When It Comes to SAM Standards, More Isn't Better (Apr. 30, '13)

When It Comes to SAM Standards, More Isn't Better

Return to News & Media



Terms of use

When It Comes to SAM Standards, More Isn't Better

By Steven Russman

Today's published SAM standards have their origin in the year 2000 frenzy, when license models based on the number of PCs and servers were the norm. Nowadays, however, the norms are virtual PCs and storage systems, public and private clouds, iPads and smart phones in the corporate workplace, viruses and IT security breaches and multi-metric licensing models. And SAM requirements also have changed as organizations mature and SAM tools improve and automate real-life license management challenges. SAM standards can help, but the market needs norms and guidelines that also cover these promising new areas, and, more important, organizations need standards that they will adopt and use.

What makes a standard successful?
ISO Working Group 21 (WG 21) claims its published standards, 19770-1 and 19770-2, are widely adopted. Solid sales of the standards, best-practice guides, positive press and continued development work are all indicators of some success, but low adoption rates—certifications and use (or application) of the standard in a commercial or government entity—reveal a different view.

Since 2006 only two organizations have been certified as having high-functioning SAM processes according to 19770-1. Vodafone in the Czech Republic says it's certified and Business Software Alliance in India says one company was certified under its proprietary program. Many more organizations could be certified, but won't invest the time and money such programs require. Adoption of 19770-2 is not much better. Since 2009 the number of software publishers producing 19770-2 software identification tags may be as many as seven while the total number of products shipping with tags might top 200. This is hardly a success when the universe of software titles, new and old, numbers in the tens of thousands.

The quantity of 19770 standards sold is only an indicator of interest and doesn't prove a standard is either adopted or implemented or even influential. IBSMA has sold many copies of ISO/IEC 19770-1 with its Definitive Guide to SAM Assessment, self-assessment tool, and for each student of IBSMA's SAM processes assessment course. Penetration is high for the narrow market these products serve (the top 300 global corporations), but the market for SAM standards is limited among small and medium-size businesses. Microsoft, an early contributor to 19770-1, adapted elements of the standard into its SAM Optimization Model (but is not required to include a copy of the standard with the model), which it promotes to its customer base.

At first, expectations were high for new products, services and benefits in the form of standards-based tools and software identification tags, but five-plus years later hope and optimism have dwindled because there is little to show for the effort. To be fair, the 2012 update of 19770-1 brought updated criteria to make it easier, in theory, for an organization to be certified. What it didn't do was provide, nor could it, the business justification for an organization to undertake a certification initiative. Everyone knows that certification is driven by business need or government regulation—to name two motivations—and that no organization undertakes certification unless it has to. That's not to say the situation won't change, however there doesn't seem to be any new motivator or incentive on the horizon.

The outlook in not promising for software publishers adopting 19770-2 software identification tags. True, there are several companies (IBM, Microsoft and Symantec) that are retooling production processes to add standardized identification tags. But the effort will address future products and is slow in coming. IBM, which recently announced support for 19770-2 tags, says it's part of a larger initiative and product revamp that will begin in early 2014. But even more disheartening is the fact that today's hot technologies, including cloud computing, virtualization, iPads, mobile-user devices and smart phones, cannot use these tags. There is a bright spot, however, and it is the emergence of software identification tags as an aid in cyber security, and this area shows promise.

Meeting the challenges of changing technology
The working group has an ambitious and sprawling development and research agenda that includes SAM vocabulary, tag management, mapping to industry best practice guides, guidelines for SAM in small organizations, alignment of 19770-1 with 20000-1, tagging terminology and architecture and application of software identification tags for usage tracking and cyber security, plus launching new liaisons and alliances. The group is also hoping to finish the much-anticipated 19770-3 standard for software entitlement tags, now in its second one-year extension and under the threat of cancellation if progress isn't made soon. Cancellation of this project would be a blow to the software identification tag movement.

Clearly the working group is stretching limited resources across too many projects. After all, this group is made up of volunteer members with full-time jobs. Considering the ambitious list of tasks they have undertaken, the group risks losing control and focus. One solution could be to focus on the projects with the best chances for success. But when success is measured by the actual adoption of norms and guidelines, today's SAM standards come up short. How will the group decide?

The working group's plan is timely and relevant, but the real question is does it meet the challenges of changing technology and shifting user requirements and, most notably, have buy-in from enough stakeholders to guarantee adoption by a critical mass of software companies and end users? And are the development plans grounded in use cases supported by end users, software publishers and service providers?

Next steps
To help determine the right direction, the working group wisely launched a survey (see https://www.surveymonkey.com/s/SAMEndUser for end users and https://www.surveymonkey.com/s/SAMVendor for SAM vendors) and you should offer your input. No survey can guarantee success, but if WG 21 uses the results to prioritize its agenda and focus on initiatives in promising new areas—areas ripe for standards that organizations will actually adopt—the chances for success are greatly improved. We don't need more SAM standards, we need the right standards.


Note: See  http://www.vodafone.cz/en/about-vodafone/press-releases/message-detail/vodafone-podporuje-legalni-software/ for information about Vodafone and http://csso.bsa.org/Case-Study.aspx for information about Business Software Alliance.


Steven Russman is the founder and executive director of the International Business Software Managers Association and publisher of ECPweb. He is an author of more than 100 articles and reports on software asset management, tools assessment and industry trends, and a frequent presenter at industry conferences and seminars including IBSMA’s annual SAM Summit.

Mr. Russman represents IBSMA and North American software license management professionals to national and international organizations including ISO, the IT Service Management Forum (itSMF) and the United States’ JTC1/SC7 Technical Advisory Group (TAG). He has led the development of SAM standards and industry initiatives supporting education and advancement of IT and software asset management.

Published by ECP Media LC
P.O. Box 1549 | Ann Arbor, Michigan 48106-1549 U.S.A.
ECPweb.com | Office and fax: 1.734.930.1925

ECP articles are provided to IBSMA by arrangement with ECPweb.com.

Terms of use

This publication is designed to provide accurate and authoritative information regarding the subject matter. Neither the publisher nor the author(s) is offering legal, accounting or tax advice. Although care has been exercised and every attempt made to verify the information in this publication, neither the publisher nor the author(s) is responsible for errors or omissions. Neither the publisher nor the author(s) is affiliated with nor endorsed by any organization listed here or by any subsidiary company. Trademarks are the property of their respective owners. ITIL® is a registered trademark of the United Kingdom's Office of Government Commerce. The Certified by ECPweb.com logo is a licensed trademark of ECP Media. The publication may be printed for personal use. The publication MAY NOT be printed for distribution in a public or private venue (i.e., conferences, trade shows, direct mailing, etc.).

© 2013 ECP Media LC (ECPweb.com) No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, or by any means (electronic, mechanical, photocopied, recorded or other) without the prior written permission of both the copyright owner and the publisher.