IT asset management (ITAM) is the capability, or set of processes, that can really help your organization to get a better handle on what IT assets have been installed in, or are used by, your business. Done well it can save you money, decrease request fulfillment times, drive efficiency, and mitigate risk. It can also be the difference between meeting your legal and regulatory requirements and audit failures, fines, and all manner of bad stuff that non-compliance brings with it.
However, sometimes getting a handle on the possibilities, and needs, of ITAM can seem daunting. So, here are five quick tips for getting started – it’s time to get your ITAM on.
1. Figure Out Your Risk
IT hardware and software, and now cloud services, are used across your organization – so the scope for risk is across your entire business. But who is managing that risk and your organization’s exposure? You might find that it’s a finance or procurement responsibility right now (as they often order and pay for assets respectively) or you might find that the only thing known is the result of a previous IT software vendor audit and the financial consequences.
When getting a handle on risk, here are some specific things to think about that starts to look at both the state of past issues and those that might be building up for the future:
- Documentation and results from previous audits – be warned, depending on the size of your organization, you might need to ask a number of people for the results from previous audits. Were there any findings or observations? Is your organization still at risk?
- Fines or extra reconciliation activity from software vendors – and not only this, has the appropriate remedial activity been carried out? You might find this a better place to start your hunt for documentation. Plus, is your organization still at risk?
- Receipts and other documentation from the finance and procurement departments – this will help you to get a handle on ITAM spending over time. Is the purchased and licensed software in the same ballpark as known, or likely, installations or is your organization likely to be at risk?
- Hardware disposal practices – is your hardware being disposed of through the correct channels? Has the hard drive been wiped to prevent sensitive data from being shared and to allow software to be reused? Can any of the hardware components be recycled or donated to charity?
- Incidents related to licensing – how much time is wasted due to either being under-licensed or not having the appropriate tools in place to grant licenses quickly when needed? Plus, service requests related to new software and hardware to help you understand business need.
- Concerns about being under-licensed for mission-critical software – again, is your organization likely to be at risk?
- Are project costs increasing due to ITAM costs – for instance, is there potentially a process breakdown such that large volumes of hardware and software are introduced without appropriate controls and checks and balances?
Questioning these areas will not only help you to understand the levels of ITAM-related risk but also start to define the existing levels of asset-related documentation and control.
2. Lock Down Your ITAM Scope
If you start with your biggest area of exposure, or your costliest pieces of software then you’ll be able to make a visible impact and quickly.
Hence, when considering your ITAM starting point, take a look at:
- The top 10 software vendors by spend
- The top 10 hardware vendors by spend
- The most strategically important software to your business – anything that’s mission-critical or something that your business couldn’t function without
- Any software that’s due, or likely, to be audited in the near future
- ITAM assets that are known to have a complicated licensing structure
The reality is that every organization will have different objectives and the associated approach to risk management. So, when getting started you’ll need to get a clear understanding of your organization’s primary focus for ITAM. Is it to reduce costs? Mitigate risk? Fix things quickly after a suboptimal audit? Ask these questions to senior stakeholders and then tailor your ITAM scope accordingly.
Importantly, it’s critical to lock down your ITAM scope – or the initial scope – at the outset in order to ensure that a focus can be maintained on what’s most important (to your organization).
3. Look at What ITAM Capabilities and Activities Your Organization Already Has in Place
As per our blog intro, getting an effective ITAM capability off the ground can seem like a daunting task – but you don’t have to do it alone. There will likely already be elements of ITAM being undertaken within your organization, even if those doing it don’t realize that it’s ITAM.
It’s also good to look at what your organization has in place already to avoid duplication and rework, and possibly confusion.
Signs of existing ITAM capabilities to look out for include:
- Does your IT service desk have a request fulfillment process to manage requests for new hardware and software?
- Do your support teams have network discovery software or deployment software for deploying patches and antivirus updates to your estate?
- Do your support teams use asset tags to keep track of IT equipment?
- Do your finance and/or procurement teams have an IT purchasing sub-process?
- Does the IT security team have ITAM-related training and awareness material you can use?
4. Build a DML
One of the easiest ways to get a handle on the software being deployed within your organization is to ensure that it’s installed from one central source i.e. your definitive media library (DML).
Put simply, your DML is one or more locations where the definitive, authorized, and safe versions of all software assets are securely stored.
Work with your technical teams to only install software from your DML. It will benefit everyone – from ensuring safer installations to greater control, and multiple installation points and CDs/USB sticks being scattered around the organization are a red flag for auditors to keep looking for process weaknesses and non-compliance.
Also, how frustrating is it for technical analysts during a software install when halfway through the installation a license prompt appears and they don’t have the licensing information at hand.
Using a DML really is a no brainer for organizations.
5. Build a DHS
Your DML deals with software. On the other side of the coin is your definitive hardware store (DHS) that deals with hardware.
Your DHS is a secure location where business-standard hardware is stored such that it can be deployed when needed. Having a DHS in place not only ensures that hardware is stored in a secure location, but also that only business-standard hardware is provided to the end user community and that there’s always an appropriate amount of hardware available to meet the needs of the business.
If you’re struggling with how much stock to keep in your DHS, have a look at the service requests figures from the previous year and average out a monthly demand level (taking seasonal peaks into account).
So that’s our 5 tips for getting your ITAM on. If you’ve already succeeded, how did you up your ITAM game? Please let us know in the comments.