Aureo hamo piscari, or “money talks…”

We live in a world constantly quantifying all things, preparing for sales, selling or, dealing with post-sales activities.

Thus Liza Minnelli was right all along and we all know that.

The thing is money isn’t everything, we all know that. However SAM is more or less all about money, well , maybe not money. SAM is the management of currency value, expressed in software, and so money expressed as value embedded in software, which is supposed to take part in production of goods or services contributing to organizations profits. So I often explain what we do using analogies, so here I’d say that all the things, including tools, software, rules, knowledge, frameworks, standards that constitute SAM are a form of currency, see it as a stack of chips at a poker table, where the poker table is both your environment, spend on software and services and at the same time the global software community, with its demands, rules and costs. The thing I learned about playing poker is, when you get to the table and you can’t identify the “sucker”, it’s because you’re the “sucker”, “the money cow” to be milked by everyone at the table.

I have had lately many discussions in various environments about aspects of SAM. To my surprise rather than clear focus on pain points and challenges in which solutions could be found, it is a dance around the money pot, guarded or approached by various sides of the argument. The thing for me is that it’s too early to be talking about money until customers challenges are clearly defined. Sure customer should know that solutions cost money, but I believe when there’s many levels of granularity, until it’s clear what we are talking about, we can’t discuss how much it will cost, unless you have a “solve-it-all-solution” or we are talking about a symbiotic relationship.

Me, myself?
I want the customer to get a ROI out of our interactions, rather than a TCO.
How so?
I see time as currency too. My motivation is to help the customer, and even though I’m also expected to help the customer to buy, I need to focus on helping the customer to understand where they are, help them see potential gains and focus areas, then address potential risks, gains, weigh costs of multiple scenarios against present situation, long before we start talking costs of the total solution and how much it will cost not to have this or that problem.


So the customer should in our meetings and talks see value coming out of their invested time, not only hearing my opinion, because since I work the topic I probably know what I’m talking about. The conversations should lead the customer to make choices, preferably towards a mutual benefit, for obvious reasons. They grow, we grow.
I find that some manufacturers understand that better than others, some others are more focused on selling of their products while perhaps forgetting about further developing their product to keep up with the rate of sales.
The last ones keep reminding me of all the calls I get as a private person, trying to sell me a piece of heaven through their for example electricity services. I’ll have a chat, because they might have something that they do, fitting me better than what I presently subscribe to, but I also find a lot of smoke being blown up my behind, and so I get factual; asking for a service allowing me lower costs and ability to foresee my costs, 3 years ahead. This is same as what I expect from a functional SAM program.
The fun starts right there, hearing them backing out of the conversation, because they make assumptions based on what I just said and conclude they can’t offer me what I ask.
All I said is that I wish to have lower costs (than I have now) and I wish to plan 3 years ahead.
So far none of these geniuses have asked me details on how much I pay presently and how I have set up transparency forward, nor the cost of it.
Why aren’t people asking questions when someone has clearly stated their requirements?
One of the main reasons I love working for Atea, is that one of the core values is curiosity, and so questions are being asked in order to understand the customer and their needs as a second nature. One of the biggest challenges hindering me from doing my job is people holding their cards to their chest thinking I’m a potential aggressor, when nothing could be further from the truth.

The trouble for the customer is to find out who they can trust (from their point of view) and as you all know, in life it’s very hard to know that. I think most of us take some risks choosing who to trust. It’s like playing games as children trying to understand who speaks the truth, who exaggerates, who is trying to trick us… I wish it would be as simple. The problem with software and it’s management is fairly comparable, you might be able to trust a product to some degree, might trust their support system, on time updates, and at some point feel let down all the same, although all worked beautifully first year, or even longer. So it’s not only who to trust, but also when to trust, to which degree and how to see when not to trust. The fact is, money talks. If I pay, I expect and if my expectations aren’t met, I find myself another vendor. Therefore I treat my customers from the same principle. I try to make sure we speak the same language, while being on the same page, while sitting in the same boat, and that we are rowing in the same direction. I see the relationship building from long term perspective, avoiding tactics straying from long term strategy. Because the fact is, while everyone talks strategy, I’m a pro, so I want to focus on talking logistics with the customer.

However I’m not the right person to talk about trust. I’m almost as paranoid as the average security guy, over protective of my customers, but I also ask myself, if I can be trusted, because I’m human and sometimes I make decisions from a limited perspective. I might want to shine, my ego has become bloated in some context, or worse, I feel down by too many lessons at too short of a time, am I the best advisor then? How to always maintain perspective of the customers (as an organization, not only the person I work with or towards).
How to help them to the best decisions short of taking on their environment and managing it for them?

Thing is I’m a big fan of a bonus-manus system. High risk – high yield -scenarios. Building a relationship where we share profits, risks and of course penalties, at least to some degree, allowing mutual trust due to mutual self-interests. Is there a better kind of trust? It certainly is quantifiable.

I call this approach “balls-out”, because I take on a degree of risk from the customer and share in success and failure alike. What I found is that many are happily talking about one taking on some of their risks, but much less enthusiastically want to talk about sharing profits.

So my question to myself now is: are we all so egocentrically self-absorbed we miss out on the benefits of a symbiotic relationship, simply because of the fear of missing out from “whatever scenarios”?
Haven’t we really evolved beyond petty brain-stem fears?

Is ignorance a bliss?

“Most human beings have an almost infinite capacity for taking things for granted.”
–Aldous Huxley

Above reminds me of another quote, often attributed to Albert Einstein, about limitations of the universe and human stupidity (which is a quote from a Fritz Perls book, quoting supposedly what Einstein would have said to Fritz, the astronomer).
Perhaps Aldous discovered the primary reason, why we feel people may or may not be of a certain standard, at a moment, or in general.
It may be, that’s the human condition in a nutshell? Now regardless of the reason for why organizations perform less than expected, with lower quality output than expected, or in any number of ways, worse than expected, it is certainly because of people and whatever the human condition may be.

