IT Asset Management, a three tiered approach (Part 1 of 4)

Asset Management is an enormous task for any IT department. Gartner predicates shadow IT expenditures will reach 35% in 2015. IT Assets not tracked may pose security risks and additional costs.   An IT Asset Management strategy is critical however the larger your organization, the harder it becomes to track every IT asset. Learn how to take on the IT asset management challenge by using a three tiered approach.


Tier 1 – Asset Data Collection

Tier 2 – Asset Data Intelligence

Tier 3 – Asset Lifecycle management

When organizations neglect any of these components, they have a security problem in addition to an IT asset management problem.

 Tier 1 – Asset Data Collection

Collecting your asset information is the first consideration for IT asset management. It is important to have a central database that contains all the asset information you collect. Next, you need tools that scan your network on a regular basis. These tools need to report back to your database, providing as much information about all the devices connecting to your network. These tools also need to provide a way for you to connect to your business partners, so you can begin to track your asset from the moment you issue a purchase order. These tools should also integrate with mobile devices, such as bar code scanners, that are used to collect asset information. Most important of all, is to have a method to inventory every software application and virtual OS that runs on the hardware you have in your inventory. I will go into tier 1 in greater detail on my next blog.

Tier 2 – Asset Data Intelligence

Tier 2 is where the magic happens. After the asset information is stored in the database, you will have thousands and thousands of data points at your fingertips. Now it is time to normalize the information, to map the assets to relevant information, and to link the assets to their contracts, projects, departments, and people.

Tier 3 – Asset Lifecycle Management

IT assets are upgraded and change on a regular basis. You need to build processes that control how you purchase, procure, and dispose of IT assets. This includes virtual devices and software, along with the associated software licenses. Tier 3 is where you apply ITAM principles. Follow me on Twitter @marcelshaw

Why Your Organization Should Embrace Social Media


Why should your organization embrace social media? When organizations underestimate the power of social media, they put themselves at risk. They also miss out on a much more efficient way of supporting their users and customers.

Social media offers a way for an organization to better understand their customers and competitors.  Social media is a great way for companies to communicate with their employees.  IT Support and company email are services that should be evaluated to see how social media can enhance those offerings.

How Social Media Worked for Me

My kids came out to visit me for Christmas last year. When I dropped them off at the airport, I paid for all their bag fees. Unfortunately for me, they decided to fly one of two airlines that charge for “carry-on” luggage.  My daughter logically put her iPAD with its case inside her larger carry-on roller bag so that we would not be charged for two bags.

While at the gate waiting for her connecting flight in Denver, my daughter pulled out her iPad and used it.  When the flight began to board, the gate attendant demanded $100.00 from my daughter because she accused her of hiding her bag inside another bag to avoid bag fees.  Because she didn’t have the money in her account, they left her in Denver. Yes, they left her.  Then, they offered her a hotel in Denver and put her on the first flight the very next day without charging her any additional fees.

I sent an email to the CEO because I was sure that he would not approve. Her responded within an hour.  To my surprise, he not only approved of what his airline did, he threatened to put my daughter on the “no-fly” list. I then turned to social media and here are the results of my actions:

  • USA Today printed the story.
  • The story has been re-shared 2314 times on Facebook
  • The story has been re-tweeted 157 times on Twitter
  • The story has been re-posted 6 times on LINKEDIN
  • The comments posted about the story on the social media sites were overwhelmingly against the airline

The world we live in today empowers the individual as never before. Social Media is the world’s soap box and anyone can listen. Organizations that offer services to customers have to monitor sites where users go and provide feedback to the whole world about their experience. One bad complaint can cost your organization a lot of money if it gets out of control.  How much money did it cost the airline?  More than the value of a ticket I imagine.

CUSTOMER SUPPORT should embrace Social Media

Organizations can embrace social media by extending customer support responsibilities to monitor social media sites. When negative comments are posted in open forums on social media, customer support should respond with empathy and a willingness to make things right.  Although I was not impressed with the airline, I was impressed with how quick they responded to tweets that were posted at #”The airline referred to in USA Today” on Twitter and on their Facebook page.

INTERNAL EMAIL should push some TYPES of communication to Social Media

Organizations need to start thinking about pushing certain types of internal communication to internal social media. For example, you know those emails that are sent to the entire company. The email usually says something like “Where can I find…”, “Has anyone had this happen….”, “Can someone send me…”

Organizations should expand their ITSM solutions to include Social Media

Organizations need to expand IT Support to internal social media forums. There is so much to learn from user comments. For example, a user may post “my laptop crashed again today” or “is anyone having trouble accessing the internet”, or “Why is email running so slow”.

Users make observations which don’t always equate to opening an incident but when you observe, you may find there really is a problem. For example, you might see a comment by several different users regarding a perceived pause or slowness to email and the internet.  Upon further observation, you may realize these comments are posted between 8:00AM and 9:00AM.   With this knowledge, you may find there is a problem that needs to be addressed.

Observing comments is also a good way to evaluate the tools you have provided to your employees. They may not like the new laptops your are providing compared to the old laptops, and their comments will tell you why.


Social Media is commonly looked at as a distraction or anti-productive app used by employees while on the clock.  I believe to counter this, companies need to figure out a way to be a part of the user’s social media experience.  To start, if your organization offers customer support, you need to monitor social media posts that mention your company.  Also, I think organizations should begin to explore how their ITSM tools can be extended to Social Media. When ITSM social media solutions are worked out, organizations should then consider categorizing their email communication and where it makes sense, move certain types of communication to an internal social media page.

