Sunday, November 11, 2012

The Most Comprehensive SCCA & SAM Certifications in the Industry!

The Institute for Technology Asset Management is proud to announce the introduction of the most comprehensive professional development training in the industry. The new SCCA & SAM certifications are based on direct input from our member practitioners & supplemented by the guidance of business & academic training experts. 

Based upon, but not constrained by, such industry standard practices as ITil, COSO, COBIT, PMI, & ISO,* The Institute programs reach across the entire range of individual competencies, infrastructure capabilities, industries, & global cultures to deliver scalable common sense ITAM value to any enterprise - And we do it through training practitioners to genuinely perform the work necessary to get the job done.

The Institute's unique Software & Copyright Compliance Assurance Certification (SCCA) provides practitioners with the only evolutionary program that is founded on initiating a SAM framework via ensuring that the enterprise becomes & remains as compliant as possible with local & global software license & copyright requirements.

The Institute's Software Asset Management Certification (SAM) delivers significantly more real world competencies & training experience to practitioners than ever before in the industry.

Each of these certification programs also distinguishes itself by being the first in the industry to be founded upon open source standards as documented in the Institute's cost-effective "Guide to the Technology Asset Management Body of Knowledge" - TAMBOK (Available HERE). Credential candidates & credential holders need no longer be tied down to proprietary training programs delivered by sole-source providers. Via The Institute's certification programming, practitioners can now attend an enormous range of local training sessions & apply the knowledge directly to their upcoming or ongoing certifications.

Both the SCCA & SAM programs are also unique in that they are delivered entirely online via an on demand Learning Management System. This means that you do not spend unnecessary time & money in traveling to the basics. Instead, you'll cover substantially more information in the same amount of time & at less cost than competitive certification programs.
Take a look at the next generation of SCCA & SAM Certifications in the Overview below.  Merely click the arrows to move forward or back. Or, to automate the session, click on the drop down timer at the bottom right of the small video screen. Once you start, you are also free to maximize the screen (press escape to end at any time.):
 


As a non-profit educational community of practitioners in the technology (IT) asset management fields, The Institute is dedicated to providing the most comprehensive knowledge possible to the widest range of people & enterprises around the globe.


*ITil, COSO, COBIT, & ISO are registered trademarks of their respective organizations. The Institute does not have any formal relationship with these organizations.

Wednesday, November 7, 2012

A Software License Is NOT a Software License

I just read an excellent post on the ITAM Review. It's entitled "Oracle Customer Has Licensing Meltdown" and is located HERE.  Please take time to look it over. Both Martin & the original author have excellent points - points about software licensing issues that we continue to encounter yet never effectively address in the real world.
Software License Terms & Conditions Can Be Changed By The Licensor At Any Time & Without Directly Notifying You.
The key problem is this: As business technology consumers, specifically software consumers, we do not effectively negotiate our licenses. If we did, then we'd actually have to read the license. Having read a software license, and actually understood the inherent instability of the agreement, any sane negotiator would - or rather should - dump the product & the supplier right out of the supply chain and move on to their BATNA.

Instead, we either fail to read the license; or we do not understand what we're reading; or we assume that the copyright holder won't actually enforce the terms; or we treat the acquisition the same as a crack junky desperate for their latest fix - purchasing without regard to future problems.

Here's the bottom line: If you see a clause in a license that looks like this -
Modifications To This Agreement
"We reserve the right, at our sole discretion, to change, modify or otherwise alter these terms and conditions at any time. You can find the most recent version of these terms and conditions on the Site, with the date of last modification noted above. Such modifications shall become effective immediately upon the posting thereof. Therefore, we encourage you to check the date of our terms and conditions whenever you visit this Site to check if they have been updated. You must review this agreement on a regular basis to keep yourself apprised of any changes. If you do not agree to the revised terms and conditions, your sole recourse is to immediately stop all use of the Services. Your continued use of the Services following the posting of modifications will constitute your acceptance of the revised terms and conditions."
It means you do not have stability relating to your existing license terms. This basic wording will show up in your original license as well as contract renewals, updates, upgrades, (even patches) so look for it BEFORE installing. Once you have activated the license by installing (or even accessing) the product, you are stuck with the new terms.

Keep in mind that each of these license agreements also includes a "Right to Audit" clause that will be enforced by the licensor. During that audit, you will be responsible for conforming to the CURRENT terms & conditions for each product. If you are not up to speed on those changes, the auditors don't particularly care. You will pay the fines & penalties for being out of compliance.

Sunday, October 28, 2012

Software License & Copyright Compliance Assurance Quiz – It’s FREE!


