An ITAM / SAM solution is an essential tool to enable businesses to see, understand and manage IT assets and the ever-growing costs of enterprise software – but how do you know if you can trust what the vendor or solution is telling you? If it’s all marketing and sales, with no substance. How can you make sure that your chosen tool isn’t a security concern in itself? And how do define the lines between using technology and essential knowledge and expertise to achieve successful IT asset optimization?
Here’s 4 simple steps we suggest every business should consider:
Step 1 – Check Your solution vendor’s Security Credentials.
The greatest SAM solution in the world could quickly become a nightmare on wheels if it opens up a security vulnerability to your business. No one wants to have that conversation with their CSO and it can be exceedingly difficult to get beneath vendor’s shiny façade’s and really understand who they are and how they operate. Fortunately, there are some serious credentials that will help you qualify which vendors have committed themselves to the scrutiny of external auditors and have proven to have their processes and governance in order. So when considering vendors, look for these recognized standards:
ISO 27001 Information Security Management System
Step 2 – Look for Software Vendor Accreditations
Most software vendors do not formally endorse or ‘recognize’ any SAM solutions, despite there being commonly propagated myths (usually by incentivized resellers and salespeople) that certain tools are automatically accepted or approved.
The most notable exception to the general rule would be Oracle, who do provide a formal verification through their License Management Services (LMS). It’s a fairly exclusive club, which at the time of writing has only seven solutions verified for ‘Oracle Database and Database Options’ and only four solutions verified for both ‘Oracle Database, Database Options & Oracle Fusion Middleware’.
Having been through the verification process we can tell you – it’s a stringent testing process and not easy to become verified, but does mean that ‘Oracle will accept data from any of these tools as an alternative to installing Oracle measurement tools’. For customers, this offers the benefit of far greater insight into their Oracle estate and the benefit of having that visibility sustained – not simply a single snapshot view.
Make no mistake however – in a software vendor audit, you need to make sure that the data you’re using to build your compliance position is accurate and you will need to provide evidence, even with a formally verified solution.
This can work in your favor, such as with IBM sub-capacity licensing where IBM T&C’s determine mandatory use of the proprietary and often cumbersome ILMT tool. These conditions are still in effect, however the valuable outputs of other solutions that offer additional insights alongside ILMT such as Certero for IBM, have been used to achieve more favorable licensing positions for IBM customers.
This use in practice is not a formal toolset endorsement from the vendor, but the resulting evidence has been understood and accepted, to the benefit of the customer. That additional insight would not have been available to a SAM consultant working with just the limited ILMT data. Therefore, understanding these nuances are key to navigating the world of solutions, SAM consultants and the optimal value of each.
Step 3 – See what real-life customers have to say
This is an obvious step that most prospective buyers will look to, however analyst reports are by and large funded by the solution vendors and published case studies obviously only tell half the story.
Some serious issues have washed across the SAM industry recently, including security breaches, broken promises and exposed fundamental gaps in some major solutions that you have to wonder how they’ve even occurred. Shortcomings are never publicized by solution vendors, but they will be aware of them and should tell you the truth, so requesting detail on the metrics and information you need in RFP’s is essential for clarity and documentation.
Conversely, many of the big ‘wins’ vendors achieve cannot be openly publicized either due to NDAs and / or common sense – (who wants to shout about getting out of a $multimillion licensing black hole and draw that kind of heat?!).
Therefore, it’s important to seek out the good and the bad and we’d recommend Gartner’s Peer Insights – real-life, anonymized and in-depth customer experiences, independently verified by Gartner, not vendors. The default view shows you the highest volumes of reviews but it’s easy enough to order the results by quality and directly compare solutions and review the good as well as the bad.
Step 4 - You need knowledge to verify solution outputs
No ITAM/SAM solution is a silver bullet that will do the job for you – no matter how great the accuracy of the inventory or the automation and intelligence applied to data; you still need the knowledge and skills to verify and use them. SAM solutions should however, remove a vast amount of laborious manual data processing and complexity if you understand them and the additional insight will translate to cost savings as well as greater operational efficiency and more secure decision making.
This is precisely where prospective buyers may find themselves in a cross-fire between the shiny solution salespeople over-promising what technology can do, versus the battle-hardened, traditional SAM consultants who have a deep mistrust of all toolsets (and often get all misty-eyed at the sight of a giant Excel spreadsheet).
In fairness to the consultants – they know what it takes to pick up the pieces when a SAM tool has been grossly mis-sold and an unrealistic expectation set to the business. Whether they’re internal or external, their knowledge and expertise are absolutely critical to the success of the SAM program.
So, how can you make sure that you will be able to understand, use and trust the power of your SAM solution? Consider these steps:
- Thoroughly test it – all good vendors should offer a proof of value exercise. During this process, make sure that your tests include verifying the accuracy of data outputs. For example – can you correctly identify of Core factors? Can you recognize versions and editions of SQL? Is your Software Recognition correct? Are you able to import license entitlement data cleanly?
- Use it to deliver a business outcome – sometimes issues only become apparent when using a solution in anger. Therefore, if for example your goal is to generate an ELP to get in an informed and beneficial position to negotiate a new contract, why not bring in external assistance to achieve that goal as a service?
This will cement-in the solution to your environment and ensure business value is attained ahead of any larger procurement decision. And with the sheer efficiency with which modern SaaS-delivered ITAM/SAM platforms can be provisioned and the common-sense Technology-Led Services approach of vendors like Certero who provide both the technology and any services expertise / resources you may need, it’s not the painful and expensive months-long implementation project that it once was to bring a new ITAM / SAM solution on-line.
- Understand the limits of your resources and expertise – You want value at the end of the day and the scale and scope of managing devices and enterprise software is expanding exponentially. So, your solution(s) need to be as dynamic as the demand.
You can unify the management of all of these different assets through a single platform solution, which will revolutionize a multitude of processes through the speed and efficiency with which users can access information they need when they need it – from a single, centralized information source.
It is important to also recognize where skills and people’s time are becoming over-stretched. Managing growing Cloud costs is a good example, with an industry-wide Cloud skills shortage at present and varying degrees of maturity with which organizations manage hybrid environments. The answer here could be to evolve the Cloud-first philosophy of ‘turning on’ resources as business requires, to ‘turning on expertise’ as well.
A recent Gartner forecast on IT spending indicated that the UK is more comfortable than other regions with this approach, turning to external services for support to achieve rapid business benefit. It is through trusted partnerships with the right vendors – those that are synonymous with delivering value from your technology investment and not just doggedly insistent on doing their own thing, that the real advantages of a unified technology and unified services experience can be captured.
Experience shows that it’s not just considering what solutions can do, but also understanding how those vendors operate and address challenges that can make all the difference. Selecting a solution is entering into a new strategic partnership with the vendor, and so performing due diligence and acquiring non-subjective evidence of capability where possible, should be an essential part of the selection process.
Beyond formal accreditations, be mindful of the web of commercial relationships and incentives when seeking impartial advice. There really is no better proclamation of truth than the user community, and so finding anonymized, none-incentivised real-life customer experiences that allows for vendors to be easily compared and contrasted, offers invaluable strategic insight.
If you’re looking to invest in an ITAM /SAM solution and vendor you can trust, contact Certero today.
Follow us on Linkedin for more Cloud
Read more like this from