Main Nav

Does anyone have any recommendations for software management training that includes auditing training?  I've done License Logic's CSM and ASM training which were useful, but am looking for something a little more hands-on and substantive, particularly regarding how to lay the groundwork for, and ultimately conduct, a software audit, with emphasis on an educational setting.  Which, as we all know, can be a lot more problematic than in a controlled corporate environment.

Thanks!

Janice


Janice K. Tulloss, PhD, ASM
Software Coordinator
ITS - Client Services
202 Forney Bldg.
UNC Greensboro
Greensboro, NC 27412
336-334-5401


********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

I'd like to learn more about this as well.  Please send any recommendations to the whole group so we can benefit from your experience. 

Thanks for bringing this up, Janice! 

Have a great day!

JulieBeth Golden
IT Asset & Licensing Officer, ITS/OIT
Georgia Institute of Technology
juliebeth.golden@oit.gatech.edu
(o) 404-894-2972
(f) 404-894-9548
From: "Janice Tulloss" <Janice_Tulloss@UNCG.EDU>
To: LICENSING@LISTSERV.EDUCAUSE.EDU
Sent: Monday, July 30, 2012 4:39:31 PM
Subject: [LICENSING] software asset management training question

Does anyone have any recommendations for software management training that includes auditing training?  I've done License Logic's CSM and ASM training which were useful, but am looking for something a little more hands-on and substantive, particularly regarding how to lay the groundwork for, and ultimately conduct, a software audit, with emphasis on an educational setting.  Which, as we all know, can be a lot more problematic than in a controlled corporate environment.

Thanks!

Janice


Janice K. Tulloss, PhD, ASM
Software Coordinator
ITS - Client Services
202 Forney Bldg.
UNC Greensboro
Greensboro, NC 27412
336-334-5401


********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.


********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Hi Janice,

The three most popular software management training programs available today are as follows.  I have seen many requests for comparison of the courses in LinkedIn discussion groups, but I've never read any responses that I felt were truly helpful in providing objective guidance.  The responses have generally been from people who have had limited experience with only one of the three courses.

- Certified Software Asset Manager (CSAM) from IAITAM
- Certified Software Manager (CSM)
- SAM Advantage 2.0 from BSA

As you point out though, none of them are particularly focused on the nuances of software licensing in academic computing.  But this is a topic that is worth exploring in its own right.  I wonder what we would all - collectively - consider to be the main distinguishing issues of academic licensing, and thus how the focus of a software audit should change for academic computing over corporate computing.

I'll offer a few comments to start the discussion.  But first it may be important to define "conduct a software audit".  I define this as including four obligatory, and one optional, step:
1. Collect Proofs of Licensing (purchase data)
2. Identify License Entitlement Metric (contract data)
3. Discover and Identify Installed Software (physical software audit)
4. Reconcile proofs of licensing (1) with entitlement metrics (2) and software discovery (3)

The above four steps are common for both internal audits (self-audits) or external 'compliance audits' driven by a software publisher or the BSA.  External compliance audits may also include a fifth requirement to 'audit' ongoing management policies and procedures.
 
Two important issues that distinguish academic licensing from corporate licensing are:

1. Academic computing environments typically include computers and software that have been purchased/licensed by multiple entities and/or individuals.  Licensing rights may be university-wide, departmental, restricted to grants and research programs, or specific to personally owned computers.
2. Academic software licensing frequently includes licensing metrics that are less common in corporate computing, such as concurrent use licensing, and FTE-based subscription agreements.

How these issues impact software audit practices:

A. When discovering installed software (step 3 above), the audit process must:

- take care to exclude personally owned computers unless those computers include organizationally-licensed (including 'university-wide, departmental, grants and research programs') software.  And, if so, the audit process must take care to only include the organizationally-licensed software within the audit data.

- separately distinguish organizational computers into discreet 'audit pools' for university-wide, departmental, and grants and research programs.  Since each of these pools of computers may receive software purchased under their specific departmental or grant funding and also receive other software purchased under university funding, care must be taken to distinguish the licensing source and the specific licensing rights for each source.