I guess this is because of our residual image of ourselves, digital or otherwise, a construct of mind we have of ourselves and thus also others, which is why we seldom take things for what they are and rather try to make it as it fits ourselves at a moment.

In Software Asset Management self-deception is the primary cause of failure. As we often say (some of us, anyway) belief is something we may do in church, but in this business, we either know, or we don’t.

So the idea is, to have an idea, of what one wishes to achieve, then keep working at it, until it’s a simple line of text, describing your mission statement.

Now, that I’m finished with the intro and “Ignorantia est lætitia“, let’s get back to the issue at hand.
I have recently switched sides, to the external “service provider corner” from being an in-house, all you can use me “asset”.
I used to call myself “a chair”; simply because that’s how I sometimes felt not without humor, of course.

Why self-deception? Well, we are humans, and we humans tell ourselves things. We are so good at it that we can become blind to the truth, and see only the lies we are comfortable with. This seems to be true, regardless of the chair we happen to sit in and the funny part is that sometimes we can see it coming from “some other chair” plain as day.

I have been made “upset” twice last week. I wanted to use the word “stirr, stirred and the stirr” but didn’t manage to find a form a dictionary would agree to, the way I wished to use it and so since I’m no Shakespeare, I changed the word.
Firstly, when I was asked a question by a former colleague about something rather obvious to me being a potential disaster in the making down the line.
Secondly being visited by a ghost from the past. Namely after having a collision with common publishers return to auditing their clients, although they call it “revision or review”. This even though they have made the move to named licensing a while ago and publically announced discarding the need for audits as of the end of 2015.

Let’s start with agitation number one.

The company in question has been introducing a global service provider to outsource most of its IT services. That can work to some degree of course. Unfortunately in the process of outsourcing, they ended up without certain key assets, able to make sense of the mess, aka some SAM professionals. Now, that isn’t the trouble, if you have options. In this case, some of the management of entitlements went back to local departments. And thus local departments are now to manage their software assets with all that entails. The question I was asked was: facing a request from the up-top, an absolute reduction of cost is preferred. Can it be done?
The trouble here is that this reduction affects former work. The produce of labour and intellectual property on which more work is based. Which is on file for a reason, needs still to be accessed for use, for an unforeseen number of years ahead.
Ergo, the idea is to discontinue the update and the support part of the maintenance contract for all licenses. This leaves ageing assets to the merciless life cycle of the operating systems. Regardless of the long term costs, the risk of inability to use the software and thus losing access to previously created work is quite substantial.
Of course, I advised reducing active license count to as low, as the management could live with, and maintain until no longer needed. For archived work purposes, one license would suffice and guarantee business continuity at least.
The only alternative with sense is to convert the work to some other format(s). This being a more cumbersome and costly alternative. The comment I received was that the management wanted to discontinue the product entirely. I’m good, but I’m no magician…

The agitation number two,

regards revisiting a waste of time and resources of IT departments by publishers policies, which directly reflect on their hidden source of income and agenda, meaning dreaded audits.

For me, an audit is an aggressive negotiation method. The publisher wishes to make money by more or less forcing the organization into buying more licenses through proving a none-compliance. It is cannibalization of their customer base, but hey, they are just trying to survive.

Yes, the publisher has absolute rights to their IP property, which the executable code is. They have the right to request several things, but since they have moved towards named licensingwhich evidently enforces compliance and subscriptions which changed the model from pay for “ownership” to “right to use as long as you keep paying”, they can’t call it an audit, so they call it a review with an agenda: they wish to help their customers to manage and get the best value out of their software by requesting detailed logs or running their auditing software.
I believe they call it something else nowadays, but the fact is, it is still the same annoying process, again. The king was dead, long live the king. They might be looking at different things now, so they have evolved, but for most companies, the push to named licensing was to get rid of the annoying time and resource-consuming software audits as main motivation. Fact is this is how this publisher more or less enforced taking back what was sold only to lease it.

And so, from my side, as a Business Software Alliance certified SAM professional, I have to represent both sides and quite objectively at that. And yes, it creates a conflict of interest here at some intersections. I have to assist the customer to the best of my ability, as well as protect the IP rights of the publisher. The question I ask myself time and time again since the aforementioned agitation is: If the publisher always keeps changing the game and one can’t trust what they say, claim or do (or ask) (subjectively) how flexibly honest can a customer be towards such a publisher and should we judge them for it if they were? I always presume innocense until proven guilty.

Luckily for me, I’m not a customer anymore, nor do I directly represent one. If this was a personal relationship of mine, and my partner would behave like this claiming things, and then do the opposite, I would have ended the relationship, not being able to trust the partner. At best it’s hypocrisy, at worst a blatant lie. Since there’s always plenty of fish in the sea moving on would make logical sense. And even here, there’s plenty of alternatives, which makes me ask another simple question: Why choosing or sticking with such a publisher?

It reminds me of listening to a, let’s call it a lecture, once, asking the audience: What is quality?
I then, just as many others, answered that: quality is subjective to the perceiving party and their expectations.
The reply I received back was then an absolute: No! “The definition of quality is conformance to requirements (requirements meaning both the product and the customer’s requirements). The system of quality is prevention. The performance standard is zero defects (relative to requirements). The measurement of quality is the price of nonconformance.”
A statement (a mantra) that I have adopted as my own set of values, ever since.
And thus I will do my best to represent my customer, following the rules I must follow, as I must. My grandma used to say, if you agreed to work as a horse, pull the darn wagon.

And so we end up at the end, again, proving that self-deception indeed makes companies make choices no company should make. That in regards to maintaining their business continuity. Or as in this case, risking it.
In addition, we should evaluate our use of software where the publishers seem to only care about their income budgets, feeling free to go back on their word, under a new pretext. In SAM terms this is Relationship management. Should I interpret the ISO19770 here to the word, I’d say this publisher is none-compliant, but then again, what do I know?

