthy we can help organisations to use it to deliver real insights back to the organisation. For example, what software is being used most, where is it being used, and what software has access to the company’s data? Where is that information going?
We assist with regular data updating and reporting that identifies non-compliance. We help to plan a course of remediation, and provide oversight to ensure this remediation occurs.
Here, we help identify a pipeline of opportunities to change, amend, or optimise licensing to deliver cost savings as contracts come up for renewal.
To maximise the benefit of SAMaaS, we will work with you to integrate SAMaaS within your SAM operating model from both technology implementation and process augmentation perspectives, to ensure that the service successfully achieves the desired outcomes.
Complacency over SAM can lead to significant compliance, operational and financial risks, unnecessary costs, and even cyber or privacy risk exposure. Instead, a proactive approach can minimise these risks, and ensure the SAM Manager and team can focus on adding deeper value to the business.
Learn more about how Software Asset Management should be a function taken seriously in ITAM vs ITSM – why they should be separate.
