IT asset management (ITAM) is an IT and business capability that can help to ensure that your IT estate stays under control, is appropriately licensed, and is in a position to enable your business – rather than it be a source of risk. But all too often it’s overlooked as a “must do” set of IT and business practices – leaving it in the “nice to do” pile that never gets touched.
However, done well, ITAM can save you money, make your other IT service management (ITSM) processes more efficient, as well as saving considerable pain during software-audit time. To help you raise ITAM’s profile and make it an IT and business priority, here are five tips that will help.
1. Get senior management buy in
ITAM is something that needs the support of your senior management team so think really hard about their, and the business’, current needs and challenges. And then how ITAM will help them (with these).
This might be software compliance and the associated need for focused risk management. If so, communicate the magnitude of the risk, in terms of underpaying for software and the potential fines, to the board so that you can start to get support and buy in.
Or are your software costs spiraling out of control? If so, talk about how ITAM can enable the IT department to better understand where software is installed and licensed including where software has been deployed and is not being used. Agree a policy whereby, if a piece of software has not been used for 90 days for example, it’s uninstalled (from its current device) and that license is redeployed to someone else who needs it. This will save both time and money – as re-harvesting licenses means that there’s no need to purchase new ones (which incurs admin costs as well as the license costs).
Or are incidents and requests taking too long to progress (with the associated impact on employee productivity and business operations)? IT issues aren’t just about the hardware and software in isolation, causal factors can also be related to compatibility, availability, or performance to name just a few. Having a strong ITAM capability in place can help service desk analysts to identify conflicts between certain applications and/or devices, or flag unauthorized software that is known to cause issues.
2. Work with support teams
Your support teams can become a major point of asset control, so play nicely and position ITAM as something that will make their life easier (instead of the prospect of ITAM-related red tape).
Look at how software is currently installed and investigate if software can instead be deployed from one central source – such as a secure installation server. Having one source of the software for deployments means that only authorized, licensed, and appropriate software is deployed. Which makes life easier for support teams as, instead of having to worry about multiple installation media (including USB keys or flash drives), they simply have to navigate to one area on the network.
3. Look for recent business pain points
Has your organization had to financially settle at a recent software audit? Should the organization be aware of, and be worried about, under licensing for a key piece of business software? Or is a specific project costing more than expected due to the rapidly rising software costs? If so, start here and build your ITAM case.
Of course, there could be many other areas of cost, risk, and ultimately pain that could be causing your organization issues. The important thing to understand is that if you start with your biggest area of exposure, or your costliest piece of software, then you will be able to make a visible impact (with ITAM) and quickly.
4. Deal in GRC
That’s governance, risk, and compliance.
Look at what your organization already has in place, so you can build on it to strengthen your ITAM offering.
Things that GRC could help support your ITAM initiative with include:
- Focus – being able to explain what legal and regulatory requirements the organization is subject to
- Goal setting – establishing specific goals and targets for ITAM including scope and what areas (of new or improved activity) need to be prioritized
- Communication and education – explaining ITAM policies in business language to new hires, as well as refresher training for anyone dealing with asset procurement and use on a regular basis
- Internal audits – with the dual purpose of “keeping everyone honest” as well as preparing for external, vendor-driven audits.
5. Leverage focused ITAM reports
At any given time, your organization should be able to report on what software is installed in your IT environment, how it is being used, and have appropriate proof of licensing.
Some commonly used reports to help demonstrate this include:
- All software assets relating to a specific service
- All deployed versions of a particular piece of software
- Which departments are using a particular piece of software
- Proof of license
- Assets that are offline
- Assets that have recently been retired
- Assets that have been offline for more than three weeks
If your organization is not able to run routine reports to confirm the licensing state of its infrastructure, it will most likely be vulnerable come audit time.
Reporting can sometimes have a reputation for being time consuming or onerous but, if you start with the basics, you should be able to get a handle on your environment without spending days at a time on spreadsheets and pivot tables (come on, who doesn’t love a good pivot table?).
Start with installed instances of software versus available licenses and go from there. You can always build in more complexity over time But, if you have a solid foundation, you will always be able to swiftly respond to an audit request, or management query, when needed.
How have you made ITAM a priority in your organization? Please let us know in the comments!