Flectere si nequeo superos, Acheronta movebo

Or as the Virgil quote says, “If I can not bend the will of Heaven, I shall move Hell.”
I’m having a moan tonight about misconceptions centered around tools, choice of tools, the reason for tools when the simplicity of the path ahead is neither understood nor defined. What I’m saying is, know why you do anything before you start doing it… And yes I could get to the point right here, but I’m not trying to sell you anything and you’re not paying, so you’ll either read the whole thing or not, your choice :p

Apologies, I have been busy. At this point, I shall not disclose what I have been so busy with, as the process goes on and might do so, for a while yet. All I can reveal at this point is that: I and my old partner in crime (Stian, in case you wonder) have been trying to redefine SAM, in a manner. Not so much the ISO behind it, as rather how to explain SAM in a few well-chosen sentences. That part has gone well. It’s not Plato’s Allegory of the cave, but it works and it does so in about 20 seconds. However, in the process, there’s more to explain. I am accustomed to using words and prose, much less alas, drawing, painting a picture, or creating stunning presentations. (Presentations are not US in this case)

What bothers me the most is that I can’t find easily accessible content in form of pictures, illustrations, or graphs to use. Everything must be created from scratch. One of the questions needing answers is making the wallet holder, the customer, sponsor, stakeholder, or otherwise “the money bag” understand the benefits of SAM. It’s not my meaning to come with derogatory references. I try to exemplify my point, those who make funding decisions do not understand the world of SAM. They don’t understand how many moving parts it is, what it takes to maintain them all, and also, regretfully don’t understand, that even SAM tools not only come with a maintenance cost, they also require significant upkeep to perform well.
Also, they actually have to be tailored to the business at hand, how the business is built, how it functions, and many more aspects of what a business can be. If you are thinking that the goal of your SAM is or should be compliance, save yourself the money and your nerves and rather pay the fines. I think it will be more pleasant, although expensive and defamatory.

Let me be honest. I have built (together with a team), once, a fully functional, ISO19770 compliant, partially (mostly) automated SAM system within a huge, ever-changing, 40 000 people organization, through mergers, acquisitions, joint-ventures, and divestitures. ONCE. (I have also run it for many years, but that’s beside the point)

Let me be equally honest, without full backing and interest of a “C-level” management, well, it’s hard to impossible. I know, this argument is used often, but for other reasons than you might initially think. You are then actually asked to help salesmen to sell you a “solution” when they use the C-level management support. I’m saying it to you, because if your management doesn’t understand why “all those costs and resources”, what the benefits are and could be, they will either buy in partly and for a time, or not really. And without their interest and support, you will always be a “Don Quijote”.
Let me come with further confessions: just compliance isn’t worth it. It costs too much to keep people in the “know”, motivate them, have your internal resources sweat doing endless renewals, true-ups for a result which you can outsource a few times a year, which will be performed more accurately, faster, and with less risk than your super-shared, undervalued IT resources. Save your money and your nerves and take the bus, let someone else do this for you, and pay the fines in the worst case(because you asked them to do compliance on a publisher or set of products, not your estate). Investing in compliance, as a result, is like buying a car, without being able to afford the gas. SAM is a team-sport, SAM is not IT, it supports IT, SAM caters to IT, caters to management, to business functions, and the “whatever” business itself. SAM best benefits finance, contracting, procurement. Once you understand the ultimate goal of SAM you will understand why it’s not really IT.
The meaning and ultimate reason for SAM is really simple: It is to produce the cost of doing business(from a software perspective). When I feel like it, I will explain it in more detail, but for now please trust me. Just keep in mind that the point of SAM is not to juggle licenses, but to manage the value invested in the software portfolio, meaning money(which is why we refer to licenses as assets), and on the opposite side meet legal and regulatory requirements, meaning do what you agreed to as soon a piece of software was installed, because with disregard of who installed it or why, he or she just bound your entire organization by clicking Accept, in order to install it. In other words, a legal contract has been entered between your organization and the software publisher/licensor. Now, good luck 😉

Many organizations purchase some sort of a SAM tool thinking, their prayers have been answered. There’s absolutely nothing wrong with that. There are no good nor bad tools. There are only tools meeting your requirements, there are tools offering more than you could possibly require, and tools seemingly offering you what you want, mostly because you don’t know what you want.
As with all tools, for good manufacturing of results, you actually need a professional, who not only possesses the skill, understanding, and experience but also an iron will to battle the management and the rest of the organization(it is the irony of SAM, that SAM must continuously justify itself).

Why? That’s a long story and not the aim of this article. As with most of my articles, I choose to discuss the topic at heart, and in this case, I wish to debate misconceptions and indirectly how selling points for (some, any) SAM software became the goal of SAM on the internet and among some SAM groups, somehow. Therefore for future reference, I’m totally agnostic, to the point of being a purist, of sorts.

Let me start with: Gartner is a provider of information, trends and research analysis. They are good at what they do and the info they provide is mostly willingly provided by people. Should you wish to quote information from Gartner and their magic quadrant, please read what Gartner is first, what they do, then please consider what data topic you are viewing and for a moment consider who is publishing the information, how, for whom, and why. For those who missed the point, Gartner gathers, collates and analyzes information from external sources. They are a research company, they don’t build anything, they don’t invent anything, and last time I checked and heard, Gartner doesn’t employ people to sift through logs of various organizations and create order out of chaos for them. They research. If they have real-life data or not, I don’t know. I’m guessing they don’t because if I worked SAM within an organization or was responsible for a company I wouldn’t share my findings with any outside organization, aside from my LAR or my SAM partner.
For the same reason as to why politicians never really commit to anything or why you should never talk to the arresting police officer (you should speak to your lawyer).
Now consider qui bono, who benefits? The most important part is to keep in mind, that although companies like Gartner are good at what they do, they don’t read minds and do not necessarily know your needs.

