Obtaining a precise count of how many software licenses are deployed
The first step in maintaining an accurate picture of your software licenses is maintaining a central repository that holds all of the data pertaining to software purchases, including receipts, serial numbers, terms and conditions of your contracts, deployed hardware, and software installations. Once you have this, utilizing a third-party discovery tool and ITAM tool is easiest and most accurate to access data. There are many types of tools to do the job, with some of them possibly even a part of software you already own. If your self-audit is part of an ongoing SAM program, then you probably already use some type of discovery tool and/or central repository of some sort. When obtaining your data, make sure to get multiple discovered counts taken over the course of a few days or, even better, a few weeks. The nature of software usage in an organization is such that there tends to be a kind of ebb and flow from day to day and week to week, often due to laptops connecting into the network on an irregular basis, but also due to normal business operations. Take and use your highest count in your comparison to purchase data.
In the absence of a software discovery tool and/or IT asset management system, an old-fashioned “sneaker” audit could be undertaken, where you check each workstation and server in the organization (or a sample thereof). Of course, this is less accurate, and requires many resources, but is not unheard of.
Whatever discovery method you use, the final step is to compare the count of what has been purchased to the count of what has been deployed and is being used. Simply put, if you have purchased more licenses than you are using or are using exactly what you have purchased, your license position is in a compliant state. If you are using more licenses than you have purchased, your license position is in a non-compliant state and you need to purchase additional licensing in order to become compliant. Although this seems rather obvious, when you don’t know for sure how many licenses you are using at any given time, it’s very difficult to evaluate compliance. And, in fact, most organizations do NOT know what they have in terms of licenses, giving software vendors opportunity to use audits as an additional revenue stream! In addition to know the license count, you must be sure to use them in the manner stated in the software contract. Many contracts will include terms and conditions on how each license can be used, and deployed which is required to remain in compliance.