-follow me on Twitter @marcelshaw

Questions to consider regarding Shadow IT

What is Shadow IT?

Shadow IT refers to IT devices and applications that an organization does not track or manage. In many cases, the organization does not even know these devices or applications exist. Furthermore, they cannot audit and track how these assets are being used.

Is it costing my organization money?

Gartner once estimated that 35% of enterprise IT expenditures will happen outside of the corporate IT budget in 2015.    However, there are organizations that believe shadow IT actually reduces costs.

Projects that use Shadow IT increasingly have the resources and bandwidth to build solutions on their own and can deliver them much faster. Thus reducing the budget that would otherwise be required for overall IT expenses. In other words, some say it is a wash.

Are there many risks created by shadow IT?

Let’s start by looking at the top security breaches in 2014 so far..


145 million customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The breach is thought to have affected the majority of the company’s 145 million members.

Michaels Stores

The company said up to 2.6 million payment card numbers and expiration dates at Michaels stores and 400,000 at Aaron Brothers could have been obtained in the attack.

Montana Department of Public Health and Human Services

Names, addresses, dates of birth and Social Security numbers on roughly 1.3 million people

Variable Annuity Life Insurance Co.

A former advisor used a thumb drive to obtain Social Security numbers and other details on 774,723 of the company’s customers.


Texas wine retailer’s network resulted in the loss of information of as many as 550,000 customers. Hackers got away with customer names, debit or credit card details, card expiration dates, card security codes, bank account information from checks and possibly driver’s license numbers.

St. Joseph Health System

Approximately 405,000 former and current patients’ and employees names, Social Security numbers, dates of birth, medical information and, in some cases, addresses and bank account information.

When business processes are not under the control of a centralized IT or IS department, there is an increased risk that shortcuts will be taken, security procedures will be overlooked, and at least one or more of the security standards your organization adheres to will be compromised.

If we embrace Shadow IT, what Security Standards could we break?

  • FISMA (Federal Information Security Management Act of 2002),
  • GAAP (Generally Accepted Accounting Principles),
  • HIPAA (Health Insurance Portability and Accountability Act),
  • IFRS (International Financial Reporting Standards),
  • ITIL (Information Technology Infrastructure Library),
  • PCI DSS (Payment Card Industry Data Security Standard),
  • TQM (Total Quality Management), etc.

How should we approach the problem?

The bottom line is that you can’t secure something you don’t know about. It’s time for organizations to implement IT Asset Management processes. I suggest a three tiered approach which I will discuss in an upcoming blog.

Three Reasons Mobility Wearables will Improve Your Health

In light of the recent announcement and release of the iWatch from Apple, it appears that all the major mobility players now see the market potential for mobility wearable’s. I’m not talking about reading your messages or getting the scores from your favorite team. I’m talking about your health.

Wearable mobility devices will eventually be a key part of every consumer’s physical and mental wellbeing. I predict these devices will change the way health care is provided as we know it.

When talking about mobility wearable’s for your health, three key areas are now in play and will see significant improvement over the next 10 years. These areas are:

  • Monitoring
  • Personalization
  • Alerting

About six months ago, I was horrified to see the scale hit 232lbs, the heaviest I had ever weighed. I consulted with a friend who had recently lost a lot of weight. He introduced me to a mobility wearable device and pointed out some apps for my phone that communicate with my wearable device. I also purchased a scale that would keep the apps up-to-date with my progress.

The concept is simple, burn more calories than you eat. Using an app on my phone, I would scan each item of food I consumed. I became aware of the calories that I was eating and the app told me how many calories I was burning based on what my wearable mobility device was reporting.

In four months, I hit 203lbs and changed my body mass index from 32% to 27.5%, still considered overweight but I am going in the right direction.

The app on my phone monitored my activities, personalized my goals based on my personal information and my progress reported by the scale. It also would alert me when I reached my goals, or if I was short on my goals.

Data from the National Health (NIH) and Nutrition Examination Survey, 2009–2010

• More than 2 in 3 adults are considered to be overweight or obese.

• More than 1 in 3 adults are considered to be obese.

• More than 1 in 20 adults are considered to have extreme obesity.

• About one-third of children and adolescents ages 6 to 19 are considered to be overweight or obese.

• More than 1 in 6 children and adolescents ages 6 to 19 are considered to be obese.

Over the next decade, we should expect to see school children wearing mobility devices. Information gathered by schools and parents will effect decisions about their schedules and activities. Imagine if a child starts a fever while in school, not only will these devices record the information, they will notify the teacher and the parent.

We will see these devices notify someone who is about to have a seizure, a heart attack, or maybe even a stroke. For those with Diabetes, they will be monitored and alerted when blood sugar levels reach dangerous levels.

The future of wearable mobility devices will one day become an essential part of our lives by monitoring our progress, personalizing our health profiles, and proactively warning by alerting us about actions that need to be taken in order to avoid a health problem.

Wearable Mobility Management

How will companies manage these devices? Integration with mobile devices like tablets and phones, and integration with IT infrastructure will be required for authentication and identification.

Security will be a critical component for protecting the detailed personal health information of each individual using a device. The ability to manage inventory and the lifecycle of wearable mobile devices will also be important. Nobody wants disposed devices to contain personal information.

The adoption of mobility wearables will be driven by the health problems they will solve in the near future, not the features that we can already get with our phones and tablets today.