So what I’m saying is, please do your own research, if you don’t have resources, then hire some. It is so difficult to explain to a customer that because you didn’t do your due diligence for decades, and because you assumed that what you read in one article is the absolute truth, now we have to unwind all that you have done, then undo years of neglect before we can start to actually address the problems.

I’m assuming that most critical thinkers would do their own research, check all facts presented and make their own opinion, if possible. Everyone else will adopt some other strategy, best suited to their own characters. There’s nothing wrong with either side, the question is, what do you need and how can you get it.
It’s the same question since the cavemen, although the subject of the questions changes, it’s still about “how do we achieve what we want.”

With that being said, my firm opinion on SAM tools is: requirements, requirements, requirements.

You, as the customer, will either ask informed questions and double-check the data, or you won’t. If you have never dealt with versioning, releases, testing, deployments, version succession, implementations, migrations, or consolidations, your chances of getting it right will depend on the articles you read and their angle or consultants you hire and their experiences.

If you will (do your diligence), you will start analyzing your organization’s situation, your needs and after a while, you will discover that you need a professional just to understand what you need. If you won’t(do your diligence), well, you will either spend money on whatever is being recommended to you by whatever source you chose as your Pythia, or you will some other way come to “some conclusion” and miss some valid points, potentially. The important part is to remember, we are all ourselves responsible for our actions, and also for the lack of action in some cases. I remember a case where the customer has purchased a “system”, we can call it simply software. Most companies that I know use something like that, so it’s very common. The client has passed on all security options. If this was because he had no clue, or because he thought security issues won’t happen in his organization or whatever else he might have thought, he passed. It didn’t take long before he was hacked. Severely. To that he didn’t have any insurance covering it. So he tried to put blame on everyone, from the selling organization to the manufacturer, to the insurance company he had, because in his mind they should have told him. Of course, he was to blame. And yes he was advised, yet chose to save money. So who’s to blame here? Good question. Personally, I ask myself often if humanity can actually keep up with the commercialism ruling the world.

Let me give you a free tip: you need a couple of systems/software for recording and keeping records and on top of that, you need a discovery/inventory tool. You can get away with a good inventory/discovery piece, but only if your process will support it. The problem with that is the waste of time anyone wishes to have access to some specific data set regarding your contracts or licenses, costs, state of maintenance, etc. But you might feel you saved some costs if you skip it. I don’t recommend it, but you can try.
Then you need a way or system to reconcile the records to give you the actual results you wish to have. If you are thinking that Excel will solve most of your needs, I’ll say only: time is money and people make mistakes.


In addition to the above, you need professionals who know what they are doing (licensing rules change often, systems have weaknesses for which you are responsible for) and you need processes because there is no software that does it all for you and people need a path to follow, especially if you want measurable repeatable results.
One more free tip for you: SAM is a program, not a project, it doesn’t end and you can’t budget for it all.

So if you think you have chosen well, because you just spend a lot of money on a system (let’s rejoice it wasn’t your money), although you did not check your own needs and thus requirements, you are still right, because you chose one of the expensive ones or perhaps even the most expensive one. Congrats!

(There’s a whole scene from a movie I’d love to quote for you, but I’ll let you feel good about your decision instead and not quote it, aside from a short ending of the scene: “How do you like them apples?”, although this punchline will come later, and most likely it will hit the organization in the face and not specifically you because although someone was responsible for acquiring “this”, they usually are not accountable for results of that aqcuisition later)

However more and more I see organizations that chose a tool, an expensive tool at that, and after a while, they discontinue the tool.
It might be they didn’t see any value in it, or they stopped seeing any value in it. And yes, in both cases they are right. On one end, they bought a car, and for whatever reason, couldn’t use it. On the other, after reaching the initial benefits of scratching the surface (yes, only the surface!) they discontinued because taking a bus was cheaper. And I do not blame them, nor do I blame anyone else. The thing is, this is exactly where I will come in.

Firstly, I don’t blame people for not wanting to read through the ISO documentation. It is massive and for someone with little interest, it would be like reading technical documentation of the car’s electrical systems (pun intended in these electric car times). You can still drive, although you haven’t read it, and although you don’t understand how the car actually functions.

Secondly, you completely missed the point. ISO19770 is not the instruction manual on how to operate a car, it’s instruction on how to build a system capable of having a car/cars driven within it efficiently, and maintained. It only describes how to best create a system to manage the various aspects of managing your software portfolio in other words. It will not provide you with compliance. Systems won’t provide you with compliance, how you handle everything, the process in place, people who know what they are doing every single action they take, that and then some will give you compliance. Breaking down entitlements, keeping meticulous records, and having the capability to run a reconciliation will get you closer to that goal. Or call me.

So let’s make it simple:
SAM is a practice of how to manage your software portfolio and all aspects of interacting with it. SAM’s goals are many, but the ultimate goal is to get out of it what using the software you lease, own, rent, or otherwise use, costs you, so that you can price your services or products accordingly.
After all, you want to know how much it costs you to make that pencil, that computer, or provide that service, so that you don’t rob your customer blind or so that you don’t lose on whatever it is you are doing for your customers.

You can get your TCO, your ROI, and many other acronyms too, but it’s not as easy as the software vendors make it sound, and no, it’s not automatic. It costs aside of money, serious time, significant blood, buckets of sweat, and occasional tears (and in my case hair from the top of my scalp rather than any tears).

Disclaimer: If you make pencils, you most likely do not need a SAM program and you have probably googled something and ended with this article.
I hope reading it was as entertaining for you as it was writing it for me, even though the potential benefits of reading it is simply this confirmation, making it obvious for you, as a pencil maker, not to invest in any SAM tools, since you now know, you don’t need them.

For all others: being compliant is a requirement from software publishers, vendors, and your national taxation office, it is not the goal of SAM, but it is a by-product of having a SAM program!
If you haven’t understood this yet, please read the article again.

