Apr 15, 2016 - 04:41 AM
Traditional SAM in its most simplistic terms can be boiled down to two key considerations.
- Are we buying enough software to licence our deployed estate?
- Are we buying too many licences for what we have deployed?
In this scenario, some of the CIs you list above could be included (Airwatch, MDM, maybe even subscriptions for corporate social media accounts). Cert management is a bit of a grey area. In my experience this responsibility lies with the security and IT folks though you could consider it SAM as it is in effect a piece of software.
If you take your SAM responsibilities further then additional CIs may be included. You mention corporate websites. That may depend on who is hosting it and what teechnology it is built upon. So again, your own circumstances will dictate whether you consider this an area that requires SAM involvement or governance.
I believe SAM is about managing risk, controlling cost and obtaining value related to software and its use. SAM is there to highlight software licence risks, opportunities to make savings in software spend and how to get more value from existing and future software contracts. Any CI that influences one of those three areas therefore can be considerd as a CI for SAM.