Software and Hardware Asset Management

The shift to cloud computing and Software as a Service (SaaS) hasn’t just changed how we use software, it has redefined how it is licensed, governed, and valued. Traditional models gave way to subscription pricing, consumption-based billing, and dynamic feature access. Perpetual licences and manual true-ups are becoming relics of a bygone era.

Many years ago, I was deeply involved in both software development and the day-to-day realities of Software Asset Management (SAM) and Hardware Asset Management (HAM). At the time, licensing models still largely revolved around local installations, user counts, and processor limits, concepts that made perfect sense when software was installed on physical machines and managed entirely within the organisation’s IT environment. A decade later, the landscape has changed beyond recognition.

In this article, I want to reflect on that transition, not just as a passive observer, but as someone who lived it from both a technical and governance perspective. Whether building systems, maintaining compliance, or navigating the complexity of evolving vendor models, the shift from ownership to access has reshaped every aspect of software management.

The Subscription Era and Usage-Based Pricing

Over the past ten to fifteen years, software licensing has undergone a quiet revolution. What was once a matter of buying perpetual licences for locally installed software has evolved into a complex, usage-driven ecosystem shaped by cloud computing, SaaS delivery models, and on-demand scalability.

In 2015, organisations typically purchased software outright or acquired long-term licences based on devices, users, or installations. These models implied ownership even though legally it was still a licence. Software was purchased once, installed locally, and controlled entirely by the organisation. The move to cloud-native solutions and SaaS changed this dynamic. Instead of owning software, businesses now pay for access, often through subscription or consumption-based models. Even the terminology has changed – when I developed this type of solution, they were typically called Web Applications or Application Service Provisioning. That was many years ago, and the technology has evolved dramatically.

SaaS providers introduced a shift toward monthly or annual subscriptions, bundling maintenance, updates, and support into a recurring fee. This replaced unpredictable upgrade cycles with predictable operating costs. More recently, licensing has become increasingly usage-sensitive.

New Metrics, New Challenges

Organisations are now also charged based on metrics such as:

• Storage capacity used – charges based on data stored across cloud platforms

• API calls made – licensing tied to application integrations and external access

• Per feature with Attribute-Based Access Control

• Transactions processed

• AI inference or compute time consumed

This granular licensing aligns better with real-world value delivery, but also introduces new complexities in forecasting, budgeting, and compliance.

The End of Traditional Licensing Models

Cloud platforms make it harder to define clear per-device or per-site boundaries. Software can be accessed from anywhere, by anyone with credentials, across distributed and hybrid environments. The familiar models of per-CPU, per-installation, or per-location licensing have largely become obsolete, replaced by identity- and activity-based access control mechanisms embedded into cloud platforms.

Vendors no longer rely solely on trust or retrospective audits. Instead, they embed telemetry and real-time usage tracking into SaaS platforms, allowing precise billing and dynamic licence enforcement. This shift increases transparency — but also reduces flexibility for internal teams, who must now manage licences in real time rather than periodically.

SAM Must Evolve or Fail

Traditional SAM tools were designed for on-premise environments. As licensing moved to the cloud, organisations had to rethink SAM entirely and new priorities emerged:

• Integration with cloud cost management software

• Monitoring shadow IT and SaaS

• Automating licence optimisation

• Ensuring compliance across federated identities and multiple cloud tenants

Licensing is no longer just a procurement concern, it’s an operational, financial, and governance issue. As AI services, platform modularity, and API monetisation expand, licensing models will likely become even more dynamic and fine-grained. Organisations must shift from static compliance checks to continuous licence awareness, integrated with broader governance, risk, and cost management strategies.

HAM in the Age of Mobility and BYOD

A decade ago, HAM was often about tracking desktops, laptops, and servers across physical offices. Today, device lifecycles are shorter, mobile and remote hardware dominates, and Bring Your Own Device (BYOD) models blur the lines of asset ownership. Modern HAM must now integrate with endpoint management tools, support remote provisioning, and align with security and data governance policies. Like SAM, it has evolved from an inventory task to a core enabler of operational control.

Lessons from 2015 – Revisited with 2025 Clarity

Back in 2015, I explored various aspects of HAM and SAM through a series of articles, following the completion of several different asset management related projects over several years. While the landscape has evolved dramatically, many of the core themes still hold true, particularly for organisations at earlier stages of maturity. Here is a look at what I wrote then, and how it still applies today:

• HAM and SAM project considerations (8^th January 2015) – This article highlights important considerations for selecting appropriate Hardware Asset Management (HAM) and Software Asset Management (SAM) solutions. It emphasizes that the most popular vendor offerings aren’t always the best fit for every organisation, particularly if integration becomes costly or difficult. Ultimately, aligning chosen solutions with organisational requirements, capabilities, and strategic objectives helps ensure successful, efficient, and cost-effective asset management implementation.

