IT Asset Management or ITAM is a set of practices that allows your organization to manage, control, and protect all IT assets across your estate. If you’re new to ITAM, or simply want to find out more about it, then my A-Z of ITAM below is designed to help you to better understand what it is and how it could benefit your organization’s IT service delivery and support.
Wait don’t go! Audits are scary but stay with me people, if you use software in a corporate environment, then you’ll be audited by software vendors at some point. Licensing compliance requirements aside, you may also have other obligations such as SOX or security frameworks to comply with. So, start as if you were going to be audited tomorrow and build from there. Know how you need to respond to an audit, document your audit processes, and then plan accordingly.
Carry out a baselining exercise so that you know what you have in your environment. Quite simply, if you don’t know what’s out there, then how will you control your IT environment? One piece of advice here – baselining is not a single person operation; it’s much more important to be right rather than fast so take your time at this stage.
Configuration management (called service configuration management in ITIL 4)
ITAM can be a huge enabler for configuration management and vice versa. Configuration management ensures that configuration items (Cis) are labeled correctly, under the control of change management, and are regularly checked and audited. ITAM helps configuration management by identifying service assets and capturing key information so they can be entered into the configuration management system (CMS) or configuration management database (CMDB).
If your ITAM database and CMS are separate databases, then you need to establish a process for sharing information so that you can ensure the relationship between licensed software and the hardware it’s installed on remains correct and up to date.
Definitive Media Library
A definitive media library or DML is a central storage unit for storing and deploying software. Having a DML in place means that only authorized, licensed versions of software are deployed to your end-user base – keeping you in control of your application assets and compliance position.
The End User License Agreement or EULA is a license that gives a user the right to use a software application. EULAs are designed to enforce specific software use limitations, such as only using the software on one computer. By entering into the agreement, the user is given permission to use and benefit from the software. It’s important to read and understand the EULA before signing your life away. If it’s complicated or difficult to understand, then ask someone from your legal department to look at it and translate it into plain English, then add it to your ITAM database or CMS for all to see.
A key part of making ITAM fit for purpose is to make data capturing as easy as possible. So, template your ITAM forms to make it easy for people to consistently capture the right information. Consider having some of the fields made mandatory. Because some assets will be easier to document than others and if you have mandatory fields to cover off the essentials, then you’ll ensure that – at the very least – the asset reference, name, linked service, and support teams are captured.
It’s fair to say that most of us could do with upping our game when it comes to governance. ITAM can help by:
– Increasing visibility and transparency
– Providing support for audit situations
– Understanding legal and regulatory obligations.
Don’t forget about hardware in all the fuss about software license compliance! Look for your biggest outlays and prioritize getting them under control first. For business-as-usual (BAU) situations this will probably be desktops and laptops and making sure there are enough in stock to cope with demand as well as ensuring that the asset state is under control.
Assets, your IT assets, are the name of the game in an ITAM practice. Be it hardware, software, subscription services, or network components, your IT assets are the building blocks – and costs – that makeup business services such as e-mail, network shares, or printing.
Just do it!
ITAM is definitely one of the more daunting IT management practices but the reality is that anything you do will be better than doing nothing. So, please just do something. Just start with one small step such as using asset tags to track hardware or storing software licenses in a central location, then take another and another. Those small steps will result in big changes, and benefits, over time.
You might have heard the old phrase that “Knowledge is power” but more importantly in modern IT service management (ITSM), it’s a vital fuel for better IT service delivery and support. So, if needed, use ITAM to kick start knowledge management for your IT department. ITAM can be used as a springboard for knowledge management because if you know what your key assets are, then you can ensure that the right documentation is in place and that people are trained appropriately. By having an agreed list of hardware and software assets you can easily create a knowledge base or Wiki such that your IT service desk and other support teams can store user guides, quick fixes, and troubleshooting steps for supported services.
Learn from past mistakes
For instance, don’t set your initial ITAM scope too high. So many attempts at ITAM fail because people or organizations set the scope too high and then find that they need additional resources, tools, or money to keep going. So, start with your biggest area of exposure and work from there.
Typically, this will be products and services that are used across the business and are provided by big hitter software and hardware vendors such as IBM, Dell, Microsoft, and Oracle.
Use models and templates to make capturing asset data a cinch. Things to include on your capture template include:
– Asset reference
– Linked service (ideally from your CMS or service catalog if you have them in place)
– License information
– Support information
– Support team
– Third-party vendor (and any support documentation where appropriate).
Don’t forget about your network equipment. Switches, routers, and hubs are all critical parts of your network infrastructure and so need to be looked after accordingly.
Make your ITAM practices and processes easy to follow – if you overcomplicate things, then you’ll get pushback. Bear in mind that your process must be user-friendly because I guarantee that, if your business colleagues think that using the ITAM process will result in lots of red tape, then they’ll circumvent it causing you problems down the line. Let’s engage our business colleagues rather than alienate them.
