Has Your Business Been Victim of a Technology Disaster? Learn How to Prevent Being Hammered Again.

When nature slams your business, a repeat disaster could easily follow—this one of man-made origin. This 5-part Briefing Series helps you minimize the inevitable post-disaster software piracy audit risks. From where we stand there isn’t a whole lot we can do to relieve the misery each of you has encountered, but The Institute wants to help where we can. So, here is our offer: We can help you prevent the next catastrophe with advice and guidance via the Internet.

It is now painfully obvious to all business technology consumers that computers, software, documentation, and electronic data make pretty lousy submarines. In the average disaster, the very core of your business is most likely gone or virtually unrecoverable. You are about to rebuild your technology infrastructure from scratch—be it two computers or twenty thousand computers—and, if you aren’t extremely careful, the con artists are going to set you up to get hammered yet again. You do not deserve that kind of abuse, so our primary goal is to provide advice to help you avoid future software piracy and non compliance punitive audit experiences courtesy of the software police and copyright cops. Our secondary goal—a very close second—is to enable you to save money when you re-invest in new technologies.

This article series was originally posted on our site for the benefit of victims of Katrina and other disasters. However, we quickly discovered a serious need for accurate, vendor-neutral advice on acquiring technologies after crippling events. Read on and consider what we have to offer individuals and companies that have been disaster victims.

Hello! I’m Alan Plastow, founder of The Institute for Technology Asset Management. After a disaster, when you buy your new computers, very frequently you’ll be looking for maximum product at minimum price. You’ll have little choice: Money is going to be tight. Although this is a perfectly normal reaction to the misery you’ve gone through, you need to be extremely careful of the operating systems, software, and other copyrighted products placed on those computers. From where I stand, I can predict with nearly 100% certainty that within a year of any significant disastrous event (18 months at the most) the software police and copyright cops will conduct mass software piracy, copyright violation, and license non compliance punitive audits in the areas of devastation.

Companies that are trying to recover from a disaster are going to fall prey to the “easy licenses” and “bargain costs” of counterfeit software and other products—including hardware. As well, these same companies, with their limited financial clout, are going to begin using shareware products to delay some computer-related expenses. The result? You will be setting yourselves up as easy targets for litigation by the nearly thirty members of the software police and/or copyright cops that are active in the U.S.—nearly 100 globally.

Another key issue you will need to become aware of is that the documentation from your software purchases is very closely scrutinized during a software non compliance, or piracy, audit. If, when you purchase your new copyright protected products, you do not receive the correct license; proofs of purchase; stamps, emblems, marks, or certificates of authenticity, or master media you will become a potential disaster target all over again.

Of all the businesses in the world, you are in a unique position. As demoralizing as your experience has been, you now have the opportunity to rebuild your business into something bolder and better than it may possibly have become prior to the disaster. Please permit me, at no cost, to guide you with advice in avoiding the software piracy audits that can easily follow your efforts to rebuild.

Monitor the Taminstitute.org blog site to access these full Disaster Recovery Knowledge Briefings. It’s free and you, your employees, and your company will benefit through short- and ling-term cost and risk reductions in technology asset management. This is the place for Disaster Survivors where I will answer your questions and provide no cost advice. Don’t suffer through the pain of recovering your business technologies only to be blind-sided and hammered all over again for incorrectly licensed copyrighted products after you are back in operation. We can provide the advice that you need.

With great respect for what you are enduring,

Alan L. Plastow

Founder

Corporate lay-offs? "Difficult" economy? Get ready for a software audit!

Your chances of being embroiled in a software non compliance—piracy—punitive audit are higher today than at any time in the history of copyright enforcement. Here's how it works: During difficult economic times, or when your company loses personnel, you are opening yourself up to a significantly higher probability of software license enforcement audit scrutiny. In fact, your chances of becoming involved in a software audit could geometrically increase by as much as double for every five employees you let go.

Do you think this perspective is all so much hot air? When you combine the aggressive “Whistle-Blower Reward Programs” fielded by the software publishers and their enforcement industry friends, your level of risk is increasing as the economy becomes ever more unstable. Read on to discover methods for keeping what little corporate money you have – in YOUR enterprise pockets – rather than continuing to pay out more and more to the software and copyright protected products industry players.

Real World – The software industry players have known for a long time that there is an enormous revenue stream to be had in conducting compliance audits – even against enterprises that have a “clean” compliance record. They've been siphoning enormous amounts of cash from their own customers while constantly attempting to ensure that the entire compliance assurance process is as difficult and poorly defined as possible via ever more incomprehensible licensing schemes.

