“…But We’re Already Doing That!” – Finding the Core Asset Portfolio
By Daniel Anderson, Accenture
“…But we’re already doing that!” is one of the most common phrases I hear from clients during ITAM proposals and workshops. Over the 15 years I’ve worked as a practitioner and as a consultant in the IT Asset Management space, I’ve discussed ITAM concepts with hundreds of ITAM professionals, IT leaders and operations managers, from small and medium companies to Fortune-50 level enterprises. I’ll wrap up my presentation, and inevitably someone in the room will point out that what I’m saying makes sense, but they’ve already figured out all of those things on their own, yet they haven’t achieved the results they’re looking for.
To an extent, they’re right. Procurement teams understand that they need to structure license agreements to match the demand for software. IT Operations managers want to utilize HW and SW assets effectively and manage changes to the environment in compliance with licenses. ITAM practitioners know that effective ITAM requires both processes and tools. Yet, companies still pay millions of dollars in software true-ups, and they over-purchase hardware and lose visibility to the hardware they already own. If these ideas are so straightforward, if everybody really is doing them, why can’t companies manage all their assets effectively?
The Software Conundrum
The reality of the situation is more complex. While ITAM concepts themselves may be simple, effective implementation of those processes across the enterprise requires significant investments in both technology and resource time. When I ask questions around the scope of assets that the organization manages or the specific license models that it covers with SAM processes, I usually find that while the organization may understand the concepts and may be effectively addressing certain types of assets, those capabilities are limited to specific use cases or products.
Procurement organizations in particular are susceptible to thinking that the ability to develop information on a one-off basis equates to having effective control over hardware or software. The nature of Procurement activities is event-driven, so those teams see asset management through the lens of purchases and contract renewal rather than the day-to-day activities that occur while an asset or license is in use. ITAM and Operations teams can have similar blind spots around their understanding of license terms as well as their ability to maintain visibility to assets across the entire organization.
Obviously, any time there is a control or an information gap, there are risks both in terms of compliance and potential loss of assets. While certain software may be covered by robust tools and processes, other license types may not be adequately addressed by those capabilities, leading to noncompliance risks. Beyond those obvious risks, these gaps also lead to unnecessary expense and effort to gather the required information to make lifecycle decisions. While an organization may be able to determine demand for a product to support a contract renewal decision on a one-off basis, organizations which approach demand on an event-by-event basis will typically spend significantly more time and effort to gather usage information and develop demand models than those which design those capabilities into their day-to-day asset operations. Leading ITAM organizations have built the ability to manage their full asset portfolio across groups and lifecycle events.
The Non-Equality of Assets
This is not to say that all assets should be treated equally. The scope around which assets to manage and to what extent to focus on a given asset class are business decisions that should be based on a solid business case to show that ITAM activities are delivering value to the organization. ITAM organizations need to determine which types of hardware and software justify the investment of resources to actively manage them and which ones only support a lower level of management. Obviously, an organization wouldn’t manage spare keyboards to the same level as new laptops. Likewise, organizations will get much greater benefits from focusing their SAM capabilities on core enterprise software than on low-cost individual purchases.
ITAM Tier | Tier 4 | Tier 3 | Tier 2 | Tier 1 |
---|---|---|---|---|
Increasing Level of Management | ||||
Key Asset Characteristics | Low cost, minimal risk, investment to track exceeds cost of not tracking | Low cost, non-strategic assets, some compliance risk/other information requirement which justifies tracking | Low/medium risk assets, medium organizational investment | Strategic assets, significant compliance or organizational risk, significant risk of loss or theft |
Hardware Examples | Consumables (mice, cables, etc) | Monitors, portable storage | Data center assets | Laptops, critical infrastructure assets |
Software Examples | None | Open source, low-cost software licenses covered by existing discovery | Non-strategic software licenses covered by maintenance agreements | Key enterprise license agreements, high-spend vendors, high audit-risk vendors |
Figure 1: Which Asset Types to Manage at What Management Level
One point to make about assigning asset types into tiers is that ITAM organizations need to look beyond an ITAM-only view of asset importance. While data center assets may not require the same level of attention from an ITAM team as laptops from a loss/theft perspective, operational requirements from the Configuration Management function or the need to track virtualized server instances against underlying hardware may create a need to manage a server as a Tier 1 asset.
At the same time, even for non-strategic asset types and license models, organizations need to maintain some level of capability. While hardware can certainly create risk, software in particular can create non-compliance risks, especially unique license types and software used by specific teams outside the day-to-day view of ITAM teams. Organizations need to ensure that they have a minimum level of visibility and ongoing control for all in-scope assets, regardless of where they’re used in an organization.
The asset types important to manage require ongoing ITAM capabilities, not just visibility at specific lifecycle events. For each of those assets, the organization needs to have comprehensive controls appropriate for that hardware or license model. Obviously, the core control processes and information attributes deliver the information required to control assets, but organizations that want to optimize their portfolio also need to understand how assets are actually used. Moving beyond location and installed/not installed to knowledge about productive usage allows an ITAM team not only to quickly identify and remediate exception conditions, but also to use that knowledge to identify opportunities to reduce spend without impacting productivity. Those potential benefits make up a key component of the overall business case for ITAM.
Process Maintenance
The other area often overlooked by organizations is the ongoing maintenance of their ITAM capabilities. The processes and tools that were once mature degrade over time as hardware and software environments evolve, as information requirements change, and in response to organizational changes and shifts in strategy. New asset classes such as BYOD will change use cases and may require new discovery sources and ITAM process integrations. Demand models and licensing strategies may change in response to new initiatives, regulatory changes, or overall business shifts. As the business case changes for managing specific types of assets, it is critical that the ITAM organization recognizes that that business case has shifted and adjusts the allocation of resources and attention accordingly.
Leading organizations recognize the critical need to build an ongoing process aimed at understanding which assets justify the greatest ITAM investment, whether from a risk, cost, or strategy perspective. They align their processes to provide the deepest level of understanding of those key assets across the organization, moving beyond control to knowledge about how assets are used to help identify where the organization can improve asset investment decisions. Finally, they track the business case and KPIs for managing those asset types, both to demonstrate the value that the ITAM function provides to the organization and to guide the strategic direction of the ITAM capability.
The Core Asset Portfolio
Organizations might “do all those things already” on a case-by-case basis. Organizations that can consistently and comprehensively manage their core asset portfolio in a manner supported by a clear business case will deliver control and cost savings, and will deliver optimization of not only the asset portfolio, but of the ITAM function itself.