Why Cloud Services are an Asset
In various quarters I’ve heard and occasionally read a number of comments about the discipline of asset management as being incongruent with cloud services.
That view appears based on some misconceptions about what an asset is, and oriented to cloud services being subscribed to (rented) and not owned. Taking this one step further …. The concept that software licensed perpetually is owned lacks foundation. What is acquired in the case of perpetual licensing is not the software itself, but a perpetual right to use the software. The acquisition of a subscription license is also the acquisition of a right to use (entitlement) the software or software service, thus consistent with perpetual licensing but limited by time.
Cloud subscriptions are assets?
ISO/IEC 19770-5 Information technology — IT Asset Management — Overview and Vocabulary (available free* from here) addresses this misconception, and defines an asset as ‘item, thing, or entity that has potential or actual value to an organization’
Thus by definition ownership, the the perception of ownership, or CAPEX expenditure is NOT a pre-requisite of an item being considered to be an asset. In reality a cloud subscription that is put to use should deliver actual value to the organization, and within the scope of asset management should be managed. Unused cloud subscriptions have the potential to deliver value to the organization – thus despite the waste and unproductive expense they create these should be managed as assets.
Cloud Services Within the Remit of SAM
ISO/IEC 19770-5 defines
- Software as ‘all or part of the programs, procedures, rules, and associated documentation of an information processing system’, and
- Software Asset Management as ‘control and protection of software and related assets within an organization, and control and protection of information about related assets which are needed in order to control and protect software assets’
Accordingly, we may conclude that any cloud service which incorporates software should fall within the remit of SAM.
Are there any scenarios where this may not be the case? Only where the service being delivered is devoid of any software, and in no way may enable software to be run on the service. Are you thinking of an example of this type of instance? There may well be a use case for cloud services that justifies this type of instance but I’d suggest the vast majority incorporate or enable software. Thus the scope of SAM ought to include cloud services.
The management and monitoring of asset utilization, being a core component of SAM, lends itself well to the discipline required to managed consumption of cloud services – managing out SaaS shelfware, plus toxic consumption of PaaS and IaaS. As organizations adopt more and more online services, with the growth of associated expenditure and potential vulnerabilities, the case for investing in SAM discipline and capabilities grows.
Those organizations who’ve built a SAM function are potentially well placed to tackle the cloud consumption challenge.
Happy Thanksgiving to all those celebrating in the US this week.
* The family of ISO/IEC 19770 standards currently published exists in 5 parts, of which ‘dash 5’ is available without charge, the family of standards is visible here