December 17, 2008, 9:57 AM — It’s all over the news—the IT news at least—Microsoft Internet Explorer (IE) is under attack. The patch, which Microsoft will issue today, should fix the bug. But what if your patch doesn’t come? What if you unwittingly (or wittingly) bought a pirated version of one of the numerous Microsoft Windows or Office products and now you don’t have any maintenance rights, which means no security patch? Even worse, what if employees at your company are using unlicensed versions? Now, that’s a big and potentially expensive problem. One compromised computer in the company network and that’s it. Sure, an underground version of the patch will surface, but how long will that take? And do you really want to go down that path?
The list of horror what-ifs doesn’t end here, either. What if you have no idea how many licenses your company has actually purchased or even where they in reality all are? Although a good 99.99% of enterprises have an IT asset management program in place, probably with a few different discovery tools, unless you have a very intelligent software recognition system, there are almost certainly licenses floating around that are unnamed (they don’t have a software product associated to them) or incorrectly categorized (wrong product family). If this is the case, how can you be sure that every user in the corporation who has the “rights†to run IE is, in fact, actually licensed and will legally receive the security patch?
It’s a truth that many IT managers have to come to terms with. Having a discovery tool to populate a software inventory (physical installations) and a license inventory is not enough for complete, reliable software license management. What seems like common sense is often overlooked in software asset management: knowing exactly where the physical license entitlements are stored, or more likely in an enterprise, where the volume licensing agreements are located. It helps to have a software license management tool that allows you to scan the original copies and link them to the individual licenses as well as record where the hard copy is stored. But that’s just a tini-tiny part of the solution.
My example scenario above is quite extreme and unlikely, but it makes an important point, namely that software license management is much, much more than simply ensuring compliance. In effect, we need to stop focusing on where the software is installed and start concentrating on the license rights—the actual entitlements themselves. This is what makes a software license management system valuable.
A whole new world opens up when we implement tools that are license-centric. For one, process automation becomes the name of the game, significantly improving data quality (read my post on catalog based software license management tools). Take it one step further, and a solution, like Aspera SmartTrack, can recognize the differences between volume license agreement types, such as the points pooling of Microsoft Select, the inherited rights of SA under Microsoft Enterprise Agreements, and so on. In other words, the rights that come specially with volume licensing can be atomically tied to the individual licenses purchased in the master agreement, allowing you to effectively manage enterprise software assets.
This is the first important step towards holistic software asset management. Without risking going on and on about the other elements of software license management, such as metering tools, cost allocation, procurement, virtualization, etc. and talking the subject to death, let’s start with baby steps. 2009 will be here soon and with the economy limping along like it is it’s time to put “Stop working with an incomplete license management system†on your New Year’s resolutions list and start thinking about how you can save your company the hassle and costs that come with poor software asset management.