Nullum beneficium est impunitum

No good deed goes unpunished, right?
I suppose we all mean well, but isn’t it true that the road to hell is paved with good intentions?
I have left my Alma mater, meaning well for everyone involved. For the company, the younger colleagues, myself to some degree. I have learned (again) that whatever one’s plans are, if some people are right, God, the creator, the grand architect, or any denomination anyone might use, is laughing…
The same with this blog. Decided today is a good day to clean up spam comments. I found in them the biggest repository of links to pornographic content embedded in those comments. I’m so happy I decided to moderate the comments…

I also (today) discussed with a client on the topic of presented work so far and of course, the dreaded by them future invoicing and decided to drop the topic, project and withdraw my involvement destroying the data and in-process admitting to myself that better this way than the alternative issues-at-every-step in strange cost avoidance strategy.

In a way, I feel ashamed on behalf of those who in fear of what covid-19 restrictions will do to the(ir) business world behave in such a petty way. Should they read this topic, well, it is meant for you… Fool me once shame on me, there won’t be a second chance, shame on you.

It also made me think of all honor agreements one makes with vendors throughout one’s involvement in a (software) portfolio and I can’t help but wonder, how long will those be honored in these times of turmoil, fear, and insecurities.
As I’m sure everyone knows by now, some major vendors have announced their interest in auditing their own clients thereby opening the long-discussed topic of cannibalization of their own customer base. This is when all the petty topics will start showing up on agendas and the internal IT as well as “IT hired guns” aka consultants will have more than enough to do just communicating and responding to demands.
I was once asked about milestones in my professional life which I answered that I believe that realization that it’s “All ‘Bout the Money” which incidentally and instantly reminded me of a song by “Meja” from her album “seven sisters” so I tried not to laugh right out, right there, at the interview.

So what can I say, my brain is wired weirdly, it’s like a huge database where any value may be a primary key linking various values together, each potentially a primary key, related or not. So it’s like the lyrics of that particular just mentioned song. I do find another world in my mind…
This relating to SAM can be helpful to identify an executable without performing any lookups and making a decision on known internal policies, all in a flash of a second because all that information is readily available and ready for the brain to instantly act on it, should the operator choose to.

Meanwhile, I see everywhere bots are implemented on the web to perform basic customer service. It is called grandly AI. So far not noticed any intelligence, but artificial, whatever it is, I’m sure it is. In terms of me, it only succeeds in annoying me to use one word, meaning “human” for it to place me in the queue awaiting someone, an actual person, who can use their brain and help me in whatever scenario applicable to the moment.

Don’t get me wrong, I love automation, but it has to serve a purpose and provide customer value. This AI-response-engine seems rather displace customer service, one with actual people who can solve issues and problems and follow up on them. It provides a shitty, semi-automated FAQ. And all of this would be great if the companies and services in question would also reduce the cost of their products or services as part of the process. They don’t seem to though. The same with replacing actual customer service with surely well-educated people in cheap labor countries where they are pleasantly asking if they can help with something else, often after not being able to resolve the initial query.
Either “improvement” does not reduce any costs for the customers, does not provide any value for the customer, and seems only to line the pockets for the product manufacturer, vendor, or service provider as well as someone on top of some organization who talked them into buying this “crap”.

My judgment dear C level executives, albeit harsh: think global, but act locally. Hire people where they are needed, speaking the local language and knowing local customs, educate them, some of them will stay and will be proud to provide highest possible service, taking pride in their work and thus also bringing more customers to their place of work, because who would not become interested in a companies products and services meeting their fulfilled, happy and knowledgable employees?
If you wish to put an “AI” to work, let it sort cases, emails, and sending them to correct queues speeding up the initial query. That’s all it seems to be good for. Dear companies, please stop saving money on customer-facing parts of your services. Don’t you know, “you get what you pay for”? Maybe for a while, your customers, existing and new might choose to stay or become your customer despite this novelty, but take it from a customer, which I am as most people, they will look for another supplier. It is really just a matter of time. How can I be sure? I stopped using automated payment machines replacing tellers, I also now ignore service providers using “these things called AI” in regards to new services and products and I will review my existing ones too eventually.
I will not be doing any of the work that is yours to any degree and should your customer service not be satisfactory, I am sorry, but you will not get another chance to disappoint me.
And so, no good deed goes unpunished? We all mean well, but consider this: we witness surely well-meant actions, leading until now some customers to make a change in their habits. Are we on the road to hell? Which leads to another question, hell for who? For me, it is clear, if I’m paying with the money I had to earn with hard work, it will not be my hell… I’ll rather deal with people

(some) Principles (of SAM)

One of the most important parts of owning anything is knowing what one owns, in what state it is, maintaining as good a state one can, and know where it is.

Personally, I’m not the minimalist I used to be.

Perhaps I don’t feel the need to anymore, or perhaps my ability to assess what I need and what I may need has been diminished. Perhaps I adopted an “it’s good to have” attitude, again. Or maybe I’m just too busy and too tired to be as agile towards life’s challenges as I used to be? To be able to pack my stuff and move across distances, across borders, and such. I think I settled…

I used to be very good at knowing what I have, where, and I was periodically getting rid of things I did not need. I was good at recycling, reusing, not inventing or reinventing the wheel, again and again.

With that being said, I still decently keep track of everything I have, where it is, as a reflex, yet now, also in my personal life, I use software and systems.

ITAM is much like that. It’s a set of principles, processes, procedures, tools, and techniques to keep track of the IT assets the company is the owner of, permanently, or for a time.

The absolute must in terms of ITAM is having an overview or ability and methods to get that overview on demand. The overview should present at least a ratio of 80% tracked assets in operations and up to 20% assets in “transitions”.
Preferably a 90% / 10%, but one takes what one can get.

