By Jenny Schuchert, IAITAM
ITAK V9 I6
Peer conversations are some of the best moments at any conference, right? At the Spring ACE this year, peer conversations on cloud adoption, mobile management and software licensing were given a boost during the IAITAM workshop where round table discussions were held. Conversation was guided by thought-provoking questions provided by IAITAM and by industry mentors at each table. Although the results presented here are from a single session and are anecdotal rather than a scientific survey, sharing the discussions illustrates the similarity in experiences for IT Asset Management professionals regardless of industry or organization size. Also, this article will hopefully give you a sense of what it was like to participate and inspire you to start your own discussions.
One: Cloud and ITAM
Cloud is a broad topic representing many technology strategies, but finding out about the bigger picture of strategic direction for the company and the role of ITAM as part of that was the intention of the IAITAM workshop developers (Lynne Weiss, Larry Shoup and Jenny Schuchert). With that premise, the group discussed their experiences to date as well as anticipated issues.
How important is cloud to executive management? Participants at the discussion came from a variety of industries but most felt that a cloud strategy was high on the agenda for their executives. The exceptions were the government and banking industry attendees who ranked executive interest as medium and low, commenting on the importance of data security. Visibility was lowered because of the lack of a “poster child” to off-set their caution. Other interesting comments from this discussion were:
· The organization is not talking about cloud tools for ITAM
· Executives are putting together a cloud strategy but are being pushed by a business unit for IT in the cloud
· There is talk of a public cloud for developers but in general, there seems to be confusion between public and private clouds, with public viewed as not an option at this time
· There is concern that the visibility of cloud was insufficient within IT and is much higher in other departments such as finance
Managing Cloud Assets
How important is managing cloud assets in the ITAM program? The answers to this question during the discussion lacked consensus, ranging from those who felt that it was important for ITAM to be at the table when these decisions are being made; to those that listed management by ITAM as a low priority. Some of the most common cloud models such as on-demand and subscriptions came up in the conversation, the broad assortment of technologies and the complexity of them adding into the confusion.
The big question is who is going to own this management if not ITAM? Responsibility and ownership are the right criteria for the answer and those outside of the ITAM profession do not seem to be thinking that way. Instead, pressure is being exerted by individual departments who would prefer to use a project-based approach, avoiding the ownership question. That raises my concerns about organizations creating the same kind of chaos and confusion experienced by distributed computing during the previous two decades. That lack of a centralized understanding of the costs, characteristics and risks helped create the ITAM profession in order to rein in the risks and costs. It seems a shame to have to learn that lesson again.
What are the benefits of managing this type of asset? Instead of addressing the merits of management of cloud assets, this group answered the broader question of “what are the benefits of using cloud assets.” The benefits overlap significantly with the value received from managing any type of software:
· Simplified licensing and risk management balancing
· Predictable management
· Increased flexibility
· Audit avoidance
· Reduced worry about upgrades
· Avoid shelfware
The group exposed the similarities between managing other types of software, suggesting the importance of the SAM background to the management of cloud resources.
What obstacles could potentially impact the success of a project to implement (cloud management)? Usage seems to have been the main topic here for the group, identifying legislated compliance (SOX and PCI) along with being responsible for compliance without control over the hardware. Hoarding came up as a concern, perhaps hoarding of access and wasting money? Practical use questions also came up such as how to handle bugs or the need for a specific version.
List one or two things to undertake to move ahead with this project. The group seemed quite familiar with launching projects and came up with:
· Conduct due diligence of the service provider
· Define the project
· Engage all affected departments such as legal and finance
· Define how self-audits will be conducted
· Determine data ownership and life cycle
The group concluded with the additional suggestion that exit strategies be considered early in the project.
The adoption of new mobile devices into the work environment has happened quickly, inspired by the opportunity for new work paradigms. However, managing these devices has progressed more slowly, with some organizations pursuing process development in 2014. Organizations that did move into managing the devices quickly may also be working on mobile management to develop more sophisticated management processes.
How important is mobility to executive management? It seems that executive prioritization is all over the place; with those who understand the risk issue or that experienced a security event paying more attention to mobility – at least for a while. One participant felt that their executives did not have mobility on their radar and felt that mobile devices were seen as not needing control. Lack of policy support is another topic that came up.
Managing Mobile Devices
How important is managing mobile devices in the ITAM program? While most felt that it is very important for ITAM to manage mobile devices, the participants reconfirmed that the executive lack of attention leaves mobility not yet in scope. As costs for these devices increase or the number of devices paid for by the organization increase, that lack of interest is expected to change.
The group discussed some inconsistencies in how different types of mobile assets are managed such as some manage tablets but no other mobile devices. Hybrid mobile models, mixing organizationally-owned with BYOD with a stipend also add to the confusion, which hopefully makes the case for increased management.
Missing standards is another problem, making it difficult to know what to collect and what to expect. Should management be global? Do we need to manage carrier credit? What functions should be managed?
What are the benefits of managing this type of asset? The group felt that mobile management is critical to regulatory compliance, citing that a smart phone or tablet is equivalent to a computer with comparable security risks. Standards were discussed as an existing influence and as a tool for the growth of mobile management. Participants talked about what they currently support (global, by type of device, carrier credit, function), illustrating the diversity in mobile management.
