How Homeland Security Does Software Asset Management
If you think implementing change at your organization is tough, trying working for the federal government.
Prentice Norman, Chief of Strategic Vendor Management for the U.S. Department of Homeland Security, has learned how to drive software compliance objectives throughout his organization without catching ire from the "this is how we've always done it" camp. His top three tips can help any software asset management officer achieve his or her goals more effectively.
"There are three major things to have a successful SAM road map: executive buy in, funding, and a policy," says Norman, who is leading a 2015 IBSMA SAM Summit session about crafting a road map to effective SAM on June 8 in Chicago.
"On the surface, people understand, 'Yeah we should be doing it, we could save some money.' It makes sense to them, but people don't really get how much money you could potentially avoid spending if you do it right," says Norman.
1. Executive leadership. As Norman reminds the private sector, "A road map doesn't mean anything if leadership doesn't sign off on it."
The first step to a successful SAM road map is making sure your executive team understands the importance of SAM and supports the program. Getting that support depends on your organization, says Norman. If you work in a reactionary environment, you might not get the buy-in on a SAM program until something catastrophic—like a staggeringly expensive audit—happens.
2. Funding. You need to have money to move forward, to pay for people, process, and technology. Obviously, your executive team needs to back up their support with a budget.
"It takes time and energy and some amount of resources to put together a business case," warns Norman. "People don't realize there is going to be some maturity involved, and [the SAM program] is not going to happen overnight."
3. Policy. Norman emphasizes that "this lets the organization know that changes are going to occur. This includes the legal department, HR, and a billion other things."
Build a policy around your SAM program that includes everyone in your organization and all of the software that employees use. Spare nothing or no one. Otherwise, warns Norman, "You may end up paying millions of dollars to vendors."
When software asset management is properly planned through a SAM roadmap, you know the contracts you've signed with your vendors, you have a plan in place to manage both the contracts and the software, you can easily discover if you need to buy additional licenses, and you understand the compliance requirements of the underlying software installed on your hardware.
From Norman's perspective as a member of Homeland Security, the most important aspect of a SAM roadmap is the award of the software maintenance contracts. It allows him to ensure the security and the compliance of all of his departments' systems.
"Without that maintenance contract in place, the vendors can say, 'You owe us money [for upgrades and patches]. Once we get our money, then you'll get access to what you need.' Until then, they're not obligated to give us anything," says Norman.
Norman holds several IT certifications, including CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), and ITIL v3 (Information Technology Infrastructure Library vS). To learn more about his hard-won insight into creating a roadmap to effective SAM, join us for his June 8 session at the 2015 SAM Summit in Chicago.
View the full 60-plus session agenda including the new Microsoft Track at SAMSummit.com.
Additional reporting by Leslie T. O'Neill
Photo: 2014 SAM Summit attendees by Patrick T. Power Photography
Published by ECP Media LC
P.O. Box 1549 |
Ann Arbor, Michigan 48106-1549 U.S.A.
Office and fax: 1.734.930.1925
ECP articles are provided to IBSMA by arrangement with ECPweb.com.
This publication is designed to provide accurate and authoritative
information regarding the subject matter. Neither the publisher nor the
author(s) is offering legal, accounting or tax advice. Although care has
been exercised and every attempt made to verify the information in this
publication, neither the publisher nor the author(s) is responsible for
errors or omissions. Neither the publisher nor the author(s) is
affiliated with nor endorsed by any organization listed here or by any
subsidiary company. Trademarks are the property of their respective
owners. ITIL® is a registered trademark of the United Kingdom's Office
of Government Commerce. The Certified by ECPweb.com logo is a licensed
trademark of ECP Media. The publication may be printed for personal use.
The publication MAY NOT be printed for distribution in a public or
private venue (i.e., conferences, trade shows, direct mailing, etc.).
© 2015 ECP Media LC (ECPweb.com) No part of this publication may be
reproduced, stored in or introduced into a retrieval system, or
transmitted in any form, or by any means (electronic, mechanical,
photocopied, recorded or other) without the prior written permission of
both the copyright owner and the publisher.
IT IS ILLEGAL TO DISTRIBUTE OR RESELL THIS PUBLICATION IN ANY FORM
WITHOUT THE EXPRESS WRITTEN CONSENT OF THE PUBLISHER. THIS PUBLICATION
IS LICENSED FOR PERSONAL USE. IN ADDITION TO LEGAL ACTION, THE ORIGINAL
PURCHASER MAY BE CHARGED FOR ALL ILLEGAL COPIES.