In large company’s, there’s a huge amount of stationary computers. These seldom move, unless they are not needed and thus moved to storage (stock) or they break and so those are “in repair”. With disregard to the asset’s current status, this status should change as soon as assets status changes. This is very difficult to achieve if you as a manager intent to track this manually. That’s why God invented barcodes, tracking chips, and monitoring hardware/software. The darn thing is: most companies won’t invest in such systems because of “having enough” of employees, won’t develop their own because they don’t have enough developers, and will not adapt and adopt existing for the same reason as developing from scratch. Customization costs, yet adapting to a system means often taking shortcuts over a scenic route.

I did a calculation based on the known number of participants performing an add-on inventory and found that investing in a tracking system would be covered by the extra amount of hours put in by employees. The added value in having such a system is at all times having control of your assets, provided the process is followed, aided, and supported by the tracking systems.

In terms of movable assets, as in portable devices, we are facing much larger issues than ever. Smartphones, tablets, various hybrid devices, laptops are in constant movement. They move in and out of the office, travel, break, are shipped, purchased, resold, stored,  get stolen, or even lost.

The issue isn’t tracking them at all times, but rather split the tracking into processes and implement procedures to make sure they are tracked to a minimum degree, when moving, leaving, breaking, being stored, or shipped. You might have correctly noticed that I did not write deployed. This is because you surely use a system like SCCM where you are deploying software, but also keep track of the deployed hardware. Thus when assets are in operating status, they should be in principle for an agreed period of time be tracked at each logon to the device.

There are many possibilities, regardless of if the company was formed recently or has been successively built over years. The most important part is to always remember that regardless of how things used to be done, there’s a guiding principle, defined processes, and procedures now. The only constant in this universe is: change and thus things change now and then. Being mindful of this and communicated clearly to the environment is easier to say than to do. I believe, given my own experiences which I now commit to written form, that any company is able to track their hardware and thus also software. This “book” will mainly focus on Software Asset Management, however since software are located on hardware, devices are part of scope at all times, not only because of software location but also and primarily because software licenses refer to the very platform on which software now is installed.

Software and their licenses, that is, which governs indirectly how, where and by how many or for which period of time they may be used. Since rules can be out into a system it’s a rather short walk from knowing the path to walking it, meaning being compliant.

I tend to consider, speak of, write about licenses as entities having a life of their own.

Now and then I refer to licenses the same as I’m referring to permits, including a driver’s license. Sometimes I refer to them as assets.

Licenses are not just one thing. At least not to me. But let’s start from the beginning.

At some point, software manufacturers realized that providing a copy of executable code requires some sort of regulations, and licenses were born.

I can’t say when this became clear to me. I do remember however when my journey in software asset management begun. It was with a EULA of Windows 95a, during one of the largest in history rollouts of personal computers in Scandinavia. I remember it with mixed feelings because at the time I was working for a third-party company selling BPO services to one of the leading pc manufacturers to date. Today the building, computer network, software, and above all individuals involved would be referred to as call centers. Back then I’m not sure what words we used to describe our jobs. I don’t intend to write much about that part of my evolution, but I feel it is worth mentioning that I started with SAM on a cold winter night, out of an office in Copenhagen, commuting there from Malmoe, where I lived. It started through reading an OEM Eula, and I did so because of a customer asking a few questions, I did not know the answer to.

Over the years I must have read thousands of contracts, license agreements, EULA’s. At least as many times, I’ve ended up in heated discussions on rules applying to particular situations. These situations are referred to now as scenarios, while the rules are terms and entitlements. I still think with fondness to the times where I started to understand the partly legal partly technical jibberish that license agreements are which intends to cover the economic responsibilities manufacturer enforces on the user, since they can’t do so in praxis, often prior to using the software or actually having a complete understanding of the use-case past their own need.

And so how to understand them depends on scenarios, and scenarios are the situation your organization is in.

This “book” isn’t about how to interpret a licensing agreement and so I’ll touch on terms and entitlements sporadically as it serves my purpose.

The most important part to think about is the lifecycle and some less important accounting rules, then legal rules depending on the country of use, but that depends on your view. I’ll focus here on a view from SAM perspective.

Licenses are thus permissions of sorts, to use purchased functionality through a media, the software, in which these functions are embedded.

In simple terms, in order to work with numbers and lists, you may have decided that Excel is the best software. Excel is part of the office suite, and Microsoft Office is licensed in various ways, depending on suite and channel, aka how you have purchased it. Of course, you may only purchase Excel for your purposes, which is still possible. The point is, you have, and the terms now dictate what you may do with your copy, how you may deploy it, how and where it can be used.

Licenses therefore in general describe what is the object of the terms and entitlement, how it may be used, by how many, where, how, under which conditions. As the terms are the latest agreed upon by usage, when a piece of software is installed, regardless of you reading the rules or not, the rules are enforceable by law, and whatever bullshit, story, explanation you might have for not following them, you’ll pay nonetheless if caught. An army of lawyers can help, but unless you’re a software factory by definition, you might end up being legally caught up in litigations for years (that’s a cost), your IT may be busy trying to cover it all up as their main occupation, instead of just paying the fines. Even if you win in the end, your overhead costs will still be equal to paying and following the rules or paying the fine. In addition, no vendor will seriously sell you the software you may need, which may force you to develop everything yourself, and that without the possibility to use smart development tools may be more expensive than you can possibly imagine.

The common misconception is that if you have tools, you don’t need a schooled and experienced staff. That when you have staff you don’t need many tools, and an even worse one: once you buy something and hire some people, then there will be no more costs. You’re wrong.

Lifecycles.

There’s time to rest, time to cry, time to play, and time to die, I heard once. This sentence is the source of my ideology and cornerstone of asset management.

Do you remember 286, 386, 486 computers? I think back then Bill Gates mentioned something about never needing more than 660kb memory? I retired a 486 for a friend in his store some 10 years ago, migrating him to a Pentium III simply because I could do that with 0 cost to him and that was the last one I’ve seen in a while.

The constant in lifecycle starts with those in the business of producing hardware as a need to keep improving products to motivate others to keep spending money.

