Getting Value Out of SAM tools

By Richard Spithoven

Many organizations believe that a SAM tool will provide Automated Compliance with a click of a button. If we’d live in an ideal world, purchasing a SAM tool would mean that you only have to install it, get a coffee and sit back to let the tool do its work. Configuring all your software licenses? The tool does it. Scanning your infrastructure and normalize the data? The tool takes care of it. Allocating software licenses? The tool deals with it.

Unfortunately, reality is different. Although new technologies like blockchain, machine learning and AI look promising, they are not reality yet. SAM tools today have limitations and require a lot of manual work before they provide true value to your business. Your tool publisher might be able to fix some of these limitations, others are outside their control and require changes from the software publishers or even from your own organization.

To get value from your SAM tool, it is essential to be aware of the limitations of your tool of choice and learn what the capabilities and functionalities of the tool are. You need to understand how these apply to your organization, entitlements, and application/infrastructure landscape. Even more importantly, you need to determine if they might prevent you from achieving the business value you desire to obtain. Well understanding the capabilities, limitations and risks is crucial in order to achieve high value for your organization. But what works for one company might not apply to you, as the business case can be truly different. Especially if we touch on more complex software, like Enterprise Software, every organization has its own unique business case.

To connect the rights & restrictions you agreed upon in your purchase records (often extracted from paper documents), to the software and configurations on the machines you deploy on premise or in the cloud is not an easy process. There are several key steps that have to be taken correctly before these two sources of data can meet and you can start using the information in your decision process. A limitation or mistake in one of these steps can have major implications for your compliance overview.

In B-lay we categorize these tooling risks in 6 different categories. Depending on their impact and commercial consequences, they can be mitigated, or they may affect your business case in such a way that it might be better to reconsider the investment or at the very least, help you manage the expectations within your organization.

More than once I witnessed contractors and consultancy firms consuming many hours to try and fix the limitations, design workarounds, and build complex maintenance processes to deliver against unrealistic expectations. However, eventually these expectations were still not fully filled.

To get the best out of your SAM tool means to know what its limitations are and complement these with human input and knowledge. Setting the right expectations in the beginning will save you from disappointment later. Not only that, but when you know what to expect, you know also what to prepare and plan for. If you have questions or would like to have a conversation on how to better use your SAM tool, feel free to reach out to us (, or attend our session at the IAITAM European ACE conference in Amsterdam (on 14-15 November) where we will explain our risk model and take a look at the 6 risk categories.

About the Author