One of the key drivers for problem management is to identify the root cause of issues, and sometimes that means drilling down to a component level. ITAM means that not only do you know the building blocks that make up your IT and business services, you know where they are and who looks after them which will aid the problem investigation effort.
Quicker fix times
Having ITAM in place, and ideally integrated ITAM and ITSM solutions, means that you have a better handle of your IT asset estate which delivers faster ticket assignment and resolution times. If your IT service desk is getting ticket assignments right the first time, you reduce the number of tickets sent back to the service desk (AKA the bounce count). The quicker the ticket is assigned to the correct team, the quicker they can get to work, and the quicker it’s resolved.
A solid ITAM reporting dashboard will help you to keep on top of all your IT assets and ITAM activities. Things to consider reporting on include:
– Audit performance, including any findings or observations
– Current rates of usage
– Dates for software license renewals
– Percentage or equipment verified or audited.
Software license proof
Software assets will make up a considerable amount of your effort when running your ITAM practice. One of the trickiest things about managing software assets is licensing complexity. So, build provision in your ITAM process for capturing the type of licensing proof for each business application. Proof of license should be clearly stated in your contract with the vendor so check your documentation to make sure you get it right. Examples of acceptable proof could include: the master copy of the software itself, software passcodes or license keys, software license paper certificates, software license digital certificates, and support contracts. Different vendors tend to have different requirements for proof which is why double checking the contract is so important. The last thing you want is to be in an audit situation with insufficient proof of licensing.
Technology change and statuses
The reality is that we work in IT and technology is constantly adapting. Make sure that your ITAM process can account for IT assets across their lifecycle. Some example statuses include:
– With procurement
Engage your users. Make them your key allies in protecting your environment from security threats and missing assets – by ensuring that end-user PCs are looked down appropriately, that users with laptops have a way of securing them, and that only authorized, licensed (AKA safe) software is installed on their devices, ideally from the DML.
ITAM can give you real wins in terms of cost and efficiency savings. From an IT perspective, examples include:
No more being caught out by new hires on their first day. By keeping track of hardware stock levels, you’ll know when levels are getting low so new stock can be ordered before you run out.
No more trying to hunt down paper-based license keys! If all software is stored in a DML, the licensing information is also stored centrally meaning that software can be automatically pushed out to the client device instead of having to rely on manual installs or paper-based licenses.
Reducing security risks. By locking down end-user devices and ensuring that only approved hardware and software assets are used, you’re reducing the potential for viruses and malware to make it onto your corporate environment.
Where’s my stuff?
Use asset tags to keep on top of hardware assets and software IDs to look after application assets. If something has a unique identifier or a unique asset reference it’s much harder to misplace, misassign, or otherwise forget about it.
Sorry for the cheat here (if you’re a fan of my A-Z’s you’ll know there’s usually a cheat for this letter). Let’s face it – ITAM isn’t seen as the most glamorous of IT practices but done well it can save time, effort, and money. So, it’s definitely something to get excited about!
I’ve talked about technical benefits but let’s take a look at it from a business perspective. Here are some benefits to share if you want to get the rest of the business excited about ITAM:
Cost savings. Hardware and software can be reharvested or redeployed saving time and money.
Tracking license renewal dates will enable the business to be in a better negotiating position as they’ll have more time to research other options before a license or contract is automatically renewed.
Being able to better meet regulatory and compliance requirements by providing support for audits and by being able to carry out internal checks.
“Yes” to ITAM
I’ve seen so many people make excuses for not doing ITAM but that’s all they are – excuses. Don’t believe me? Here are some excuses I bump into more often than I’d like (plus some responses):
“We don’t have time” – what about all the time spent trying to track down licensing details for software assets or a missing power supply for a laptop because there’s no central storage or tracking system?
“We don’t have enough money” – what about all the money spent on fines or buying additional licenses at the last minute to correct or prevent a licensing shortfall?
“We’re an agile environment – ITAM sounds too much like red tape” – if you template things and create touch points with other processes it’ll save time rather than use it.
Why (Y?) not check out our YouTube channel for all sorts of hints and tips on ITAM.
Hands up anyone who’s had to deal with a zombie server situation? Not ideal is it? A zombie server is a physical server that is running but has no communications and contributes no service support. You know that ancient box in your data center where no one knows what’s running on it but they’re too worried about disrupting someone’s work to switch it off? It takes up space, uses power and electricity, but serves no useful purpose. A zombie server situation can be prevented by having an ITAM plan that takes into account the physical location of servers and identifying the services that they are mapped to. This means that everyone knows which servers underpin which applications so there’s no threat of a zombie apocalypse anytime soon.