Let’s assume that INTEL imagines per generation of their processor chips 2-3 generations of pc’s embedded with this tech. Let’s say any mainstream computer producer based on that, plans for a typical office laptop: 3 models, with an average lifespan of 1,5 years each and 1,5 years of support. Let’s assume further that Microsoft plans around it when developing their operating systems, which will allow running of their Office.

In reality, then, we have 3 years cycles for each model. Each Company must here decide what is the best policy for them and choose if they wish to lease or buy. This depends on their own business needs, their own ability to refresh their fleet, and how tightly they need to follow the hardware development. If you’re an engineering firm, or you develop games, your own needs may be slower or faster than vendors’ lifecycles. Thus always thinking ahead is a good policy. The thing here from an accounting perspective is never to write off investments over 5 years if you intend to follow a 3 years cycle, but I assume that it’s pretty clear to everybody by now.

From a financial perspective, if you as a company don’t make enough to upgrade your hardware every 3 years, you could purchase, but then you’re IT has a headache… The thing is Microsoft has a support cycle of their operating systems, which will on one side support certain hardware and software a while, but software that you may need to upgrade more often at some point may not function on this operating system, and now we have a question: Do you follow your lifecycles and plan accordingly?

Let me tell you this: I’ve never yet have worked anywhere, where all lifecycles were taken into account. It did not matter if this was a software or hardware vendor. It did not matter if it was a software developing company or an engineering firm. In addition, it must be said that there’s no single tool that will provide you with all and any aspects of tracking information that pertains to your software or hardware. You either develop, buy or compromise…

Policies, processes, and procedures.

Don’t despair, this is all possible to be done, wisely and responsibly, but this is where we come down to policies, processes, and procedures. The important lesson however is the same as something I really liked being presented on Facebook a while ago. I’ll paraphrase, as I don’t remember it verbatim: “Our company offers good, fast and cheap. But only 2 of these can be applied to any given service or product. Fast and cheap won’t be good, good and cheap won’t be fast, good and fast won’t be cheap.”

Policies are important to have in place, but they need to be scalable, updated ever so often, and adjusted to changing conditions. I’ve seen some policies in effect for 20+ years… They were not effective anymore, and they did more harm than good, but as they were the governance principles, they were as good as written in stone.

Nowadays I keep reading Linkedin articles, and not much later see activities and initiatives implemented in the company. Seems our management teams are also reading Linkedin. The damn thing is, usually collaborators taken most seriously are those with management titles on A, B, and C levels, and while their crystalized message makes sense in general, parts of the message don’t necessarily fit in, in most other organizations. They are adopted nonetheless because of hierarchical thinking and management methods. A behavior referred to as Golden Pony.

It is like with ITIL, it is a framework and most professionals would agree that ITIL is useful. However, when you do implement ITIL you should implement the procedures and best practices and not ITIL the concept for the sake of having ITIL. Taking frameworks literally causes quite often more issues than it solves and as the organization matures over years so doesn’t the interpretation of ITIL, unless someone does monitor and adjust.

What worked on one occasion doesn’t work on other occasions. Trouble is, somehow this is what happens very often anyway, although some or most stakeholders would agree the result won’t be as imagined at discussions.

Another cute thing I like coming from Facebook, or maybe LinkedIn is: We hire smart people to tell us what to do, not to tell them what to do. Sounds like something general Patton would say.

I do not use that phrase to state that I’m a smart person, nor do I mean that I’m not being listened to. I’m stating this because managers consider themselves often as officers do in an army. Men who lead and thus provide what, how, direction, when, and all other aspects of how to get to an end result.

This means that in order for everything to be successful at end result managers imply they know how things are done, and how they should be done from low and high perspectives. They also assume that people working beneath them are able to communicate problems on the way, highlight issues, and generally steer everything as instructed.

Not to mention the biggest pitfall of all, we all assume we are making sense, in the manner we meant it or intended to.

For me, the cold shower was once when as a kid I had an idea and went to the bank to get a loan. The clerk took his time, explained the need for a business plan, budget, market research, and many more things I did not consider prior to the meeting because my idea, in my head made total sense. I guess this is how we speak to one another, not considering how the message will be seen or understood.

I did try, and during the process, I set the idea aside. Simply because I realized what was actually needed to make it a reality while expectations for the end result would surely being in less than the cost of the solution.

So investing time in modeling the solution pays more often than not in averted spend.
This is why virtual R&D is such a huge thing. You can find out the costs of manufacturing before you even build a prototype…

For the same reason building processes and procedures makes sense.

as long anyway as it’s not a process for the sake of having one 😉

Auto-magic and SAM, asked and answered

One of this forums users have asked the other day:

“I have a question regarding automatic un-install of software that is not in use for more than 90 days, if you are practicing that and if yes, could you share info on what type of tool you use, do you inform the end users first before un-installing the the software? “

Firstly, we use Global approach to everything. We are located in many countries and so licensing could become a nightmare.

This is why we are not only registering entitlements (registering is essential for reconciliation though), we actually define and build them into our infrastructure as a system in each “service” case.
We have defined all sites in AD, all locations, all normal types of restrictions and the structure is based on basic limitations of license entitlement: computer/user, site, country, region, or globe.
SCCM and all other systems alike mirror this, which of course more or less corresponds to the information in master data.

Secondly, we have a Global policy corresponding to the situation at hand like Harvesting. Our users know of it and are referred to it when software is removed. Helpdesk can easily do that once it’s in place. There are two versions of it, the main version explaining everything, and the short version, which can easily be provided to users. Additionally functionality in both SCCM and Orchestrator can be used for requesting / provisioning and notifications to some degree. Of course users sometimes don’t remember what happened after the fact, but that’s the case every other Monday and passwords too.