B. When reconciling proofs of licensing, the reconcile process must be conducted using a test of license consumption under the correct metric, e.g. concurrent-use licensing = high water mark of simultaneous usage, named-user licensing = unique user accounts, per-device licensing = numbers of computers with installed software, etc.

An important step often ignored both in academic and corporate computing is identifying trial, or demo copies of software installed on computers in the target audit.  These installed instances generally do not require licensing but are often not identified as such, thus artificially driving up the demand for licensing and unnecessarily increasing costs.

Understanding the specific rights and management obligations for software running within the various (and constantly evolving) flavors of virtual computing platforms presents further complexities that may best be untangled by negotiating directly with software vendors.


What other software licensing issues do others here see as present in academic computing that impact software audits differently than corporate computing?

Note: Sassafras started offering a monthly training series in June for IT Asset Management (ITAM) and Software Asset Management (SAM) using K2-KeyServer.  Some of the topics discussed center on the more general issues and goals of Software Asset Management with use of our tool playing a secondary role – we make these web-based training sessions available to anyone.

John


John Tomeny
Sassafras Software Inc.
http://www.sassafras.com

IAITAM Fellow
CODiE Award Winner, Best Asset Management Solution
Convener, Co-editor, ISO/IEC 19770-3 Software Entitlements SAM Standard





Thanks John.  My intention is to begin by auditing our own departmental computers (once I can convince people of the desirability of doing it).  The biggest problems I foresee in trying to do this in an academic environment is first the overall resistance our end users have of allowing ITS to "snoop" into their computers (granted we can do this anyway, with or without their cooperation, but they don't always realize that or like it) and second, getting proof of licensing.  The idea of "academic freedom" also finds expression in the idea of "computing freedom" and people guard their prerogatives and chafe at any idea that their privacy might be invaded.

The challenges of acquiring proof of licensing includes the problem that some people have very old copies of software whose purchase records has been lost over time.  Other people simply haven't kept the records, or have non-specific invoices where software purchases get lumped in with other software supplies.  Staff turnover makes keeping records of decentralized purchasing difficult as well.

Some of this is about changing the culture.  Keeping records of software/license purchases has rarely been perceived as something that needs to be done.  Again, people often perceive these purchases as something akin to office supplies, and they just don't think about keeping records of purchases.

That's why I think the first stage is preparing people for an audit, and acclimating them to the idea that it's not designed to be punitive, but to enhance efficiency.

jkt


Janice K. Tulloss, PhD, ASM
Software Coordinator
ITS - Client Services
202 Forney Bldg.
UNC Greensboro
Greensboro, NC 27412
336-334-5401




Message from mknox@austin.utexas.edu

Janice,

A couple of questions are running thru my head..

Are you concerned about open records request issues?
Given the past history, is the goal to get baseline and then improve the future processes so that information improves over time, versus trying to repair the past?
Wold it be easier to start when equipment is refreshed?

Just curious as it is ambitious project. Thanks for sharing. And hanks John for your in depth reply

Sent from my iPad
Margaret (Marg) H. Knox
The University of Texas System

On Aug 1, 2012, at 8:39 PM, "Janice Tulloss" <Janice_Tulloss@UNCG.EDU> wrote:

Thanks John.  My intention is to begin by auditing our own departmental computers (once I can convince people of the desirability of doing it).  The biggest problems I foresee in trying to do this in an academic environment is first the overall resistance our end users have of allowing ITS to "snoop" into their computers (granted we can do this anyway, with or without their cooperation, but they don't always realize that or like it) and second, getting proof of licensing.  The idea of "academic freedom" also finds expression in the idea of "computing freedom" and people guard their prerogatives and chafe at any idea that their privacy might be invaded.

The challenges of acquiring proof of licensing includes the problem that some people have very old copies of software whose purchase records has been lost over time.  Other people simply haven't kept the records, or have non-specific invoices where software purchases get lumped in with other software supplies.  Staff turnover makes keeping records of decentralized purchasing difficult as well.