• The Complexity of Software Licensing (12^th January 2015) – this article explores the ongoing confusion surrounding software licensing and the risks it poses to organisations and their leadership. Despite years of discussion, many still fail to grasp that software is licensed, not owned. Licensing models vary widely between vendors and products, making compliance complex. Poor oversight can lead to legal penalties, reputational harm, and even personal liability for directors. Effective licensing governance is positioned not merely as an IT task but as a strategic, executive-level responsibility.

• Understanding Software Licensing Models (19^th January 2015) – this article provides an overview of common software licensing models used by vendors, including per-user, per-installation, concurrent, site-based, processor-based, freeware, shareware, and open-source licences. It also explores emerging cloud-era models such as per-feature, per-space, per-bandwidth, and usage-based pricing.

• Inside the Chaos of Licence Mismanagement (26^th January 2015>) – this article explores how unlicensed software often becomes embedded in organisations due to a mix of chaos, ignorance, and weak controls. It outlines common causes, including unrestricted administrator access, lack of defined processes, and ineffective vendor enforcement. The piece argues that without proactive Software Asset Management (SAM), unlicensed software can accumulate unnoticed, creating compliance and legal risks. It recommends a dual approach: tactical clean-up of existing issues and strategic implementation of long-term controls.

• Eliminating Unnecessary Software Licence Costs (2^nd February 2015) – this article explores how organisations can reduce unnecessary software licensing costs by identifying and eliminating inefficiencies. It highlights common issues such as maintaining licences for former employees, renewing support contracts without reviewing actual usage, and over-deployment of software that may trigger costly vendor audits.

• IT Asset Accuracy (10^th February 2015) – this article highlights the frequent inaccuracy of SAM and HAM data in organisations and the risks of accepting 90% accuracy as sufficient. It draws a parallel with financial systems, where precision is mandatory, and argues the same standard should apply to IT asset data. The consequences of poor asset data include undetected software misuse, missing hardware, unpatched vulnerabilities, unnecessary support costs, and licence compliance issues, making accuracy critical for effective risk management and security.

• Strategic Drivers for SAM and HAM (24^th February 2015) – this article outlines key reasons why organisations implement SAM and HAM, including security assurance, licence compliance, asset valuation, audit readiness, and cost allocation. It emphasises the need for accurate inventories to support patching and governance activities.

• SAM and HAM depend on your data (1^st March 2015) – this article explores why SAM and HAM initiatives often fail: not because of the tools chosen, but due to poor or missing data. It explains that the effectiveness of any asset management solution relies on the availability and quality of data already within the organisation. Drawing on real-world project recovery experiences, it lists common data sources and emphasises the need to access and analyse this information early. The article closes by discouraging premature software purchases.

• Stakeholder Engagement with HAM and SAM (15^th March 2015) – this article addresses the problem of data silos in organisations where different teams manage assets independently. It explains that disconnected systems and assumptions of data completeness often lead to fragmentation and errors. To succeed, SAM and HAM systems must become the central source of truth. Stakeholder involvement, communication, and alignment of local requirements are crucial to prevent the new system from becoming just another unused tool.

• Improving Software Purchasing Decisions (18^th March 2015) – this article focuses on avoiding costly mistakes in software procurement. It warns against solutions that require unexpected consultancy or custom development to meet basic expectations. Buyers are encouraged to evaluate whether a product functions effectively out of the box, whether integration with existing systems is included, and how much customisation is really needed.

• Inadequate SAM during Mergers & Acquisitions (27^th March 2015) – this article explains the risks of neglecting SAM in mergers and acquisitions. While financial and legal due diligence is common, software licence management is often overlooked, leading to compliance gaps, unexpected costs, and integration problems. The article outlines key questions to ask before finalising a deal and encourages proactive vendor dialogue. It argues that IT due diligence must become a standard practice in M&A to protect business value, especially as licensing models and software landscapes evolve.

• Application Whitelisting (9^th September 2017) – application whitelisting is a proactive security control that enforces a deny-by-default approach. Only approved software can run, everything else is blocked. This article explains how whitelisting significantly reduces risk from malware and unauthorised software usage. With proper planning and ongoing oversight, application whitelisting becomes a powerful tool for improving control, visibility, and resilience across the enterprise.

• Practical Steps to Improve Software Management (16^th September 2017) – effective Software Asset Management (SAM) is essential for maintaining control, ensuring compliance, and maximising value from software investments. This article outlines practical steps organisations can take to manage software more effectively, from maintaining an accurate inventory and enforcing licensing controls to reducing support costs and avoiding unnecessary project spend.

• Mixed Enthusiasm for Cost Avoidance (23^rd September 2017) – this article explores the often-overlooked value of cost avoidance, using a software licence audit as an example. By identifying unused installations and reducing the need for additional licences, the business avoided £250,000 in future expenditure. However, the immediate £50,000 cost to achieve compliance overshadowed the invisible savings, drawing more attention and scrutiny. The piece highlights how visible costs often provoke stronger reactions than hidden savings – an insight that applies beyond software licensing to many areas of business decision-making.