What obstacles could potentially impact the success of a project to implement (mobile management)? The lack of executive prioritization is a significant obstacle because of the scope of the usage. Mobile devices have an impact on the culture of the entire organization which means that the CEO should be the business owner of the project. With the CEO as business owner, the two major obstacles of no clear vision and insufficient policies would be eliminated. The group’s comments went on to clarify that in addition to the acceptance CEO ownership brings, the vision and policies also had to be in sync with the IT department’s direction and policies. They identified specific examples of productive results of the synchronization such as:
· Security standard mapped to devices supported
· Requirement restrictions including a configuration policy
· Alignment of policies, such as if there is a policy for a locked down laptop, then the mobile policy should specify lock down as well
List one or two things to undertake to move ahead with this project. In addition to C-level management, the group identified the following areas as significant to a mobile management project:
· Human Resources
· Vendor Management
Overall, the organization must “live and die” by the policies in order for mobile management to deliver the reduction in costs and risk. However, when describing the next steps, one participant acknowledged that policies should be written carefully in order to allow some flexibility. Some flexibility would most likely encourage cooperation and potentially allow faster adoption of new opportunities as they are recognized.
With the appeal of the latest and greatest technology, it is obvious that this group knew from experience that managing mobility will take strong executive commitment and structure. To undertake the project, recommendations for next steps included lining up:
· Dedicated head count or more FTEs (full time equivalents)
· A TEM (telecom expense management) component helping to manage model costs
· Acquiring an Enterprise Mobility Solutions (EMM)
· Developing a standard base of configurations supported by policy
This group’s comments capture the policy, process, and then automate methodology for mobile assets just like the methodology used to build an ITAM program. They make a compelling case for putting mobile management in place as an ITAM discipline.
Three: Software Licensing
The most traditional ITAM topic discussed at this workshop, software licensing remains a focus because of the significant costs and risks associated with the complex portfolio of entitlements within an organization. From the confusing vendor language, or worse, the lack of license explanations, executive management was slow to warm up to the possibility of reining in software chaos in any practical way. Software license management and the bigger deliverable of Software Asset Management have finally reached critical success and attention, especially since the economy slowed in 2008. However, that does not imply that the task is easy and the group assembled to discuss the issues surrounding the management of software.
How important is software licensing to executive management? Although perceived as a medium or high priority for executives by most participants, a few reported having executives that still gave software license management a low priority. Executive attention for some was focused completely on the financial aspects. Other participants reported that the attention of the executives waivered, receiving higher attention “after the fact” (such as after an audit or expensive contract negotiation.
The participants in this group were problem solvers and they leaped into a discussion on how to gain and preserve executive attention. They felt that IT Asset Managers should drive home how important software license management is, especially by talking about risk aversion and the reporting abilities offered by Software Asset Management.
Managing Software Licensing
How important is managing software licensing in the ITAM program? Imagine a group of professionals blinking at you, wondering how you could ask such an idiotic question. All participants felt that this management is critical and that it was essential that it be managed as part of the ITAM program.
What are the benefits of managing this type of asset? The group related software license management to some of the most significant benefits that ITAM provides:
· Risk mitigation
· Money savings
· Reduce vulnerability
This comprehensive list highlights the potential represented by managing assets that are imperative to the organization, a significant cost, and yet too complex to be managed without special knowledge and processes.
What obstacles could potentially impact the success of a project to implement (software license management)? As expected, the lack of executive support was the first obstacle that the grouped listed. With each department and user relying on access to specific software, it is easy to understand why executive support would be needed to enact changes. The group also brought up the lack of resources as an obstacle as well as the lack of a roadmap.
Although the answers from the group do not specify what kind of roadmap, software licensing management requires a prioritization of vendors and software for management and develops an escalating need for improved processes and automation as data on licensing is collected and confirmed over time. Without a roadmap, the organization remains reactive, preparing for audits and contract renewals as they occur rather than planning a software portfolio.
List one or two things to undertake to move ahead with this project. For the departments or individuals that the group saw as supportive (stakeholders, champions or participants), the group identified:
· The CIO
· Business units
· Cyber security
· Internal audit
At the same time, the group discussed the roadblocks that they had encountered. They identified the service desk as an area that can be a roadblock. They also highlighted the lack of education about licensing as a roadblock as well as the false sense of ownership that users and budget managers often experience in the work setting.
When considering next steps, the group posed the question “How can vendors help us to get executive buy-in and support?” They pointed out that vendor sales people most often invoke the audits so requiring them to help with executive awareness seems like a reasonable request. One participant pointed to a KPMG presentation on audits available on their website that included the topics of education, process, people and resources as an aid to executive education.
They also suggested that IAITAM and Gartner team up to push executives to have a software policy in place.
This group spoke from their experiences and all can read into their answers that managing software licenses remains complex, with fluctuating executive attention that ranges from the cooperative to the post-financial event skepticism.
Insights into Positive Steps
Hard to believe that the workshop was only an hour long and attended by 40-some people considering the amount of good information generated. Special thanks go to the vendors who acted as mentors and coordinators at each table. Consider joining these conversations at the next ACE!