If your enterprises uses any degree of technology, you are an easy audit target. Period. Full stop. Even if you are 100% ethical and careful in your systems controls.

The bottom line is that technology asset management isn't about how much you spend, it's about the value you receive for every single dollar that you invest. When you can very easily enhance the value you gain from your business technologies, while minimizing initial and ongoing costs AND minimizing related risks, these ideas become no-brainers.

The key is this: Every successful asset management initiative begins with the foundation framework established by proactive software asset management. We build on this relatively basic foundation to deliver genuine life cycle value for software, hardware, and related goods, services, and contractual agreements.

At The Institute, our focus is putting that value—that money—back in your pocket...and KEEPING it there. 

Consider the following:

• If / When you look honestly at the current (sad?) state of your country's economy, nearly every business is looking to cut expenses and increase ROI, you'll recognize that managing the technology portfolio is one the most easily value-added programs available to you,
• If / When you realize that, in part due to lower employee numbers in the so-called developed countries, local and global software sales are down,
• Your suppliers are aggressively hunting for additional revenue streams,
• For these people, compliance audits are VERY significant income opportunities,
• If / When you recognize that large numbers of people are discovering that with zero warning they're out of a job,
• And they are NOT happy with you,
• It's easy to sign into the anti-piracy sites to deliver up you and your company for an audit,
• If / When we remind you that the software industry players and their so-called software police / copyright cops are loudly publishing whistle-blower rewards of up to $1,000,000...
• Money for nothing...?
• One of the enforcement audit campaigns was even entitled “Don't Get Mad, Get Even”!
• Does this tell you ANYTHING about enforcement tactics?
• If / Then - In light of these realities, is it any surprise that your audit risk expands by an approximate factor of double for every five employees you upset?
• Oh, yeah... Did we mention that existing—and ethical—employees are also very willing to report your copyright violations?
• Did we also mention that small- to medium-sized businesses are the absolute favorite audit targets?
• Did we mention that American enterprises are carrying the majority of frequency in being audited for licensing issues? (Because American enterprises can “afford” to pay more in fines / penalties. BUT, this locus of focus is changing as other countries expand their use of high risk software products.)
• And last, but not least, did we mention that The Institute for Technology Asset Management is your portal to establishing and maintaining effective business processes that extract maximum value from your IT spending dollars while minimizing costs and risks?
• Did we mention that many of our solutions cost you NOTHING?
• Did we mention that our methodologies meet or exceed ANY existing standards for software portfolio management?
• Did we mention that our software asset management credential programs are substantially more comprehensive that anything currently on the market because they focus on practitioner competencies?

Fines and Penalties – The average cost of a single software piracy audit can—and frequently does—exceed $100,000—for even the smallest company (10 computers). To put this in more basic terms, think $3,000 to $5,000USD per computing device in typical settlement fines.

Invisible Value – The average company gains less than $1 in business value from every $14 it spends on technologies. Those same technologies expose the enterprise to enormous enforcement audit risks.

Here's why you need to be concerned: First of all, any business owner or manager should be well aware that former employees very frequently have an ax to grind.  According to research published by the software anti piracy enforcement industry, the majority of whistle-blowers are current or former technology workers or management-level personnel. Who, in your company, knows the most about the products loaded on every one of the computing devices you possess? In polite terms, these are the folks you need to manage. They're also NOT the ones who should be fully responsible for direct oversight of your technology assets.

Here's what you can do: The number one entry barrier to optimizing value in your corporate technology portfolio is to become honestly aware of the realities and issues. As long as your enterprise operates on theory and verbal assurances of compliance and effective life cycle management you will not be capable of delivering value. Theory does not contribute to the bottom line – only quantifiable factual evidence of both compliance and life cycle controls.

Enterprise management—at the highest level—must become aware of, and clearly support, close scrutiny of the entire life cycle of ALL technology-related investments. Failure to do so only perpetuates the existing ineffective practices and procedures. Interestingly enough, failure of upper management to actively support the initiative has statistically, and consistently, been the root cause of a majority of ineffective asset management initiatives.

NEXT: If you have any interest in reducing costs and risks, begin a serious technology asset management program right now—today. Your first step should be to stonewall the software enforcement industry auditors. Since audits are the most immediate and costly threat to any enterprise using today’s technologies, merely eliminating high risk software titles from your exposure field is an enormous step to ongoing savings and improved ROI.

The process is simple: Establish a trusted review team and ensure that all copyright protected products loaded on any computer—or electronic media—are fully and correctly licensed. This is all a matter of brain-work. Cost so far? Nothing but a little of your time. No new products or services to buy…

Do you want more? More details? More ideas? Let us know. The Institute for Technology Asset Management staff is ready and willing to help you learn to take back control of your IT investment dollars.

