First of all, it has been an interesting journey during my SAM career to get to write this post…because I have spent so much time helping companies and organizations “clean up the house” and get compliant, manage their applications and protecting them in the way of being always ready for software audits. But like the best things in life the journey does not have an end and is the ride that makes it great.
In the SAM World the ultimate efficiency is to manage applications from the deployment of images to usage control with compliance in between. It is precisely on this SAM ultimate efficiency that allow us to be more proactive in order to not only be ready for software audits but also to advance the reporting to a vendor before reaches to audit… I know, I know, sounds sacrilegious.
Let us put together this scenario: one organization uses a SAM governance management for all applications, policies and procedures are well-defined, smooth and there is compliance control. To “cleaning up the house” is easy and give it a year to achieve the optimal position. It is now a matter of maintaining, adapting and advising. It is then that risks are fully controlled towards software audits. And the services are rendered by a certified and recognized independent SAM consulting firm, not by a reseller. Imagine then that the organization reports voluntarily their compliance that includes deployment information.
- Vendor does not have to list the organization on the black list
- The organization tracks reports delivered to provide “good faith” to auditors and avoid their time-consuming engagements
- The organization is motivated and keeps SAM governance live, active and constant maintaining compliance to optimal levels
- Vendors provide funding for voluntary reporting, services by the SAM consultant may be partially covered if not paid in full.
- SAM consultants can focus on the upcoming projects, working with IT architects and other to prepare for changes and ensure healthy delivery and compliance as per the established road map.
What we need is an alignment between the vendors, the SAM consultants and the customers. It has to be driven by the Vendors primarily, creating clear programs of audit protection by voluntarily reporting, enabling independent SAM consultants to provide a level of trust and optimal reporting acceptance. And this is out of the scope of the True Ups and Renewal typical reporting,,, Cloud subscriptions actually fit well on this model as usage can be controlled by the access to the applications from the vendor, but more than ever, the reality of Hybrid Cloud could benefit this approach tremendously, increasing the trust between all parties involved.
Just a thought…