Auditing desktop applications ...even if distributed via SOFTGRID
Derek Melber. Internal Auditing. Boston: May/Jun 2007. Vol. 22, Iss. 3; pg. 42, 2 pgs
Abstract (Summary)
Almost every company is up against the wall when it comes to controlling desktop applications -- licensing, auditing, and maintenance. With new technologies like SoftGrid from Microsoft, all of these procedures are made easier, including the auditing of these applications. SoftGrid is designed to run applications virtually, but with that virtualization, delivery, and management comes the ability to track nearly anything regarding the application that is desired. Application auditing is not the most fun task in the world, that is for sure. However, with SoftGrid, the solutions for auditing and controlling software are more plentiful and useful. SoftGrid can ensure that license compliance is met and will trigger a notification if the company is out of compliance.
Almost every company is up against the wall when it comes to controlling desktop applications. The control that I am talking about is the licensing, auditing, and maintenance of these applications. Even though a company needs these applications to generate revenue, it seems like there should be easier methods to control the applications, from deployment through maintenance. With new technologies like SoftGrid from Microsoft, all of these procedures are made easier, including the auditing of these applications. In an ideal world, the audit mechanism should help or cure licensing compliancy, restrict illegal copying of the applications, and provide robust reporting and analysis of each application. SoftGrid provides a mechanism to solve all of these issues and needs.
The state of the union
Most companies today are scrambling every day to ensure that they are in compliance with software licensing and that the software the company owns is not being illegally copied and taken out of the company. Sure, vendors are taking extra precautions to help restrict these actions, but each step the vendor takes to restrict the application from piracy means one more step in the direction of making the application too complex to operate or maintain.
If your company runs a small to medium Windows network today, you are fully aware of the pain that is required to audit the applications that are running on the desktops in the organization. With such a dynamic array of desktop images and installations, every desktop must be touched in some way. The touch might be manual if a very small shop, or with some reporting mechanism such as SMS or Tivoli. Regardless, these tools provide only an overview of the applications that are installed, leaving a lot of analysis to the administrator or auditor.
May I take your order please?
When it comes to applications, licenses, auditing, and the like, there are plenty of ideal situations that we would like to see. However, instead of thinking about the future and what could be if we had a magic wand, what are some auditing and reporting attributes that seem realistic?
First, there needs to be some mechanism in place to report back which applications are installed and have that compared to the licenses that are available today. The result of this should be some report, e-mail, flag, message box, or the like that pinpoints which applications are out of license compliancy.
Second, the applications need to be protected in some fashion so that standard users cannot just copy them to a USB or external hard drive and take them home. This has gotten better, but there are still some applications, many of them very expensive, that allow this behavior.
Third, it would be nice to know which applications are actually being used. If a user has not used an application in two years, chances are good that the application will not be used for another two years. In these cases, where an application is not being utilized but a license is being paid for yearly, it would be nice to recoup that cost of the application by uninstalling it and stopping payment on that license.
Can you be successful today?
If you dissect the three desires above and apply the concepts to your environment today, does your company measure up and provide these capabilities? Even if you say "yes" or "sort of," I encourage you to read on. There are technologies that will make these tasks easier.
With regard to your company's capability to tackle the first issue above, how well do you know which applications have been installed? Not just "we pushed them out through Group Policy" and hope they are installed, but are actually installed by the end user. Then, how well do you compare the install base to the licensing compliance? If a company does well at any point, this is the point that shines most of the time.
With regard to the second point, pirating applications from work to the rest of the world, how do you measure up? This is extremely difficult to manage and monitor, as some applications can just be copied and moved from point to point. If there is a mechanism in place at your company for this, most likely you have already purchased a high-end application to control such acts.
Finally, do you have any metrics on how often the installed applications are utilized today? If so, I know for a fact that you have spent some "bank" to get this capability. This data is not easy to obtain and is even harder to analyze.
SoftGrid to the rescue!
Of course, with a buildup like this, it is no surprise that SoftGrid can do all of these tasks with ease. SoftGrid is designed to run applications virtually, but with that virtualization, delivery, and management comes the ability to track nearly anything regarding the application that is desired.
First, each application is controlled centrally by the SoftGrid server, so all applications are monitored as they are downloaded and installed. The SoftGrid server can monitor the state of the installed application, indicating the percentage of the application that has been downloaded so far. This is key, as some users might begin the download, start to use the application, then have to leave the network before the entire package is complete. Since every application is controlled through the SoftGrid server, it is easy to check the installed applications to the available licenses. If the licenses are surpassed by the installs, the system can be configured to trigger a notification to the administrators that they are out of compliance.
Secondly, each packaged application on the SoftGrid server has an Access Control List (ACL) associated with it. This controls the use of the application, not only denying anyone from using the application if they are not granted access, but certainly denying them from copying the application for use off of the network.
Finally, SoftGrid is constantly gathering information about the use of the application. Reports can be gathered and generated based on each application, each user and the applications being used, and server usage of the applications. If it is specific application metrics that are desired, the SoftGrid reporting can track start and end times, as well as session duration per application and user.
Conclusion
Application auditing is not the most fun task in the world, that is for sure. Part of the problem with application auditing is that there are no great solutions for the tasks that need to be performed. License compliancy is really just a portion of what needs to be evaluated, and it is not all that elaborate with solutions today. However, with SoftGrid, the solutions for auditing and controlling software are more plentiful and useful.
SoftGrid can ensure that license compliance is met and will trigger a notification if the company is out of compliance. Piracy of applications is no longer an issue, as SoftGrid can control who uses the applications, whether on the network or off. SoftGrid also reports on nearly any metric that is desired to control whether the application is being used or not. Unused applications can save a company thousands of dollars, as the license can be cancelled and the application can be uninstalled. With SoftGrid, the entire world of application installation, control, management, and auditing will be turned upside down.
No comments:
Post a Comment