Do you have questions about the ins & outs of software license compliance audits? Are you concerned that you may not be prepared to counter a software license audit, or a copyright violation audit? The average business is currently hunted by as many as 100 anti-piracy auditing groups. Very few enterprises trust these enforcement groups to provide answers without pursuing their own hidden agenda, so where can you go to find a trusted resource?

Take a few minutes & step through the following confidential quiz from The Institute for Technology Asset Management. Your ability to answer – or not answer – these simple questions will give you an excellent baseline regarding your chances of minimizing exposure to crippling software license non compliance & copyright violation audits.

The “Software License Compliance & Copyright Compliance Baseline Quiz” is available HERE

As you step through the quiz, keep track of the number of issues for which your only justifiable answer is "no." A valid justifiable answer is one you can prove "...to the satisfaction of the copyright holder..." so anything you cannot prove must produce a "no" answer to the quiz issue. Each of these issues will represent a specific weakness in your preparedness for stonewalling, or at least minimizing, the impacts of a punitive enforcement audit. 

Friday, August 3, 2012

SaaS - Software as a Service is a Deadly Vortex

And, like many vortexes, an intelligent individual is best served by clearly understanding the risks before diving in. The true bottom line behind Software as a Service is that:
SaaS represents your complete lack of control over your access to the products and data you use to manage your business.
Think it through. When we possessed the software products locally we could utilize those products and access our data at any time and, as long as we remained within license terms, in any manner we wished. We were not locked in to the availability of Internet access or the good graces of a service provider. We had a perpetual license, meaning we paid a single initial fee to use the product for an unlimited amount of time. SaaS will end these options and lock us in to a single source.

Once you have moved to SaaS, you will be paying a yearly rental fee on the products - one that can be changed at any time. The Service Provider will control a high percentage of your access and your ability (or lack of ability) to connect to the Internet will control the remaining access. What's more, if you have any disagreement with your service provider, they can shut you down with the flip of a virtual switch.

Want to hear more? Consider watching and listening to this short Flash overview of an Institute on-demand Knowledge Briefing covering SaaS & Cloud Services. The introductory session is only a few minutes long and includes excerpts from a live software asset management professional development discussion.


You can link to the session HERE. If the content resonates with you, feel free to contact us about the on-demand asset management training programs at The Institute for Technology Asset Management.

Wednesday, March 28, 2012

Put a Stop to Standards & Best Practices for Profit!

I must be really missing the boat on all the so-called standards and best practices relating to software asset management, copyright compliance / anti piracy, and technology asset management. I was under the (evidently mistaken) impression that standards were designed by people who actually DO the work to help other people become more effective at doing the work. (Wow... Now, there's a serious disconnect.)

Recently I've been reviewing standards and best practice programs as references to a series of professional development seminars, and (once again) I discovered that a majority of  these "aids" are NOT what we would expect them to be. Here's my list:
  1. Many standards are apparently being developed by representatives of the technology industries as not so subtle pressure to "buy our products" or "buy our services" instead of helping practitioners gain competencies.
  2. In many cases, standards and best practices have very little resemblance to what real people do in the real world. Rather, the standards development teams represent massive corporations that can afford to apply large well-qualified teams to implement highly complex and lengthy solutions.
  3. Instead of being based on the experience of practitioners, many standards or best practices are being blatantly developed to provide a proprietary income to a specific group or organization. This severely limits competition as well as locks practitioners into the proprietary programs.
  4. Along with the proprietary perspectives are the incredibly unrealistic costs being applied to standards and best practices - costs that the majority of enterprises simply cannot afford to pay.
  5. I've also seen multiple standards and best practices that, rather than being based on genuine practitioner experiences, have simply taken advantage of openly posted materials downloaded from the Internet and merely re-written by the standards or best practices editors into their own proprietary packages.
  6. And, finally, all too many asset management standards and best practices are attempting to shoe-horn asset management into the technology, services, or other enterprise functions to add to the responsibility realm of technicians rather than building the profession itself.
It's time to put a stop to this kind of activity in the SCCA, SAM, ITAM, and IT Portfolio Management fields. The Institute for Technology Asset Management invites you to become part of its unique open source standards, best practices, and professional development programs - programs that real people and real enterprises can actually afford. As usual, the Institute was the first in the industry to put the power of standards and best practices into the hands of actual front line practitioners, rather than merely convert the agendas of the software industry into a revenue stream version of pseudo-training coupled to over-night certifications.