• Governing Hardware Assets (17^th December 2019) – This article outlines the essential principles of effective hardware asset management. It explains how maintaining an accurate inventory, tracking new and portable devices, and ensuring proper ownership records are fundamental to both operational security and business efficiency. By choosing the right management tools and maintaining up-to-date asset valuations, organisations can support troubleshooting, streamline refresh projects, and strengthen governance.

The Strategic Future of HAM and SAM

A decade ago, asset management was often viewed as a supporting task. Today, it is at the heart of digital governance, security, and operational efficiency. Whether you’re revisiting these topics or addressing them for the first time, HAM and SAM are no longer optional disciplines, they are strategic enablers in a world where technology is both everywhere and always on.

Reflecting on a decade of transformation, it’s clear that SAM and HAM have matured into essential governance tools. As AI and platform modularity introduce further complexity, success will depend on continuous awareness, collaboration across teams, and strategic alignment. The journey continues – but the foundations are stronger than ever.

Essential Hardware Asset Management (HAM) points include:

• Maintain an accurate inventory of hardware. Having a definitive list of hardware assets belonging to your business will allow you to identify rogue devices connected to the network quickly.

• Identify new assets connected to the network. Capturing data about new assets helps maintain an accurate inventory and helps identify rogue devices.

• Maintain ownership and responsibility records for portable hardware assets, including tablets, laptops and mobile telephones.

• Choose the right hardware asset management product to fit your environment. Ensure that the solution works within your technology ecosystem rather than falling into the trap of purchasing and installing a new platform and technologies.

• Maintain accurate asset valuations for account purposes. An up to date asset register with purchasing information will allow you to generate a current valuation reporting factoring in asset disposal and depreciation. Quickly identify candidates for any hardware refresh projects.

• Maintain an active support database. Accurate information about each hardware asset, including software installations, will support any troubleshooting activities.

Avoiding the need to spend money in the future isn’t always something to write home about. This software licence audit illustrates how we saved £250,000 in future expenditure – but it resulted in an overall lack of enthusiasm.

• A software package costs £200 per licence. An audit shows that there are 2000 installations – a total cost of £400,000 in software licences.

• An audit of purchasing records shows the purchase of only 500 licences.

• The business has already spent £100,000 on licences, and to be fully compliant, an additional £300,000 of expenditure is required.

• However, an audit of software usage shows that only 750 need to use this software package.

• After removing software no longer needed, the business needs an additional 250 licences – reducing the additional licence cost from £300,000 to £50,000.

• Removal of 1,250 unnecessary software installations has reduced future expenditure by £250,000.

As auditors, we can be enthusiastic about:

• Saving the company £250,000

• Reducing the commercial risks associated with unlicensed software

However, others’ enthusiasm wanes because:

• An immediate expense of £50,000 is required.

• The £250,000 was never actually spent, so it is not returning to any budget.

• Nobody knew about the £250,000 risk exposure, so it is easily forgotten.

• No further action is required on the £250,000 saving, whereas the £50,000 expenditure will no doubt require approval and be visible at C-suite and director level.

• When considering the cost benefits associated with the audit, the identified need to spend £50,000 is something memorable, not the £250,000 saving.

While this example focuses on software licensing, the same logic applies across many other areas: invisible savings often go unnoticed, while visible costs trigger concern.

Software Asset Management (SAM) is more than just a software licensing exercise – it is about maintaining control, reducing risk, and maximising value from your software investments. Effective SAM practices help organisations avoid compliance issues, reduce unnecessary costs, and improve operational efficiency. The following key points provide a practical foundation for managing software assets with confidence.

• Maintain an accurate inventory of authorised software. Knowing what is allowed makes identifying and removing unauthorised software installations more manageable.

• Ensure that all your software is correctly licensed. Avoid unnecessary purchasing of software licences by limiting usage based on job roles. Reconcile software purchases with software usage.

• Maintain control over who can install software packages. Avoid ad hoc software installations and proliferation to reduce licence exposure and cyber threats.

• Ensure that authorised software is up to date and supported by vendors. Reduce exploitable software vulnerabilities.

• Segregate business-critical software from other lower priority systems. Avoid less important systems from impacting the business.

• Keep control of software support costs. Accurate information about software usage contributes to avoiding excessively priced support contracts.

• Choose the right product to fit your business environment. Ensure the solution works with existing platforms and operating systems, and the software works out of the box or with minimum configuration. Avoid the trap of buying software and then paying expensive project and development costs to make it fit for purpose.

Good SAM practices create a more stable, secure, and cost-effective IT environment. By actively managing software across its lifecycle, from procurement to retirement, organisations can minimise risk, reduce waste, and better align IT with business objectives. A little discipline in this area can go a long way toward supporting compliance, security, and more effective IT spend.