Outsourcing & SAM Challenges
Outsourcing certain parts of the IT estate is becoming a common trend within organizations of all shapes and sizes. In some cases, an organization will even outsource the whole of their IT estate.
Personally, I have seen both ends of the spectrum. Organizations that successfully outsource some of their IT infrastructure build a strong working relationship with the third party, working together to achieve the overall goals and objectives of the organization.
I’ve also seen cases where an organization outsources their Software Asset Management department to a third party – only for them to totally mess up their license compliance and mishandle their software contracts.
There is also a misconception that if you outsource parts of your IT that you don’t need SAM, or that if you outsource SAM you are also outsourcing your risks. This is not the case – let me explain why.
WHY OUTSOURCE?
In my experience, there are a number of reasons as to why organizations decide to outsource parts of their IT infrastructure. Lack of internal skill sets or resources can sometimes lead organizations to outsource particular tasks. This makes sense – if you do not have the internal knowledge or resources and have no plans to introduce such a person, then why not use an experienced external company or professional?
Also, organizations see outsourcing as a good way of making sure something is done correctly – making certain internal challenges go away! A prime example of this working well would be if an organization wanted extra expertise on certain software vendors licensing model. If you have an Oracle audit coming up or you simply want to get your Oracle estate in order, then finding a dedicated Oracle third party to help you will likely result in better management of Oracle licenses.
They have the experience and expertise in order to optimize your Oracle licenses and contracts, and will also help identify where your biggest risks are. While this kind of outsourcing can be expensive in terms of hourly rate or day rate, the amount of financial avoidance or hard cost savings should greatly outweigh the third party’s price.
RISKS
No matter what part of your IT infrastructure you outsource, you will never be able to outsource your software licensing risks. Another point is that outsourcing parts of your IT does not mean that you no longer have to manage your software assets. You most certainly do!
For example, you could outsource your IT Service Desk. This means that the third party will essentially be your organization’s first, second and third line support. Outsourcing that part of your IT infrastructure does not all of a sudden remove the software licensing risks within your organization – if anything it makes the governance of your software assets even more important.
Without SAM you will not be able to track what software they are installing on people’s machines, what your install base looks like and if they are downloading or installing software for an unapproved source (such as a torrent). Having a SAM team in place and a SAM technology will help ensure that your organization remains in control of all software assets, even if you do not have control of your IT Service Desk.
OUTSOURCING SAM?
If you do decide to outsource your Software Asset Management function, then there are a number of considerations to keep in mind. You need to understand what you want the outsourcer to do and manage, and what your expectations are. I’ve see it happen far too many times when an organization outsources their SAM or license management function and expects millions in savings and 100 percent compliance within the first few months!
Does the third party have an effective SAM managed services offering based on established processes and a proven SAM technology platform? Do they know what they are doing with complex licensing structures? The assumption is that a SAM based third party must have the best knowledge of Software Asset Management and software licensing as possible – that is their job after all. Conduct regular spot checks or your own internal audits to ensure that they are doing a good job of managing your software assets.
You need to clearly define the expectations of the third party at the beginning of the agreement so there are no crossed wires. This is vitally important when it comes to software audits. How will they respond in the event of an audit? How do you validate SAM data from the outsourcer?
I have seen two extremes to this answer; the first being that the outsourcer runs away and doesn’t help contribute during the audit (not very helpful!). The second is when they act as if they are part of the company, and the audit affects them as much as it does the organization. Needless to say, those organizations with the second type of outsourcer were the much happier customer.
No matter what the third party’s response to the audit will be, you need to ensure that you understand your risks and data – even if you haven’t been working on the SAM project. The risk will lie at the feet of the organization, so you need to collaborate with your outsourcer in order to understand what risks there are and what the data actually means. Handing over data that you do not understand to auditors is a massive no-no.
I also suggest you validate the data yourself, just to double check that the data is accurate and represents your organization. It may be the case that there is a small inaccuracy with the outsourcers data that could cost your organization a lot of money. Triple check your data if you have to – as long as you understand it and are comfortable fighting your corner.
MANAGING THE RELATIONSHIP
Regardless of what part of the IT Infrastructure you outsource, the organization still needs to manage the relationship with the third party. I suggest you make this the responsibility of your Vendor Management team (if you have one) or assign a specific user to be the point of contact for anything related to the outsourced service.
This is where you need regular updates on what service they are providing, and whether or not it has an impact on Software Asset Management. Changes within IT can have a large and costly impact on SAM or software compliance, so you need complete visibility on what changes are being made and how that will impact your SAM function.
I suggest you ask for regular reports from your outsources on what they are working on and future plans. I’ve seen customers also arrange regular calls for an update or overview so that all key stakeholders are informed of any changes.
Remember – outsourcing any part of your IT infrastructure means you are putting your faith and trust in other people to perform a role on behalf of your organization. Whilst you can outsource the work, you can’t outsource any legal risks – especially with your software licenses.
If you are looking to outsource your Software Asset Management function, then have a look at Snow’s accredited partners.