In its early days, IT asset management revolved around one thing: counting. How many PCs do you have? How many copies of a certain application do you own? How many PCs are associated with those licenses? While the data obtained from enterprise-wide inventories informed important projects, such as technology upgrades and migrations, hardware lease contracts and software license redeployments, the fact remained that young IT asset management processes were relatively primitive and rarely drove critical business decisions.
Today, the stakes are higher. Thanks to increasing pressure to prove value to the enterprise, IT organizations have evolved their asset management strategies beyond simple bean-counting exercises. Mature IT asset management (ITAM) programs now proactively drive high-level initiatives such as service support and delivery, and are integral to maintaining a healthy bottom line. Software asset management, especially, has moved to the forefront as a means of complying with regulatory concerns such as Sarbanes-Oxley, and meeting the stringent audit requirements of software vendors and third parties such as the Business Software Alliance (BSA).
However, software license compliance is a tall order and recent data indicate that current approaches aren't sophisticated enough to meet the challenge. According to a recent Forrester report, conversations with clients who have implemented ITAM projects indicate that around one-third of these projects were unsuccessful; either they were one-off Y2K exercises that involved manual ITAM data collection that nobody wanted to maintain, or the necessary process and organization changes around the ITAM project were unsuccessful. 1
There is a fundamental disconnect between what software is provisioned by the organization, and what actually ends up on users' PCs. Why this disconnect? Because despite enormous advances in software access management applications and processes, software provisioning remains tied to an inefficient paradigm of associating licenses with machines. Stuck in such a cycle, current practices can't account for the movement of employees around an organization, or provide any true insight into license usage versus license requirements, which places IT staff on constant fire watch. When it comes to ensuring license compliance, then software asset management remains as unevolved as before.
People, not PCs
IT departments are used to thinking in terms of nodes. Major technology purchases and contract negotiations, are most often based on the number of PCs residing within the company. On an abstract level, nodes translate to employees, but such a thought process is a major contributing factor to the failure of license-compliance initiatives.
Why? Because within this context, asking "How many PCs do I manage?" focuses disproportionate attention on machines, not the users behind them and forces IT staff back into perpetual inventory mode. If you could ask a slightly different question, though–"How many people work here?"–you can begin to shift the paradigm. Thinking in terms of human–not technology–resources enables you to also think in terms of entitlements, not license installations. Instead of inefficiently tracking PCs and their associated software, you can imagine tracking employees and their needs–a concept that forms the basis of a revolutionary new approach to IT asset management.
Identity-based IT Asset Management: Framing the Approach
The concept of identity-based entitlements is nothing new. Enterprise security solutions such as Novell Identity Manager have embraced it as an industry standard in authentication for several years. (See Figure 1.) While an effective identity management program comprises a variety of interrelated components, which vary according to organizational needs and maturity, the common theme that glues the components together is role-based access control–that is, the process of assigning resource entitlements to individuals based upon their function(s) in the organization.
Borrowing from this approach, an identity-based asset management program would shift attention away from hardware and toward individuals. Where licenses were once tied to machines, they would now be tied to users; software entitlements would be based on predetermined roles, and access to these entitlements–as well as their provisioning–would be centrally controlled. (See Figure 2.) Such an approach allows for much greater visibility of licensing across the organization, and more streamlined tracking and administration of compliance activities.
Successfully implementing an identity-based asset management program depends upon three key elements:
1 A clear process, articulated across the organization, for defining specific user roles and the software required to successfully perform those roles
Within the asset management realm, the main objective of role definition is simple: To provide the vehicle for associating software entitlements to people instead of machines. How you define and implement these roles doesn't matter; why you do it, on the other hand, does–for this is the crux of the paradigm shift. Remember that current approaches perpetuate the need to inventory machines and licenses, then reconcile the two; but a properly deployed role-based asset management system guarantees that what you own will always jive with what your users are entitled to.
What's more, under this model, software licenses become portable and hardware doesn't matter–at least in terms of compliance. Freed of concerns about what's installed where, you can finally move beyond counting machines and licenses, focusing instead on more strategic initiatives.
2 A unified means of tracking users and their associated software entitlements
Once you've defined organizational roles and their related software requirements, you need to keep a close handle on the information. A centralized repository enables a holistic view of entitlements across the enterprise, and serves as your definitive record of authorized licenses and their associated users. What this repository looks like depends entirely on your organization; regardless, it bears repeating that the repository must support the association of users–not machines–to entitlements, else the paradigm will fail.
3 A way to prevent unauthorized "self-provisioning" of resources
Finally, you need to ensure that, once provisioned, users can't access or install unauthorized software via unapproved purchase and download, or bringing in software from home, for example. Desktop lockdown–while admittedly unpopular with users–may be a simple first step. Centralized license management and control–closely tied to an official entitlement request and approval process–might be a more distant goal. Ultimately, access control should work in tandem with your entitlement repository to ensure that all roles and their associated licenses are consistently reconciled.
A well-planned, well-implemented identity-based asset management program leverages software license management activities into significant financial and productivity gains:
- Gives greater leverage in contract negotiations to prevent overpurchasing: license requirements are predefined, not based on trends.
- Frees IT staff for more strategic initiatives: licenses travel with people; no more wiping machines when employees change jobs or machines. Tighter control also eliminates unauthorized installations and the associated problems. For self-audits, simply compare inventory data with licenses in the central repository.
- Decreases the risk of noncompliance fines: you keep machines under tight control, reducing the likelihood of illegal software installations.
- Centralized control and tracking prevents unauthorized access and self-provisioning.
- Entitlements follow people so additional license requests are limited to new hires or role changes.
Gartner forecasts, by 2008, 30 percent of large organizations will experience at least one onsite software audit per year. 2 With such a threat, IT and executive staff alike seek a bulletproof means of ensuring license compliance. Legacy approaches to software asset management have thus far prevented organizations from achieving this goal; unless asset management vendors and practitioners alike can make a paradigm shift, license compliance will remain a thorn in organizations' sides.
Because of its ability to tie roles to entitlements, track those associations and prevent unauthorized provisioning, an identity-based asset management process is far superior to existing license compliance initiatives. As interest in this concept grows, look to Novell– a leader in enterprise-wide resource and identity management–to champion and develop the innovations to support it.
 Source: Forrester Research Note: "IT Asset Management, Q3 2006," Peter O'Neill, 4 August 2006.
 Source: Gartner Research Note: "Prepare for Continued Software Audits in the Short Term," J. Disbrow and A. Bona, 11 January 2006.