Traditional software asset management is no longer good enough – and the cloud is to blame for it
If traditional software asset management solutions were to go to school and had to undergo a PISA test, they wouldn’t have a chance, because they are not able to master the new and increasingly important “cloud” subject.
More than 70 percent of businesses with 500 and more employees are already using cloud solutions. In the wake of significant cloud growth rates and according to Gartner, by 2017, employees in 75 percent of organizations will use SaaS applications without the company’s authorization and control. Obviously, companies are facing major cloud challenges and it would be highly dangerous to slacken the reins.
Managing the mixed log-in salad
While it is highly comfortable for users to work with software from the Internet, we should not ignore related disadvantages. Users’ browser access is not based on single sign-on, which means that users need to know the log-in credentials for each SaaS application and must manage a variety of Internet addresses, user names and passwords. The company’s IT support team is often not able to help in case of problems. Since access to the respective software is individualized and not controlled and authorized by the corporate IT department, such approach bears many hidden risks such as potential breaches of contract or privacy infringements.
Nearly as easy as buying pencils
IT, on the other hand, is facing challenges related to the fact that buying SaaS applications is nearly as easy as buying pencils. Users from the lines of business do not need any IT know-how to engage in contractual obligations with a provider and get access to an application. Once such access is available, they map their own processes and information, bypassing corporate standard software procurement processes. This might be an issue for the help desk, since the IT department is expected to provide support in any case when problems occur.
Compliance, privacy, cost risks
However, governance and compliance issues constitute the most serious problems by far. How can the company ensure compliance with privacy regulations for cloud-hosted applications? To be able to do so, it must know where the data are stored and located and must check whether the application is used in compliance with contractual terms and conditions.
The audit risk is underestimated
Many companies think that SaaS applications do not cause any underlicensing problems, but unfortunately, they are wrong. The software is operated by the vendor, who therefore has a clear overview of how the application is used, which enables him to detect any misuse immediately – for instance, a personalized access that is shared with colleagues. Market research company Gartner positions Google among the top-10 software vendors that conduct respective audits. Companies that work with a subscription-based SaaS solution must expect the software vendor to visit the company to engage in discussions about the compliant usage of their software, and respective audits bear significant financial risks for the company.
SaaS is changing software asset management
This situation has a serious impact on software asset management (SAM) and license management. The cloud shifts SAM requirements away from simply counting installed applications towards controlling and measuring the actual usage. Cloud computing requires a usage-based analysis to generate cost optimization potentials, prevent any misuse and avoid financial risks.
Traditional SAM tools will become useless
As a result, Gartner expects traditional SAM tools to become useless within the next three years, because they are not able to meet the majority of requirements related to the significantly increased degree of cloud adoption! A SAM tool that is able to master the SaaS universe consists of three elements:
- Integration of an identity & access management solution
Effective control is only possible through “encapsulated” access to SaaS applications, which means that the user does not know, need not know and must not know his own password. Users benefit from such approach, because they need not remember all sorts of log-in credentials and can use applications in compliance with respective company policies. The company also enjoys certain benefits, because shadow structures are avoided and because the company is able to control and ensure cloud-based software usage in compliance with respective contracts, while being provided up-to-date information on how often which licenses are used and which licenses are not used at all, therefore generating unnecessary cost.
- Automated account provisioning
Encapsulated integration with the benefits described above is only possible through automated access provisioning. Manual integration would be time- and cost-intense, completely inefficient and error-prone. Automation comprises the configuration of the SaaS user account, including password and browser access, and also the provision of the mobile app which is normally supplied by the SaaS provider for smartphones and tablets; these devices use the same access and must be preconfigured accordingly.
- Centralized application portal, reports and dashboards
Users should be offered all SaaS applications from within a centralized application portal, their “start menu” for the cloud. This way, the users will always know where to find their applications. Cost owners, on the other hand, benefit from centralized analysis options with metrics and usage profiles that can be used to optimize respective contracts.
Cloud-based applications have caused a profound and alarming change of paradigms for all companies that have not implemented a SAM solution yet as well as for those companies that are actively managing their licenses already; after all, the cloud puts both processes and tools in use to test!
It is imperative that the IT department takes the reins, identifies SaaS solutions within the company, sets up processes, provides an overview of contracts and also supplies users easy access to applications in compliance with license and security regulations and policies, generating respective benefits for users, the IT organization and the whole company, thereby successfully passing the “Cloud PISA Test”.