Software audits: What can go wrong – 1?

8 Feb 2017 | SAM/SLO

As software audits are on the rise now is the time to prepare your company for its next audit. Studies have revealed that more than 50% of companies have encountered software audits within the past two years with Microsoft, Oracle, SAP, and IBM being the most likely auditors.

Inaccurate discovery & inventory

Over the next few weeks we will be running on series of blog articles on the factors that can cause you problems when you are on the receiving end of a software vendor audit. The first one looks at inaccurate discovery and inventory.

The old adage ‘if you can’t measure it you can’t manage it’ has never been more true than with your IT assets. If you do not have an accurate and up-to-date picture of your IT assets, how will you know what software you have installed and need licenses for?

No control over downloads

With most volume licensing agreements now allowing for easy and fast download of all a vendor’s software titles, you can very quickly find yourself in the position of not knowing what is where. Additionally, some vendor’s software, like Oracle’s, will install with options switched on or management packs enabled that you may not be aware of. Subsequent use of these, whether accidental or deliberate, will mean you have to pay for them. When the audit comes around, this will quickly become apparent and the true-up invoice will shortly follow.

To prevent this situation from occurring in the first place, to discover what software is installed, most software asset management (SAM) tools require the installation of an agent on a device. However, this means you need to know that the device actually exists in the first place. Many SAM tools take a feed from Microsoft Active Directory (AD) and accept this as the definitive list of devices on which to install their agent.

AD alone is not the answer

The fact is, AD is not comprehensive. For example, it does not pick up things like Linux/UNIX boxes, DMZ, Macs or anything in a workgroup or other domain. So, in such instances, you will not have a complete view of everything. For most organizations we estimate that this leaves around 20% or so of your IT assets where the software will not be being properly inventoried because its host device has not had an agent installed in the first place.

Also for AD, keeping it up-to-date is a major and ongoing task with regular leavers and new starters. For a larger organization with many thousands of AD Objects spread regionally or even globally, the chances of it being up-to-date are slim. This means that your AD listing will give you both an incomplete and inaccurate view of your IT assets and so your subsequent software inventory will be similarly inaccurate and incomplete.

What is required to overcome this problem, and ensure an accurate and up-to-date inventory of all your IT assets? A multi-layered approach that utilizes things like your AD listing and cross references it against independent scans of your IT environment using multiple scans and connectors. This will provide in-depth information of not just your software licenses, but all IT assets across your network.

Find out more about how AssetStudio for Enterprise SAM can help overcome this problem or if you would like help with Vendor Audit Response.


Submit a Comment

Your email address will not be published. Required fields are marked *