Negotiating with Hitler - A Software Asset Manager's Reality

Recently, a practicing software asset manager (SAM) emailed me with a very typical question:

How can we get better software license terms when the software publisher refuses to permit us to negotiate the license terms?

"ARE YOU KIDDING ME???"

My answer was fairly comprehensive, but the bottom line was this:

As long as we permit the software industry players to play contract management games, we are as much at fault for onerous license terms & conditions as they are.

After multiple decades of negotiating with software industry players & their friends, I can give you one key issue that leads to a majority of costly problems for the business technology consumer:

The root cause of nearly every problem you will have with the software publisher, as long as you use their product (and well beyond) will be the terms & conditions of the license.

Learn to negotiate licenses. Learn to push back against onerous terms & conditions. Quit accepting software industry bullying as your only reality. You have as much right as the software publisher to gain mutual benefit in all contractual agreements.

The business technology consumers did not declare licensing & economic war on the software industry players. They declared war on us.

And, YES, you can quote me!

To download the full PDF document covering my observations on how the business tech consumer needs to change our approach to contract negotiations in general, and software license negotiations specifically, follow the link  HERE

It isn't going to be easy. We have to overcome nearly four decades of letting the software industry have its way with us, BUT we CAN become the initial agents for IT asset management change.

The Corporate Approaches to Software Piracy & Copyright / License Compliance Need to Move to the Next Generation of Leadership.

This post is in response to an article in ComputerWeekly noted HERE.

The original article discusses how the software piracy landscape hasn't changed much in the past few years. Licensors continue to use unnecessarily complicated licensing schemes & licensees continue to fail to understand as well as fail to manage licenses & licensed products. We CAN, however, change this distressing software piracy trend, but we have to wake up & smell the decaying business processes that expose us to punitive software industry players & their predatory compliance enforcement auditing friends.

It's time to move our outdated software asset management mentalities out of the dark ages & into the next generation of software life cycle management, systems life cycle management, & over-all IT life cycle management.

• As long as business technology consumers permit the software publishers to control the entire licensing process, we will continue to be targeted by predatory compliance enforcement industry players.
• As long as the enforcement industry publicity teams use “piracy” as a synonym for "non-compliance", or "honest licensing errors", we will continue as targets.
• As long as the "compliance landscape" is constantly shifting, we'll be easy targets.
• As long as the enforcement industry-sponsored "studies" & media blitzes represent the smoke & mirrors world of piracy to the public & our legislators, we'll continue to be targeted.
• As long as we permit nebulous terms & conditions (such as the literally limitless "right to audit" clause) in licenses, we'll continue to be targeted.
• As long as our software asset managers are not trained, are being trained only to the enforcement industry perspectives, or are being "qualified" as "professionals" in over-night certification classes, we'll continue to be targeted.
• As long as the enterprise pays only lip service to software & license life cycle management, we'll continue to be very easy - even clueless - targets.
• As long as the technical "experts" in the enterprise continue to be in the dark about the realities of license compliance, we'll remain targets.

It's time for the next generation in software asset management professional development & awareness. Business technology consumers need to stop being reactive & start being "intelligently proactive" in addressing the root causes of software life cycle management & compliance assurance.

I've spent nearly twenty years studying the enforcement industry players & their games & it has become evident that our training programs are less than optimal in their approach to compliance assurance (& nearly empty in terms of effective life cycle management). Each & every issue listed in this article & my response could have been minimized by intelligent asset management. Unfortunately, our asset managers frequently are not given the knowledge they need, nor the executive support necessary to address the problems up front - where they could have avoided the confrontation.

For an example of what I'm saying, look through the technician comments on the discussion thread noted in my previous post.

What you'll see, if you can make it all the way through the thread, is that these front line IT personnel DO NOT generally have a clue about compliance or license management. If these people do not understand, or if there is no well-trained/empowered software asset manager in their enterprise, their companies are defenseless - & ripe - for punitive compliance audits.

You want answers? I'll be glad to provide them, along with pointers to the next generation of strategies & tactics for compliance assurance & software life cycle management professional development. Feel free to connect with me at any time.

The Institute for Technology Asset Management publishes its Guide to the Technology Asset Management Body of Knowledge - TAMBOK - the planet's only cost-effective guide to the competencies asset management practitioners need to succeed in the front lines of SAM & ITAM.

