The status of SAM: the vision of compliance expert Tor Arne Myhre

Software is becoming increasingly important to organizations and therefore managing software is as well. How do organizations cope with this? And how is software asset management (SAM) perceived by people with different job roles and responsibilities? To map out where SAM stands in 2018, over the next few months professionals from the field will take turns discussing this topic. In this article: Tor Arne Myhre, currently CEO of Paratum Consulting, former auditor on behalf of – and compliance manager at – Adobe and Microsoft.

How are you related to the SAM field?

In 1999 I first came in contact with software asset management and software compliance. I was working at Map License, an independent third party that carried out audits on behalf of Microsoft, and later also on behalf of Adobe. In 2003 I moved to Adobe, as compliance manager. In 2015 I moved to Microsoft where I worked until last October. Now I have my own company: a Nordic-based consultancy house specializing in GDPR, Compliance, and Project Management. Although offering SAM services, we are currently spending most of our time helping companies understand GDPR and implement routines, policies and processes as well as tools for handling GDPR. That seems like a big step, but both are related to compliance and enforcement of rules.

You have been involved in software licensing and compliance for a long time. Can you tell how this field has developed?

In the beginning everyone was non-compliant. That’s because it was, and still is, a complex matter: a company like Microsoft had hundreds of different products, each with hundreds of pages of usage and license conditions. A regular company that used 30 products therefore had to read, understand, and comply with a considerable amount of paperwork. And no one did that. When software vendors, my employers, started to investigate their customers’ compliance situation, companies woke up. The under-licensing or over-deployment was rigorously enforced and often it resulted in monetary consequences and fines. More and more companies hired license experts, often former employees of resellers and a completely new work field emerged. Slowly, companies became better at complying with software license conditions. They developed policies for it, but some also became better at putting up a façade. When faced with a notice, the strategy of some companies was to buy more time and meanwhile clean up their act as much as possible. At the same time, the tools that companies had at their disposal, to check which software was used within their organization, also improved. At some point if we heard a company was running a tool like SNOW, we already knew that there was little chance of finding over-deployment there.

Because over-deployment meant revenue, right? Was that the primary goal of your employers?

My employers wanted nothing more than everyone to pay according to their usage. Optimal licensing returned a constant, predictable income stream, and that helps them with maintaining a healthy business. Such a stable income stream may also be one of the main reasons that all suppliers bet on the subscription and cloud models now. With this, everything is centralized. A supplier can simply check via a login server or verification server whether a machine is licensed. If there is no correct license, the user may receive a warning to allow them to pay, or ultimately loose access to the software. When 98% of Adobe’s products became subscription-based, the need for an auditor diminished. That intermediate layer changed title to Customer Success Manager. This was a proactive middleman ensuring that customers re-signed their contracts and bought more products at higher costs, rather than reactive auditors like me, who came into action when almost certainly there was a case of non-compliance.

Has the cloud changed your work?

In the past 4-5 years, most suppliers have changed their licensing strategy. Microsoft did that two months after I joined them. It went from audits, to SAM engagements or value engagements. These processes are voluntary for companies and are carried out by SAM managers. It introduced a completely different story. Before we called to set a date for an audit, supported by the terms of the agreement, and thus got a foot in the door. That was it. The new story was: “We are concerned that you are not taking the full benefit of our agreements, and potentially introducing a risk of breaking the license terms, can we support you in optimizing the license agreement or the way you use our products?” The customer would mostly refuse and say his implementation partner / reseller / external IT service provider is responsible for this. Understandably as the introduction of the new strategy came with a healthy portion of distrust. The last twenty years, licensing rules were rigorously enforced and the costs associated with violating the license conditions were hefty. It had serious consequences for business operations, and budget cuts and staff losses were not exceptional. These companies suddenly faced a concerned software supplier that is willing to help reduce their costs? Few believed that! Not that it was friendly, not that it was voluntary, and not that it was meant to help them reduce costs. Even co-workers had a hard time believing this. This didn’t work for me! As an employee, you are expected to contribute to the income stream, however, I could not get a foot in the door anymore. It resulted in me starting my own company.

As the saying goes “once one sheep leaps over the ditch the rest will follow”. As soon as a large company came around, accepted the help and saved money, thanks to this voluntary participation, the rest follows. But as you understand, it took time, and it required a huge intrinsic change. Where will this end? I believe terms and conditions will be completely enforced through automation in the future.

This article was also published on Computable.

Read also

The status of SAM: the vision of lawyer Bart van Reeken

The status of SAM: this is how WoningNet does it

The status of SAM: this is how NS does it

The status of SAM: the vision of Marcel van de Molen

The status of SAM: this is how Uline does it

The status of SAM: the vision of Otto Sleeking

The status of SAM: the vision of IT Manager Niels Wijbrandts