Many of us fall into our ITAM roles without a lot of preparation, or notice. Even if we know what to do, we don’t know how to achieve our intended goals due to limited resources (budget, people, tools, etc.) to start, or a mature ITAM program that may already be in place. The key to success is quickly finding the value within your ITAM program.
Executive support is critical to the success of any ITAM program. If you received the green light to build a program, it is likely a compelling event led to that business decision. Compelling events include:
• Organizational or leadership changes
• Audit or perceived risk
• Sustainable savings or cost avoidance initiatives
• IT Transformation (i.e., Electronic Medical Records (EMR), IoT)
• Security Initiatives (i.e., General Data Protection Regulation – GDPR)
• M&A or Divestiture Activity
• Tool investment fatigue—buying ITAM tools and not achieving the expected ROI
So where do you begin? By starting with an accurate maturity assessment of each process area in the software lifecycle, organizations can measure process gaps to lay out a strategic roadmap to “eat the elephant a bite at a time.” However, most organizations are in a reactive mode. Funding for ITAM initiatives are focused on responding to audits, security concerns or M&A activity. Figure 1 is a sample maturity assessment based on a scale of 1 to 5 with a value of 5 indicating the most mature ITAM program. This visual report enables the organization to quickly identify gaps to close and mature.
Time vs. Money
With all the work that can be done to mature an ITAM program, what provides the most value? It is easy to focus on hardware asset management (HAM), because it is a tangible, easy to understand asset. Security of the data contained on the hardware is the greatest risk, especially in a regulated environment such as with the Health Insurance Portability and Accountability Act (HIPAA) or GDPR (which goes into effect May 25th of this year). But the real value is in Software Asset Management (SAM). The software spend is typically much higher and therefore there are greater opportunities for cost reduction and risk mitigation.
Next, determine the top ten to twenty publishers that are strategic to your business and encompass the majority of your software spend. Tightly manage the compliance and optimization of those top publishers. As shown below in Figure 2, there is a diminishing return on trying to manage a higher number of publishers.
Why the Cloud / SaaS Has Brought ITAM to the Forefront
The cloud has changed the way we do business – for better or for worse – for entirety. When you do a search for “latest statistics on software asset management,” many times the ‘top 10 tools’ still pops up, or the ‘best tool for your CIO.’ However, in today’s constantly evolving world from on-premises to the cloud it is more important than ever to have the right people and processes in place to successfully spearhead an IT Asset Management (ITAM) program, as it is to have the right tool.
There is a confirmed rumor out in the technology realm that Gartner itself is putting out its first Magic Quadrant for Software Asset Management (SAM). This in and of itself is news, however, it also shows the rising level of importance that ITAM is having throughout all organizations as we move towards digitalization of our data and services. In the past, we knew how many servers we had, how many licenses were purchased, and how many vendors we were dealing with on an annual basis. With the advent of Software as a Service (SaaS) and the cloud however, this black and white environment has shifted to one that is grey at best. Even without SaaS, ITAM / SAM is a complicated task that is definitely aided by the right tool, but also benefits from having the right roadmap and expertise (human) in place.
SaaS, and the eventual rogue software, that it allows, just makes things all the more “interesting.”
Build vs. Buy
In addition, SAM/ITAM takes time. It takes a lot of time that most organizations don’t have. We’d all like to think SAM/ITAM would become and remain a top priority at all of our organizations to ensure visibility across the software estate, reduced costs across the various software vendors, and elimination of security risks by knowing what your environment is made of. However, IT departments are often outsourced or over tasked in-house and the complexity that SAM brings tends to push it to the bottom of the list when we’re all struggling to keep e-mail running and the proverbial lights on. This often means that companies are faced with needing an ITAM plan after being confronted with an audit or a security risk. This can leave a company vulnerable and unsure what to do in terms of next steps or longer-term planning. After all, ITAM/SAM is not a set it and forget it situation, it needs to be monitored and checked on a consistent basis.
Whatever the trigger for needing to put ITAM in place, and no matter if your environment is made up of a majority on-premises or cloud, or a hybrid of the two, you need to know where to turn next. Once you develop your strategic plan, the next step is to determine what your existing resources are to help you down this path, and what new resources you need to procure in order to be successful, both at the start of the journey and on an on-going basis. Every company needs the right SAM tool to work in conjunction with the people and processes. So, for this article let’s focus on the people.
You can choose to outsource your ITAM needs, create an in-house team or use a combination with a managed services approach. This hybrid approach (much like your software estate) is probably the best bet because it allows your IT department to maintain control over the ITAM journey while freeing up key resources to work on more strategic initiatives at the company. We heard from a top financial services group in the Midwest that did just that.
Principal located in Des Moines, Iowa knew it needed to take a more proactive approach to its ITAM strategy but wasn’t sure where to begin. Jan Blessum, Global ITAM Service Owner at Principal, is spearheading the overall project and found that a managed services approach allowed her to maintain communication, policy and overall governance without getting bogged down in vendor contracts, guidelines, and minutia. Jan stated, “Implementing the right tool, and combining that with the right managed service, allowed us to move away from day-to-day tactics and look at how ITAM would help Principal from a transformational perspective to drive cost savings, risk avoidance and improve visibility and security.”
This is just the beginning for Principal, but the company is already seeing the benefits of not using a SAM tool as a crutch for its overall ITAM strategy and understanding that people, process and a consistent approach is necessary for a successful ITAM program.