SAM Credentials Need To Evolve To Reflect Competency, Not Instant Certifications

It never fails to astound me that asset management practitioners can be transformed from "I just got this job" into proficient(?) software asset management professionals in as few as one or two days of training. I'm further blown away that a majority of our industry training programs include an "instant" short-term memory exam as part of their certification schedule.

Do me a favor & check my math. It looks like the typical training session can be completed in an average of two business days. These sessions probably include multiple breaks for coffee, tea, lunch, & (I hope) at least a 2.5 hour exam. If I'm correct in my calculations, the actual time-on-task for today's certified SAM practitioners churned out by the typical 2-day program is less than 7 hours. I hate to even consider the time-on-task for a single day program.

Based on all this, it would seem to me that we're actually killing our credentials by popping out people who know just enough to get themselves & their enterprises into what an ancient Chinese knowledge expert dubbed as "interesting" SAM operational times. (Yes, I know they didn't phrase it quite that way.)

Here's how we approach the typical SAM certification problems with the training & credential programs from The Institute for Technology Asset Management:

• Our SAM credential has been broken down into Software and copyright compliance Assurance (SCCA) and Software Asset Management (SAM). Between these two, the candidate receives more than 29 hours of actual time-on-task training broken into approximately 39 individual focused self-paced sessions.
• We are not proprietary in our programming. We focus on openly available competencies that practitioners can easily apply specifically to their SAM (and IT) environments. Nothing is hidden.
• We have broken out the classic SAM training program into brief self-paced on demand sessions that can be taken singly or as a bundle.
• Via this individual session delivery, we can deliver significantly more time-on-task than ANY alternative program in the industry.
• When the basics of the certification are delivered online, we can eliminate the costly & disruptive travel aspect.of typical SAM programs.
• The Institute also provides an "open source" style knowledge base (in the form of our easily acquired Guide to the Technology Asset Management Body of Knowledge (TAMBOK). Through this simple TAMBOK practitioners and enterprises alike can gain a comprehensive view of the actual needs of asset management infrastructure.
• What's more, The Institute provides third party tracking of your training portfolio via a SCORM Compliant industry standard Learning Management system.
• Also, the SAM-related exams are free-standing and can be completed at any time after fully completing the coursework. This provides candidates with plenty of time to study and translate their knowledge from short-term memory into their more stable long-term memory. Result? Candidates learn and remember more than ever before.

I'll cover additional differentiators for Institute credentials in follow-on posts. For now, recognize that The Institute is moving SAM & ITAM credentialing into the next generation of credibility - for practitioners, as well as for those who hire credentialed SAMs / ITAMs. 

To look over the range of Institute Software & Copyright Compliance Assurance (SCCA) and Software Asset Management (SAM) credential programs, click HERE

sign in to the LMS (Learning Management System) [ It's Free] and review the course content.  Each session has a brief printed introduction and the live sessions last from 30 to 90 minutes.

Any questions, please let me know.

The Next Generation of SAM Training & Certification is Here

Comprehensive SAM - Online, On Demand- At Your Convenience, Without Disrupting Your Busy Schedule!

Reduce the cost of your SAM credential by eliminating unnecessary travel costs. Complete the core competencies of Software & Copyright Compliance Assurance (SCCA) & Software Asset Management (SAM) at your own pace without disrupting your busy schedule.

Follow the link included below to check in to the SAM training industry's only competency-based professional development system. Via our free Learning Management System (LMS) you'll build a credible portfolio of successful course & credential progression.

Read the content overviews & review over 38 cutting edge SCCA & SAM offerings. Take one or more cost-effective 20 minute to 90 minute sessions to try it out, or opt for the even more cost-effective bundled series. The programs come with over 600 pages of Workbooks to help you tailor the content to your unique enterprise & culture. These Institute for Technology Asset Management programs significantly exceed the scope & depth of virtually any alternative SAM programs on the market.

Have questions about the SCCA or SAM credentials? Feel free to ask. I'll provide whatever answers you need to succeed.

Take Me To The Online Training Portal!

SaaS - Software as a Service is a Deadly Vortex

And, like many vortexes, an intelligent individual is best served by clearly understanding the risks before diving in. The true bottom line behind Software as a Service is that:

SaaS represents your complete lack of control over your access to the products and data you use to manage your business.

Think it through. When we possessed the software products locally we could utilize those products and access our data at any time and, as long as we remained within license terms, in any manner we wished. We were not locked in to the availability of Internet access or the good graces of a service provider. We had a perpetual license, meaning we paid a single initial fee to use the product for an unlimited amount of time. SaaS will end these options and lock us in to a single source.

