How Homeland Security Does Software Asset Management (April 29, '15)

Return to News & Media


Terms of use

SAMSummit Audience 2014

How Homeland Security Does Software Asset Management

If you think implementing change at your organization is tough, trying working for the federal government.

Prentice Norman, Chief of Strategic Vendor Management for the U.S. Department of Homeland Security, has learned how to drive software compliance objectives throughout his organization without catching ire from the "this is how we've always done it" camp. His top three tips can help any software asset management officer achieve his or her goals more effectively.  

"There are three major things to have a successful SAM road map: executive buy in, funding, and a policy," says Norman, who is leading a 2015 IBSMA SAM Summit session about crafting a road map to effective SAM on June 8 in Chicago.

"On the surface, people understand, 'Yeah we should be doing it, we could save some money.' It makes sense to them, but people don't really get how much money you could potentially avoid spending if you do it right," says Norman.  

1. Executive leadership. As Norman reminds the private sector, "A road map doesn't mean anything if leadership doesn't sign off on it."

The first step to a successful SAM road map is making sure your executive team understands the importance of SAM and supports the program. Getting that support depends on your organization, says Norman. If you work in a reactionary environment, you might not get the buy-in on a SAM program until something catastrophic—like a staggeringly expensive audit—happens.

2. Funding. You need to have money to move forward, to pay for people, process, and technology. Obviously, your executive team needs to back up their support with a budget.

"It takes time and energy and some amount of resources to put together a business case," warns Norman. "People don't realize there is going to be some maturity involved, and [the SAM program] is not going to happen overnight."

3. Policy. Norman emphasizes that "this lets the organization know that changes are going to occur. This includes the legal department, HR, and a billion other things."

Build a policy around your SAM program that includes everyone in your organization and all of the software that employees use. Spare nothing or no one. Otherwise, warns Norman, "You may end up paying millions of dollars to vendors."

When software asset management is properly planned through a SAM roadmap, you know the contracts you've signed with your vendors, you have a plan in place to manage both the contracts and the software, you can easily discover if you need to buy additional licenses, and you understand the compliance requirements of the underlying software installed on your hardware.

From Norman's perspective as a member of Homeland Security, the most important aspect of a SAM roadmap is the award of the software maintenance contracts. It allows him to ensure the security and the compliance of all of his departments' systems.

"Without that maintenance contract in place, the vendors can say, 'You owe us money [for upgrades and patches]. Once we get our money, then you'll get access to what you need.' Until then, they're not obligated to give us anything," says Norman.

Norman holds several IT certifications, including CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), and ITIL v3 (Information Technology Infrastructure Library vS).  To learn more about his hard-won insight into creating a roadmap to effective SAM, join us for his June 8 session at the 2015 SAM Summit in Chicago.

View the full 60-plus session agenda including the new Microsoft Track at

Additional reporting by Leslie T. O'Neill

Photo: 2014 SAM Summit attendees by Patrick T. Power Photography

Published by ECP Media LC
P.O. Box 1549 | Ann Arbor, Michigan 48106-1549 U.S.A. | Office and fax: 1.734.930.1925

ECP articles are provided to IBSMA by arrangement with

Terms of use

This publication is designed to provide accurate and authoritative information regarding the subject matter. Neither the publisher nor the author(s) is offering legal, accounting or tax advice. Although care has been exercised and every attempt made to verify the information in this publication, neither the publisher nor the author(s) is responsible for errors or omissions. Neither the publisher nor the author(s) is affiliated with nor endorsed by any organization listed here or by any subsidiary company. Trademarks are the property of their respective owners. ITIL® is a registered trademark of the United Kingdom's Office of Government Commerce. The Certified by logo is a licensed trademark of ECP Media. The publication may be printed for personal use. The publication MAY NOT be printed for distribution in a public or private venue (i.e., conferences, trade shows, direct mailing, etc.).

© 2015 ECP Media LC ( No part of this publication may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form, or by any means (electronic, mechanical, photocopied, recorded or other) without the prior written permission of both the copyright owner and the publisher.