Governance is simply defined as the act of governing; the authority to conduct policy, actions, and affairs of an organization. Software Asset Management (SAM) by its very nature is governance because it is implementing and conducting actions and policies around software, aimed to help organizations reduce risk, improve compliance and maximize cost savings related to software and Software as a Service (SaaS)SaaS is a component or licensing technique of software and includes the programs, security, and infrastructure necessary to operate software off-premise. Therefore, SaaS should be similarly governed as software licenses. But, what is the best way to accomplish this? There are three components, procurement or purchasing; deployment; and compliance. Taken together, governance is the act of reducing the risk and cost of software or SaaS licenses.
SaaS Deployment and Procurement
Procurement is not the starting point, but it is the beginning of the financial relationship. When acquiring SaaS software, the governance entails ensuring that security protocols are followed, that infrastructure standards are met and that correct quantities and license types are acquired. Typically, SaaS is a bit easier to procure as quantities and licenses are driven by named users instead of acquiring licenses and then deploying them after the procurement. Since the licenses will require some type of security to use, the quantities are easier to allocate and manage. And finally, since a SaaS license is subscription based, the license is terminated when the licensee stops paying for the license.
Deployment tends to be straightforward. Using groups who need licenses are first secured and the names are included in licensing documents and contracts. Ensure that outside resources are available and accessible and that reporting can be accomplished for those who have licenses. Reporting should include deployment and use of the software. That reporting will be the backbone for compliance, which may be the most important part of SaaS Governance.
Understanding Compliance with SaaS Licenses
Compliance is simple to define but difficult to implement. Ultimately, it is the act of ensuring that licenses are available, used, and retired as needed. Compliance involves education of using groups so that they understand the basics of secure SaaS licenses: don’t share licenses, ensure correct license levels and metrics, and return unused licenses. A specialized compliance function comes into play for those products where a free trial may be available. If a trial license has been used, it is incumbent on the licensee to ensure that at the trial's expiration, the license is returned or paid for as needed. As with any licensed software (remember, SaaS is a specialized license of specialized software), the licensor has the right to review or audit the use of its software and licenses. Any trial software that hasn’t been returned may cause an audit finding.SaaS Governance is a SAM requirement similar to on-premise software license governance. While it may be easier with built-in controls, it is still required to follow license practices and SAM processes to ensure that products are acquired correctly, deployed efficiently, and managed for compliance.