Once you have moved to SaaS, you will be paying a yearly rental fee on the products - one that can be changed at any time. The Service Provider will control a high percentage of your access and your ability (or lack of ability) to connect to the Internet will control the remaining access. What's more, if you have any disagreement with your service provider, they can shut you down with the flip of a virtual switch.

Want to hear more? Consider watching and listening to this short Flash overview of an Institute on-demand Knowledge Briefing covering SaaS & Cloud Services. The introductory session is only a few minutes long and includes excerpts from a live software asset management professional development discussion.


You can link to the session HERE. If the content resonates with you, feel free to contact us about the on-demand asset management training programs at The Institute for Technology Asset Management.

Selecting a License Compliance Discovery Tool

This post is an answer to a LinkedIn question regarding selecting a compliance discovery tool. There is a wide range of considerations when you are interested in investing in this tool. These are only a few. For additional information, please look over The Institute's online Knowledge Brief: “Selecting & Using the Systems Discovery Tool.”

It looks to me like you are primarily concerned about compliance but it's important to recognize that the discovery tool, in and of itself, is not going to do much more than let you know what's present. The most effective discovery tools will contain a dynamic database that includes identifiers for a majority of software products. When it runs the systems, it will compare what you have loaded against its database to identify what you actually have present. This information should include, at least, the precise name of the product, version &/or release, copyright data, size of the executable file & date the executable was finalized. Part of the reason for all this is to prevent users from merely re-naming a file so that it's "hidden" from the tool (that strategy won't work with a good discovery tool). An effective discovery tool will also permit you to add legacy applications (or others not currently in the database) so that you can adjust to your specific environment. The quality of this database, as well as your ability to adjust for missing products, represent serious considerations in selecting a product.

A key element of the database also includes whether or not you can adjust the system to run specialized scans for items such as fonts, graphics, or other problem products that show up as "surprises" during audits. You should also be capable of looking for MP3s, games, &/or video files.

What you want to accomplish with the discovery tool is a baseline analysis of configurations - what's loaded. You'll then compare this baseline against your proofs of possession (licenses & etc) to determine what "should" be on the systems. From that baseline you'll eventually begin monitoring the systems to identify two factors:

1. What products "should" be present but are missing
2. What products do not belong but are present

In the first case, you have a need to add correctly licensed missing products. In the second, you will have identified products that may or may not be non compliant. If non compliant, they should be removed or licensed (but ensure the install dates match up with your proofs of purchase). When you monitor by exception, you significantly reduce your work load.

What all this implies is that you genuinely have all your proofs of possession under control for eventual entry into the "approved product" database. This side of the discovery tool permits you to establish what you are legally permitted to possess and it will help you reconcile against the configurations. This provides you with a snapshot of compliance status.

As to an uninstall tool: Recognize that the "built-in" uninstall tool for your operating system is not very dependable. It tends to leave elements of applications behind that "could" expose you to hidden audit issues. Depending on your size & systems environment, you can possibly acquire an open source uninstall tool. However, an effective uninstall tool is critical to to compliance assurance.

Another very important issue that Karan mentions is the entire discovery tool acquisition & implementation process. You should be able to have a discovery tool operational in less than 5 hours on a client-server network - more or less depending on the number of client systems the tool has to audit as well as the focus of your install team. Of more importance will be the amount of bandwidth the tool sucks up as it runs the systems reviews - keep it low and minimize the downtime time while it audits a device. Also keep in mind that you may want to run independent reviews of systems that are not accessed via the network - or on remote systems. This option should be considered in tool selection.

Further, is the discovery tool easily managed by a "normal" human being? I.E. a non-techie? Too many of these tools are so over-engineered that it requires an unnecessarily costly team to manage & operate the product. Be sure that any advanced clerical worker can generate & manipulate reports as well as manage the over-all system. This will drastically reduce ongoing costs.

Finally, if you are doing compliance for the sake of compliance, you are wasting money. I know that sounds wrong but, in reality, the majority of cost & risk reductions for your enterprise will be derived from effective life cycle management of both software AND hardware. Yes... You DO have to maintain compliance, but do not stop there. Usually, enterprises that stop with compliance miss out on the true value of SAM & ITAM. The core issue with this comment is that, whenever you select a discovery tool, ensure that it will also help you monitor your hardware configurations.

At the end of the day, it's important that we begin our search for "just the right tool" with a clear concept of what we want that tool to accomplish, in what environment, and with what level of internal talent. There is significantly more to this topic but, since we cover it in our online training, it's best for those who are interested to follow up with the specialized training. 

Please let me know if this helps or if you need additional information!