Delana Nading, Sr. Director Vendor, Asset and Financial Management, Vistra Energy
Once upon a time, not so long ago, the number of technology devices in service within a company that required tracking and management were somewhat limited. It is hard to believe the introduction of the internet-enabled mobile device occurred barely over a decade ago. Today, technology can be found in every facet of our life.
Our world is more dynamic, complex, and connected and the need for agility is paramount, especially for the management of corporate technology assets. The number and types of devices have expanded beyond the traditional server and desktop. Smartphones, tablets, televisions, electronic whiteboards, printers, and video conferencing systems are just a few examples commonly found in corporate offices. Technology devices are being utilized within all areas of business, in remote locations and often with no hands-on IT support.
Moreover, technology assets introduce a host of other challenges such as compliance, warranty management, and license renewals, which must be tracked efficiently for the smooth functioning of a business. All these intricacies make the role of information technology asset management (ITAM) critical to effectively running the business of IT.
A technology asset manager (TAM) must understand and manage technical assets and report the current disposition and risk through several different lenses. Some of the areas of interest and concern include:
Discovery. Accurately locating and identifying all technology assets deployed within the company landscape at a point in time can be difficult. Optimizing the process to dynamically gather and maintain a current inventory is a challenge that keeps a TAM and a CIO awake at night.
Entitlement. Important purchase documents, license agreements, and maintenance contracts must be preserved in a secure repository. A methodology for maintaining up to date records of asset rights is critical to certify compliance.
License model and use rights. Having a thorough understanding of each license model, type, and specific use right for each product entitlement can be a daunting task. Most software publishers offer multiple license models and multiple license types within each model. The variety and flexibility permit a company to choose a model that works best for their size, platform standards, and long-term strategy. However, these options can result in confusion and a compliance discrepancy if the deployment team is not educated on the intricacies of the use rights.
Lifecycle management and disposition. Asset lifecycle management is a core process within the overall ITAM practice. Knowing the lifecycle stage of each product within your asset portfolio helps increase productivity by facilitating more informed purchasing, maintenance and support decisions.
Our world is more dynamic, complex, and connected and the need for agility is paramount, especially for the management of corporate technology assets
Some of the key considerations of asset lifecycle and disposition management include:
• Warranty period and terms
• “End of support” and “end of service” timing and terms
• Appropriate process for retiring/expiring assets
• Legal and security requirements throughout the disposal process
• Process for removing software and licensing from retired devices
• Management of data destruction through wiping, purging, or shredding media
• Intricacies for reselling or refurbishing equipment
• Options for shredding non-resalable equipment utilizing audited and certified methods
Support status. A TAM must select and manage a suitable support agreement for each asset deployed. It is important to note: All support agreements are not created equal and understanding the support subscription coverage can help you prepare or avoid additional expense during a critical incident. Support may be purchased from the original equipment manufacturer (OEM), software publisher or a third-party support provider, and each may offer multiple support options with different service level commitments. Some support agreements provide 24x7 technical support and grant rights to patches and upgrades. Others may only offer technical support during business hours, which may be acceptable for non-production environments. Mission critical, production systems may require a higher standard of reliability and availability to support business obligations.
Compliance. Being “compliant” is a hot topic in discussions concerning asset management and it can imply different things. Compliance, by definition, is the state of being in accordance with established guidelines or specifications. For software asset management, it may be a comparison of the total software instances installed and the quantity an organization is legally entitled to use. Alternatively, compliance may represent how the software is utilized by an organization. License agreements often include restrictions against reverse engineering or changing the basic functions or core elements of the software. Staying on top of license deployment, usage, and maintaining complete purchase and license right documentation are key activities for a TAM and are required to defend against a software audit.
Organizations experiencing an unusual amount of change are at greater risk of audit notice. Changes such as a merger, acquisition, downsizing, outsourcing, or other transformative activities are audit triggers for software publishers, which they are employing as a new and profitable line of business.
Security. Mitigating security vulnerabilities is one of the biggest reasons to invest in an ITAM practice. The diverse portfolios and complexities will challenge the most mature processes and the organized hacking world is using it to their advantage. It is difficult to protect against vulnerabilities exploited by unsupported software not tracked, and organizations are paying the price with network penetrations and data breaches. Cybersecurity incidents are in the news daily and the financial and legal ramifications can be devastating.
ITAM is often the elephant in the room everyone from senior executives down try to ignore. That is, until a security incident or other event shines a light on how critical and expensive turning a blind eye can be. The discovery, tracking and inevitable data cleanup associated with ITAM can be a daunting and persistent problem for organizations of all sizes and industries. Commitment and diligence are a must and will pay off by preventing future pain and significant expense.