We utilize a tool with CMDB capabilities as front, which presents users with a standard form, allowing them to choose from available software services. We have several such tools as we are transitioning from one main tool to another while tickets also need to be managed somewhere. This tool also contains master data copy which uniquely identifies the user and the service as well as many other things like locations, sites, contracts and much much more.
The “software service” is defined through a service database which allows us with a rather friendly form to define these services in terms of which AD containers they regard, how they are restricted, who approves, what they cost, who possesses knowledge and much more.
This is where definition of the entitlement comes in. Entitlement is translated into a service in implementation. We know what we have purchased, where it is possible to use, how it can be used and so we restrict this usage accordingly and then add the output in this database. When users are requesting a “software” in this database, they are choosing a package which is predefined, pointing to a specific server, or using pooled license information, a cloud service or whatever else. Technically they are choosing a compliant already service or software, defined specifically for them, their location or region, shown only where allowed to be used.

AD allows us to control who has access and who doesn’t. Each add-on or removal is recorded with a stamp of the “request” for that particular service, time and date and other information giving traceability and thus enabling a short process of SOX compliance audits internally.

Each package is named to reflect it’s intended deployment “region”, so are the AD groups used and collections. AppDeployToolkit allows for parsing some messaging to users at install/un-install and functionality allowing user to choose a better moment for any actions.

The rest of the magic happens in SCCM which we utilize heavily.

I’ve drawn here a simple likeness of how this works with both provisioning and harvesting. Each and every step allows for roll-back, un-install, install, update or “otherwise”; allows for targeting of specific groups of users / computers or services.

Every action which we perform when implementing or managing is recorded and at a point translated into an SOP; which is periodically refreshed.

This to ensure everyone, with disregard to their location or specific focus can do anything technically as well as making sure we always do everything the same way.

Every standard has been agreed on and recorded as well. This ensures common way of defining “anything” the same way, according to the same principles making everything reproducible and transparent.

The aim is to reach a level of automation which allows for almost a 0 touch approach to maintaining daily operations and focusing on two items. Implementation on one end and continues service improvement on the other.

That’s what we call SAM 5.0, an almost autonomous, self improving service delivering software, preconfigured, licensed and yet always compliant, my idea of heaven.

New group

In order to keep discussions and sharing separate from the blog, I’ve created a group dedicated to members and topics touched by SAMS Nordic 2019. These posts won’t appear on the blog nor will they be visible to anyone but members of this group. Each must apply on their own though.

Thank you for your understanding.

Best regards

Adam

Errare humanum est, sed in errare perseverare diabolicum

Dear SAM

Seneca (the younger) was expressing in such a way, what we within Software Asset Management would call:

perseverance in inanity.

For me personally, the goal is to enable every manager, no matter how high or low, to see and control software costs. This can be achieved only when:

  1. The software budgets for opex and capital investments are centralized
  2. Necessary mechanisms are implemented to handle all licenses and monitor their usage
  3. A clear cost center plan is implemented
  4. Every investment and cost are monitored centrally and an allocation model for costs supports the cost center plan
  5. Costs are assigned from initial offering to tracking of the assets
  6. Scalable reporting is implemented, to which managers can subscribe dependent on their needs and system possibilities.

Above however will not work as long as finance and accounting persevere in their old ways, won’t evolve with the times and tools, and will not consult Software Asset Management folks in their own organization.

I keep seeing this elsewhere too. We as people seem to be repeating this vicious cycle everywhere we go. We build our silos and try to chase our own visions in spite of the grand plan we are part of. I see this in management where they focus rather on lowering KPI’s than having their teams achieving them. 

I suppose this has to do with how the corporate world and it’s “cultures {for the lack of a better word} is constructed. We are rewarded for achieving budgets, targets, goals, set by someone who has not much idea of what we actually do or even sometimes why. In my mind it seems as a CEO comes with a strategy such as “Save costs”, and every department is to save costs. It is done however without all the departments talking to each other, often with opposite effect, as everyone is chasing their own goals, with disregard how much that breaks within the entire organization.

From a SAM perspective, this makes things slow and difficult.
Let me tell you this though. Once upon a time, I was part of a team, where most individuals worked towards full automation of the above list and made it to what we called SAM 4.5, meaning automated provisioning, settings, and full cost visibility. We had to, because of changes in organization and some acquisitions, regress to SAM 3.0, meaning control of assets alone, but at continuous validations from which we had to regress. It is possible to achieve full control of spendings and investments in regards to software costs. This with a complete disregard to the software service type and its nature.

Most companies seem to be concerned mostly with compliance and governance, while these can be achieved as part above mentioned journey rather with a focus on the development of the services themselves.
So ITIL can help a lot, but it depends on who has read the damn book and what they found in it. Like many books, it contains a lot of distractions.

In other words, it seems companies can’t see the forest for the trees…

Non omne quod nitet aurum est.

Dear SAM

“Non omne quod nitet aurum est.” Chaucer (c. 1374-87), meaning “Not all that shines is gold.” is an old proverb, telling us not everything is as it seems, not everything is as good as we may think, or bad for that matter, I suppose.

Software Asset Management has become slowly an industry. Adverts are flying about, resources are sought. Where are we going with this?

I haven’t seen a “making sense of a software investment” as a chapter in CSAM, ITAM  literature. It seems to me: too much is laid forward to vendors to decide, in terms of what one may need. The problem may be that no one knows what one may need, or?

Continue reading “Non omne quod nitet aurum est.”

Fraus hominum ad perniciem, et integritas ad salutem vocat

Dear SAM, as the saying goes, honesty is the best policy.

I started my career in SAM more than 20 years ago, or rather even before that. Part of my education was programming in various languages, above all methodology of development. Thanks to that I can read almost any syntax in most coding languages, almost as when reading text in a familiar language. I never have become particularly good at development. I lean more towards testing and debugging or coordination in development rather than the deed itself.

Partly to further my education, partly due to curiosity I was testing, all and anything back then. I see software as tools, enabling me (anybody) to do what needs to be done. I can’t draw much by hand, but with the right piece of software I could be a Monet, Picasso, you name it.  Continue reading “Fraus hominum ad perniciem, et integritas ad salutem vocat”