This article is based on conversations during a CIO Circle roundtable event at The Institute of Directors in London on February 28, 2023, which discussed how digital leaders can optimise their software assets. The event was sponsored by EY UK&I and chaired by Roger Camrass. Krati Laad, Software Asset Management (SAM) Leader at EY UK&I, introduced the topic.
The explosion in Software as a Service (SaaS) offerings and the productization of existing software assets means the challenge of managing applications has escalated dramatically during the past two decades. Most large organisations have thousands of software assets, but few have full visibility over this disparate environment. Into this challenging landscape comes the CIO, who usually holds the responsibility for managing such assets but must also cope with distributed ownership.
In the first CIO Circle event of 2023, we discussed how organisations can manage their software assets effectively. The discussion addressed the following issues:
How can CIOs maximise value from their software assets regardless of where they sit in the organisation?
What are the best ways to register and monitor these assets, both for internal and external software services?
What are the latest approaches to the smart contracting of software assets, and how can CIOs manage multiple vendor relationships most effectively?
Providing a context for the discussion
Each delegate at the event summarised their areas of interest. These concerns were used to shape the subsequent discussion. The main areas of interest included:
How can SAM help reduce business risk and increase resilience?
Does the move to the cloud complicate asset management when compared to on-premises arrangements, and how should businesses respond to the new platform environment?
How can organisations keep track of their software assets, especially when merger and acquisition activity creates additional challenges?
How should we use tools, such as Snow, Flexera and ServiceNow, that can help us to discover software assets, especially when there are other applications that we don’t necessarily know about?
Is SAM purely a procurement problem or should the IT organisation consider the entire application lifecycle?
How does SAM impact the cybersecurity posture of the organisation?
Several key themes were mentioned regularly during the discussion, including: the return on investment (ROI) for software assets; the need to deal with legacy applications and technological debt; and the possible risks to the business when assets are unseen and under-managed.
Cost versus value?
The most significant debate amongst delegates was how to turn a software investment into a win-win situation that produces benefits for all parties, whether that’s software publishers and vendors or the IT organisation and its business partners. It was agreed that too many organisations equate IT with cost and place undue pressure on technology budgets. Delegates agreed that an emphasis on value over cost can only be achieved by linking software assets with business outcomes.
One delegate raised the concern of how to value infrastructure investment in a modern IT environment when many assets are software-defined. The move to the cloud has helped convert capital expenditure to operational expenditure, but delegates agreed that there’s still much work to be done to justify infrastructure upgrades to the business. A delegate from a public sector organisation mentioned that budgeting for software investment is a near-impossible task in a ‘start-stop’ macro-economic environment.
The conclusion of this part of the discussion was that there is a growing realisation that collaboration between software vendors, IT organisations and business partners is essential to resolving the cost-versus-value challenge in an effective manner.
Are software assets visible?
Asset management is a complex task: delegates at the event confirmed their organisations often have to oversee 3,000 or more applications. Managing a large and distributed asset portfolio is difficult, especially when IT teams at the centre have little control over procurement and deployment at the periphery. The coronavirus pandemic has accelerated the move towards decentralised procurement, with staff buying software at home to support remote-working activities. Delegates from software firms suggested that automated dashboards are an essential tool for identifying and locating software assets.
It was suggested that there are specialist tools that can be used to help ‘sniff out’ software assets and to pinpoint their location. However, delegates suggested that the danger here is the identification of ‘known unknowns’ that constitute risk to the organisation. The head of risk at EY EMEA emphasised the importance of software asset visibility when reporting cyber threats to the board.
Can vendors help?
Big technology companies, such as Microsoft, SAP, IBM and Adobe, hold detailed records of their customers’ software assets and are aware of how these applications are used, especially in a cloud environment. These technology firms also undertake audits to establish which licences are being used. Frequently, the customer is less informed than their supplier – and this disparity can cause problems, especially when vendors choose to raise prices due to macro-economic conditions. Those price rises are particularly noticeable this year, with many organisations reporting that fees are being hiked by 5% to 10% across the board.
A second complication comes with the high degree of customisation that often takes place when new software is purchased. This customisation tends to obscure the real cost of the asset, both in terms of development and ongoing maintenance. Delegates agreed that customisation is a costly strategy, as illustrated by the case where heavily customized ServiceNow platforms are making it difficult to complete software upgrades. It was suggested that products should be installed off-the-shelf whenever possible.
IT delegates at the event believed CIOs operate in a similar way to software wholesalers and sit between vendors and business partners. In this specialist role, CIOs manage lifecycle costs carefully on behalf of users and establish smart contracts with suppliers.
Federated structures for SAM
So, how can organisations manage their software assets effectively? Given the scale and complexity involved, a delegate from the NHS suggested that a federated approach is the best option for SAM, which involves:
Adoption of a business architecture at group centre – in the case of the NHS, this structure can be established at the regional level
Preference for open standards where possible to facilitate software integration; other technologies mentioned included open source, Java and OpenAI
Movement towards local execution, which can work well if standards are observed by all parties, especially in devolved structures such as NHS Trusts
At the heart of any successful SAM strategy is a requirement to build trust at all levels of the organisation. Increased trust comes from parallel working, where joined-up decision-making processes bring all parties together at the outset to determine the best fit between business requirements and software options.
Delegates also discussed who is best placed with an organisation to lead SAM initiatives. The senior officer responsible for SAM needs to set standards, manage assets, interact with vendors, and monitor business outcomes. This set of responsibilities is not normally within the domain of procurement and might fall under the remit of the CFO.
Conclusion: Next steps for effective SAM
Delegates and EY partners discussed appropriate management actions arising from the event. Four key actions were identified:
Define organisational responsibilities for the management of software assets across their full lifecycle and set appropriate policies
Seek closer alignment and trust between all relevant parties, including vendors, IT organisations and business units
Develop a dashboard of software assets and monitor their use, with emphasis placed on business outcomes and ROI
Establish consistent processes across the IT estate for organisations and operating companies, and use technology for the enablement of this framework