Some of this is about changing the culture.  Keeping records of software/license purchases has rarely been perceived as something that needs to be done.  Again, people often perceive these purchases as something akin to office supplies, and they just don't think about keeping records of purchases.

That's why I think the first stage is preparing people for an audit, and acclimating them to the idea that it's not designed to be punitive, but to enhance efficiency.

jkt


Janice K. Tulloss, PhD, ASM
Software Coordinator
ITS - Client Services
202 Forney Bldg.
UNC Greensboro
Greensboro, NC 27412
336-334-5401




Yes, this is really about trying to get control over the environment in general, and, as you note, establishing a baseline.  I'm not really responding to any particular concerns, except in the spirit of best practices and avoiding problems in the future.

Our software environment, like many others, I'm sure, has become increasingly fractured as we offer software through different means on different platforms.  As central ITS, we deploy software through one network to Windows machines, through another for Macs, have a VCL implementation, and now a different virtual environment based on a combination of VDI and Citrix.  Then there's our "Instructional Linux Environment" in addition which offer a different complement of apps.

Then you throw in all of the individual purchases made by departments, some of which overlap our offerings, and trying to manage things becomes a challenge.  I've been working with Sassafras on the problem of managing our concurrent use licenses without taking over individual's personal copies and that has been a particular challenge.  Right now I'm dealing with identifying individual computers that have their own copies of Adobe applications which are inadvertently being managed by our own control policies.  So it's a somewhat labor intensive undertaking, and I have to have these users send me their proof of licensing in order to put their machines in an "exempt" group to avoid being controlled by our CUL policies.

So what I'm trying to do is nudge the culture in a direction where people better understand licensing and realize they have to track their licenses and that they may be called on to provide this kind of proof.  Getting rid of software piracy is actually kind of a by-product.

jkt


Janice K. Tulloss, PhD, ASM
Software Coordinator
ITS - Client Services
202 Forney Bldg.
UNC Greensboro
Greensboro, NC 27412
336-334-5401




Message from mknox@austin.utexas.edu

Thanks Janice!

 

____________________________________________________

Margaret H. Knox                  mknox@utsystem.edu

 

Chief Information Officer (CIO)     (512)322-3774   

The University of Texas System

CTJ 2.218 78701

      

 

From: The EDUCAUSE Software Licensing Issues Constituent Group Listserv [mailto:LICENSING@LISTSERV.EDUCAUSE.EDU] On Behalf Of Janice Tulloss
Sent: Friday, August 03, 2012 8:55 AM
To: LICENSING@LISTSERV.EDUCAUSE.EDU
Subject: Re: [LICENSING] software asset management training question

 

Yes, this is really about trying to get control over the environment in general, and, as you note, establishing a baseline.  I'm not really responding to any particular concerns, except in the spirit of best practices and avoiding problems in the future.

Our software environment, like many others, I'm sure, has become increasingly fractured as we offer software through different means on different platforms.  As central ITS, we deploy software through one network to Windows machines, through another for Macs, have a VCL implementation, and now a different virtual environment based on a combination of VDI and Citrix.  Then there's our "Instructional Linux Environment" in addition which offer a different complement of apps.

Then you throw in all of the individual purchases made by departments, some of which overlap our offerings, and trying to manage things becomes a challenge.  I've been working with Sassafras on the problem of managing our concurrent use licenses without taking over individual's personal copies and that has been a particular challenge.  Right now I'm dealing with identifying individual computers that have their own copies of Adobe applications which are inadvertently being managed by our own control policies.  So it's a somewhat labor intensive undertaking, and I have to have these users send me their proof of licensing in order to put their machines in an "exempt" group to avoid being controlled by our CUL policies.

So what I'm trying to do is nudge the culture in a direction where people better understand licensing and realize they have to track their licenses and that they may be called on to provide this kind of proof.  Getting rid of software piracy is actually kind of a by-product.

jkt


Janice K. Tulloss, PhD, ASM

Software Coordinator
ITS - Client Services
202 Forney Bldg.
UNC Greensboro
Greensboro, NC 27412
336-334-5401



Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.