The Institute does not take money from the software industry players - either via corporate memberships or sponsorship. Instead, we work directly with individual practitioners to build the asset management professions, standards, and practices. Our Guide to the Technology Asset Management Body of Knowledge (TAMBOK) is based on the competencies needed to genuinely DO the work of an asset manager - and the book is freely available online at a price you can afford. (In fact, we're working on the next TAMBOK release. Want to become a reviewer? Sign up now.)

The Institute's professional development programs are the only non proprietary programs in the industry that are based directly on asset management competencies - openly available competencies that have been proven by people working the front lines of asset management - rather than what the software industry wants you to know.

Of the six training options for software asset management, the Institute is one of only two that are not being driven by the software industry, their associates, or hired guns. Of those two, we are the only non profit program that is genuinely driven by practitioner member expectations.

Maybe its time you took a look at The Institute for Technology Asset Management.

Monday, January 9, 2012

Selecting a License Compliance Discovery Tool

This post is an answer to a LinkedIn question regarding selecting a compliance discovery tool. There is a wide range of considerations when you are interested in investing in this tool. These are only a few. For additional information, please look over The Institute's online Knowledge Brief: “Selecting & Using the Systems Discovery Tool.”

It looks to me like you are primarily concerned about compliance but it's important to recognize that the discovery tool, in and of itself, is not going to do much more than let you know what's present. The most effective discovery tools will contain a dynamic database that includes identifiers for a majority of software products. When it runs the systems, it will compare what you have loaded against its database to identify what you actually have present. This information should include, at least, the precise name of the product, version &/or release, copyright data, size of the executable file & date the executable was finalized. Part of the reason for all this is to prevent users from merely re-naming a file so that it's "hidden" from the tool (that strategy won't work with a good discovery tool). An effective discovery tool will also permit you to add legacy applications (or others not currently in the database) so that you can adjust to your specific environment. The quality of this database, as well as your ability to adjust for missing products, represent serious considerations in selecting a product.

A key element of the database also includes whether or not you can adjust the system to run specialized scans for items such as fonts, graphics, or other problem products that show up as "surprises" during audits. You should also be capable of looking for MP3s, games, &/or video files.

What you want to accomplish with the discovery tool is a baseline analysis of configurations - what's loaded. You'll then compare this baseline against your proofs of possession (licenses & etc) to determine what "should" be on the systems. From that baseline you'll eventually begin monitoring the systems to identify two factors:
  1. What products "should" be present but are missing
  2. What products do not belong but are present
In the first case, you have a need to add correctly licensed missing products. In the second, you will have identified products that may or may not be non compliant. If non compliant, they should be removed or licensed (but ensure the install dates match up with your proofs of purchase). When you monitor by exception, you significantly reduce your work load.

What all this implies is that you genuinely have all your proofs of possession under control for eventual entry into the "approved product" database. This side of the discovery tool permits you to establish what you are legally permitted to possess and it will help you reconcile against the configurations. This provides you with a snapshot of compliance status.

As to an uninstall tool: Recognize that the "built-in" uninstall tool for your operating system is not very dependable. It tends to leave elements of applications behind that "could" expose you to hidden audit issues. Depending on your size & systems environment, you can possibly acquire an open source uninstall tool. However, an effective uninstall tool is critical to to compliance assurance.

Another very important issue that Karan mentions is the entire discovery tool acquisition & implementation process. You should be able to have a discovery tool operational in less than 5 hours on a client-server network - more or less depending on the number of client systems the tool has to audit as well as the focus of your install team. Of more importance will be the amount of bandwidth the tool sucks up as it runs the systems reviews - keep it low and minimize the downtime time while it audits a device. Also keep in mind that you may want to run independent reviews of systems that are not accessed via the network - or on remote systems. This option should be considered in tool selection.

Further, is the discovery tool easily managed by a "normal" human being? I.E. a non-techie? Too many of these tools are so over-engineered that it requires an unnecessarily costly team to manage & operate the product. Be sure that any advanced clerical worker can generate & manipulate reports as well as manage the over-all system. This will drastically reduce ongoing costs.

Finally, if you are doing compliance for the sake of compliance, you are wasting money. I know that sounds wrong but, in reality, the majority of cost & risk reductions for your enterprise will be derived from effective life cycle management of both software AND hardware. Yes... You DO have to maintain compliance, but do not stop there. Usually, enterprises that stop with compliance miss out on the true value of SAM & ITAM. The core issue with this comment is that, whenever you select a discovery tool, ensure that it will also help you monitor your hardware configurations.

At the end of the day, it's important that we begin our search for "just the right tool" with a clear concept of what we want that tool to accomplish, in what environment, and with what level of internal talent. There is significantly more to this topic but, since we cover it in our online training, it's best for those who are interested to follow up with the specialized training. 

Please let me know if this helps or if you need additional information!