Many of you who are CIOs and IT directors will be aware of IT asset management (ITAM) as a constant niggle in the back of your mind. You know that poor IT asset management exposes your organisation to signiﬁcant risks, some of which, such as a vendor licensing audit or loss of an unencrypted laptop, can have such an explosive impact that jobs could be on the line.
The problem is that ITAM risks tend to be relatively low probability. So, although you know you should be doing something about them, real action constantly slips down the agenda as other, higher priority risks move to the front of the queue. Many of you reading this article undoubtedly see ITAM, and its more specialist relative, software asset management (SAM), as necessary evils that you just wish would go away.
The core of the problem is that IT service management in general, and indeed the ITAM industry itself, sees ITAM as fundamentally administrative - it secures and tracks existing assets, identiﬁes and manages existing risks, and tries to minimise the costs and maximise the ROI of existing assets. The result is that IT asset managers spend their time ﬁre-ﬁghting issues that have their origin in the dim and distant past, where the root cause is poor solutions and process design.
Even when IT asset managers think they are being proactive - for instance, doing an internal review of software compliance to identify any risks prior to a vendor audit - not only are they the bearers of bad tidings (never a popular role), but they are still fundamentally reacting to historical issues that, because they are ‘baked in’ to your IT systems and services, can be ﬁendishly difficult to resolve.
Many of you will have had the frustrating experience of being forced to spend your way out of trouble by, for instance, buying a new set of software licenses, as the alternative would be to rebuild the underlying solution so the software installed matches the licenses you actually bought all those years ago. Truly proactive ITAM means engaging while solutions are still on the drawing board.
It can be annoying at times, but a good IT asset manager will poke their nose into activities that do not obviously concern them, such as programme and project approval boards and technical design committees. Their aim is to identify and mitigate ITAM risks BEFORE the technology is deployed as well as to ensure that projects and solutions ‘bake in’ the necessary processes and tools that ensure IT assets can be managed effectively throughout their lifecycle.
IT asset managers need to develop an ethos of ‘ITAM by design’, where an ITAM assessment is completed for every project and solutions design that creates a transition plan to allow new IT assets to be transitioned into business-as-usual (BAU) ITAM for ongoing management.
To be clear: no solution or project should be given the go ahead without an ITAM assessment and transition plan that documents the tools and processes required to ensure that assets can be managed and how these will be implemented in BAU. But ITAM needs to go further than that: projects should only be approved when there is budget and resource in place to implement an ‘ITAM work stream’, and solutions designs should be rejected if they do not include the deployment and conﬁguration of management tool sets to meet ITAM needs.
The business case for inserting ITAM into the service design stage of the service management lifecycle may be difficult to make - it is far easier to build a business case for improving ITAM after the event when the aftershocks are still apparent to everyone. However, organisations that aren’t willing to make this shift will ﬁnd they are storing up trouble for themselves in the future, particularly as the increasing complexity of our cloudy world makes it ever more difficult to retro-ﬁt poor solution designs so the assets can be managed effectively.
Kylie Fowler is the founder and principal consultant of ITAM Intelligence and has extensive experience creating responsive and compliant IT asset management frameworks. Kylie is convenor of the UK SAM Networking Group, part of the BCS Conﬁguration Management Specialist Group, is a regular invited speaker at industry events and has published a number of thought leading articles.